Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Attackers might be trying to steal your information from www.benefits.gov (for example, passwords, messages, or credit cards
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
Docker/ Kubernetes
My hosting provider, if applicable, is:
Azure
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
Sorry to hear you're having challenges with your HTTPS deployment. I think we can get to the bottom of it!
The first and the second website here seem fine to me. From my perspective it seems the only one with the problem is the third: https://ssabest.benefits.gov/
The root cause of your problem is not your HTTPS certificate, but the content of the website. The website is loading an image from a non-HTTPS website. This is generally known as a "mixed content error".
You can see this error if you open up the Chrome or Firefox developer console:
