Certificate valid, but site still "not secure"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: huhohi.com

I ran this command: I requested “Let’s Encrypt” certificate via “SSL Encryption” setting in my Webmin panel.

It produced this output: Certificate was created and shown as valid, but the page still marked as "Not secure"


My web server is (include version): I believe that it is called "dedicated server"

The operating system my web server runs on is (include version): Ubuntu Linux 14.04.5

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin 1.900

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I don’t know? Not sure if I have one at all. Maybe that’s the problem?

Hi @Kami-sama

it's impossible to check your site.

Because there is a blocking instance ( https://check-your-website.server-daten.de/?q=huhohi.com ):

Domainname Http-Status redirect Sec. G
http://huhohi.com/ 200 0.577 H
http://www.huhohi.com/ 200 0.503 H
https://huhohi.com/ -2 1.100 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it
https://www.huhohi.com/ -2 1.104 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it

So it's impossible to see what's going wrong.

Perhaps open the firewall.

PS: But you don't have redirects http -> https. So if you open the http version, it's always unsecure.

Hey! Thank you for the reply!

Short update: so the error message was initially only when viewing the Webmin panel. Now it shows secure (gray padlock). SO I am wondering, maybe the certificate only applies to the panel? Could that be it?

The only rewrite I have is: RewriteBase /lt/ (that is the subdirectory)
But I don’t think it would be related here.

Regarding redirection, I do not think I have any. No forwarding on Godaddy side as well. I only have some host names. Could it be something from GoDaddy side? Or maybe I applied the certificate incorrectly?

Regarding firewall. I have not set it up, so not sure what could be blocking it.

A redirect isn't something of your dns settings (not a forward). And it has nothing to do with your certificate.

It's a http status 301 or 302 -> go there.

So if a user tries to load http://huhohi.com/, the user is redirected to https://huhohi.com/.

Check other domains ( https://check-your-website.server-daten.de/ - Grade B, A or A+) to see such redirects.

If such a redirect is correct, every user uses the encrypted version.

I don't see your https version. There must be a firewall or something else that blocks. Or a router without a port forwarding.

Update: issue was resolved after I installed certbot and sorted mixed content. Thank you eitherway!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.