I'm experiencing a "Not secure" flag on my website's dashboard when using Chromium. Although the certificate is valid and it seems like everything is delivered via HTTPS, I still see this warning. I've checked the cookie settings and inline SVG images, confirming they all use HTTPS. What steps can I take to identify and fix this issue?
4 Answers
Have you double-checked if your SSL certificate is self-signed? Sometimes a certificate can appear valid, but be self-signed, which might trigger that warning. Just a thought!
Have you attempted to clear your browser cache? Sometimes, old cached data can cause those security warnings to linger even when everything seems fine.
Yep, I’ve already tried that.
Is the dashboard located on a subdomain? Sometimes, mixed content from different subdomains can lead to that insecure warning.
The "Not secure" warning can be caused by insecure references like images or scripts even if they're not actively firing requests. Open up the DevTools Console, refresh your dashboard, and look for any Mixed Content warnings. You can also run this command in the Console to find any hardcoded HTTP references:
document.querySelectorAll('[src^="http:"], [href^="http:"], [action^="http:"]').forEach(el => console.log(el.tagName, el.src || el.href || el.action));
This should help you find the culprit!
It's actually a Let's Encrypt certificate, so that shouldn't be the issue. Oddly, the public-facing part of the site doesn’t have this problem.