Chrome - You connection to this site is not fully secure

Question

I've recently had an SSL installed onto my server.

I'm getting the "Your connection to this site is not fully secure" warning when using Chrome. I understand this relates to passive elements being loaded over a non secure connection and I understand what this means.

I cannot find any elements on the site being loaded over a non secure network and I've run it through a tool to check and not found any. I've created a blank HTML page with nothing on it and so I presume no chance of there being an element loaded on a non secure connection but I still get the warning.

Does anyone know why this may be?

Thanks

This was user error. There was a rewrite rule in the .htaccess file writing things back to http. My fault sorry for the question. — user1075237, Oct 04 '17 at 12:01
If you're using an SSL certificate you have to use HTTPS instead of HTTP inside your HTML document — Dmitry Grinko, Jan 05 '21 at 08:32

Daniël Camps · Accepted Answer · 2018-08-08T08:25:33.097

23

I think you get that message when you use https, but Google Chrome cannot correctly verify your certificate chain. You might want to make sure you have followed the instructions on that end fully, and that all certificates are installed correctly.

If/when you have, this is how you can check that every request uses https:

Open the website on Google Chrome
Press F12
Open the network tab
Press f5 to reload everthing
There it has all the information you should need. Hover over a request to check whether it uses http or https

edited Aug 08 '18 at 08:25

answered Oct 04 '17 at 11:12

Daniël Camps

1,737
1
22
33

3

You don't need to hover each URL. You can right click on table header and then enable 'Scheme' and it will show whether it is http or https. – Player1 Jul 28 '20 at 20:47

Rm558 · Answer 2 · 2018-02-16T04:50:26.433

23

In addition to Daniël's answer, I also found a insecure future form submit can cause this warning.

My web page has below form

<form action="http://example.com/..."  >
    <input >... 
</form>

Changing the action's value from http to https fixed the warning.

Or change to a "relative" protocol.

<form action="//example.com/..."  >

Also, in Chrome, hit F12 to open developer tools, go to Console, there is the details of the warning

edited Feb 16 '18 at 04:50

answered Feb 10 '18 at 23:17

Rm558

4,621
3
38
43

Thanks you saved my time – Himanshu itmca Sep 15 '18 at 06:45
1

so i went and checket console for www.mr-programs.com indeed it was pointing to a form, my form is a mailto tho so i am quite uncertain what to change
– Mr-Programs Jan 26 '19 at 23:11
This can also happen with other static files that are being loaded using `http` connections, like fonts, images, stylesheets, JS, etc. – Ícaro Jul 09 '19 at 13:56
1

@Mr-Programs You may want to consider a form backend service such as formspree.io or formcarry.com as an alternative to the classic `mailto:`, which is inherently insecure. – aalaap Oct 01 '19 at 02:36
I had images that were loaded prior to enabling SSL, and they were evidently using HTTP. I deleted them, updated the website and re-uploaded them again. This seemed to fix this issue. – irritable_phd_syndrome Nov 10 '19 at 04:22
In addition to the this I found my problem was also with mailto where this answer fixed it: https://stackoverflow.com/a/56555013/547262 – merlin Jan 26 '21 at 09:56

Chrome - You connection to this site is not fully secure

2 Answers2

Linked