“This Website Isn’t Secure” Error – How to Solve

First Published: 24th of October, 2021 by Patrick Carpen.

Last updated: October 27, 2021 at 18:17 pm

The error message, “This Website Isn’t Secure” as shown in the photo above, may pop up to random users of mobile devices who attempt to access your website. It indicates an SSL problem within the site’s backend configurations. This error may appear even if you have already issued an SSL certificate for your domain and selected the “https” protocol.

If this problem is happening on your website, you may be losing more traffic than you know, because not everyone will even bother reporting the error to you. However, I was lucky that someone reported the error to me when it was happening on my website: www.guyanasouthamerica.gy.

I was shocked out of my wits when someone screenshot this error message and sent it to me. Only God knows how many potential visitors, customers, and money this error might have cost me! I remember that I had taken the time to issue a LetsEncrypt SSL certificate and select the “https” protocol. So why this error now? In frustration, I wrote to my website.

My WebHost Replied:

Hi Patrick,

Thanks for getting in touch,

Sorry to hear about the issue! Reviewing the attached screenshot the error indicates that they are accessing the website without HTTPS, that is, it is not loading the SSL certificate by default
That said, checking your account I see that you have many domains created, the main site of patrickcarpen.com I see that it responds well but it does not respond here, it is in another hosting, specifically Hostgator

Based on this, could you tell us what would be the website in which you have problems to review it in detail?

Please check it out and let us know, thank you!

Kind regards,

Raul

My Reply

I was notified by persons that the issue is with www.guyanasouthamerica.gy but it may also be happening to my other websites unaware to me. So I am asking if you can check all the websites to see what is causing this problem and how we can prevent it from happening again.

Thanks,

My Webhost’s Response

Hi Patrick,

Thanks for getting back to us.
The server will automatically install the SSL for you as long as the domain is pointing to us.
That said, I’ve reviewed your other installations and you have some WordPress installations that are forcing the HTTPS connection and some installations that are not.

The way of making sure that the installations are always enforcing the HTTPS connection is to install the following plugin in all of them:

This plugin will make all the necessary adjustments to make sure that the site always shows as secure.

Kind regards,

Bruno

My Response

I tried that. It didn’t work.

My Webhost’s Response

Hello Patrick,

I reviewed your account and noticed you have the following addon domains.

brazilianproductsgy.com – pointing to kualo -ssl is ok
guyanasouthamerica.gy – pointing to kualo -ssl is ok
hotelamazonasgy.com – pointing to kualo- ssl is ok
idiomasdivertidos.com – pointing to kualo -ssl is ok
languagefun.org – pointing to kualo – ssl is ok
naturaexports.com.br – pointing to kualo – ssl is ok

tourbrazilnow.com – pointing to kualo – ssl warning
buybrazilianproducts.com – pointing to kualo – ssl warning
anunciosdobrasil.com – pointing to kualo – ssl warning
guianainglesa.com – pointing to kualo – ssl warning

aulasdivertidas.com – not resolving to kualo

Can you review again and let us know the domain name that show the warning to you after trying the plugin we mentioned?

Best regards,

Kuldeep

My Response

the website as I told you is www.guyanasouthamerica.gy

I installed the plugin but the plugin gave a message after I activated it that it does not fix everything. It says I might have to edit headers and change http to https manually etc. It also says I might have to purchase a premium version. I don’t understand what exactly they want.

My Webhost’s Response

Hello Patrick,

Thank you for your reply.

I’ve run an audit of guyanasouthamerica.gy’s website and the results are correct, the website’s HTTPS access is working correctly:
https://www.whynopadlock.com/results/6d3f4996-60b4-48dc-950c-7e8f43a85bea

Now, what I do see is that the site’s SSL certificate is signed by Let’s Encrypt.
Normally this wouldn’t be an issue, but back on September 30th Let’s Encrypt stopped being valid on multiple old devices (like PCs with Windows XP and older).

The whole Let’s Encrypt situation and the devices it affected is well explained in the following articles:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
https://letsencrypt.org/docs/certificate-compatibility/
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry

So, what I believe is the issue is that some of the site’s visitors are being affected by this situation with Let’s Encrypt.

To fix it as quick as possible I’ve deleted guyanasouthamerica.gy Let’s Encrypt SSL certificate (from cPanel -> Let’s Encrypt SSL -> next to the domain Remove) and replaced it with an AutoSSL one (from cPanel -> SSL/TLS Status -> Run Auto SSL).

Now guyanasouthamerica.gy has an AutoSSL certificate, and since these ones are signed by Sectigo it’s completely compatible with all devices:
https://www.whynopadlock.com/results/94dc2169-aa35-468b-abdb-f110a1e00395

This should take care of the “website not secure” message. If it comes to appear again (which hopefully won’t), kindly let us know.

Please, don’t hesitate to let us know if we can be of any further assistance.

Kind regards,

Juan

Conclusion

Yes! That last step did fix it! I asked the person who had reported the error to me to try the link again, and this time, it did work. As you can see, the LetsEncrypt SSL was outdated and the AutoSSL solved the problem.

I would definitely recommend Kualo Web Hosting.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments