Firefox OK, but Chrome says "Not secure"

Winfried2025 · January 8, 2026, 10:44am

Hello,

After succesfully moving a test web server to HTTPS, I performed the same task on a real server.

While Firefox is happy, Chrome still says it's "Not secure".

FWIW, the site uses no cookies, and I told nginx to reload its configuration file.

Any idea what it could be?

Thanks for any help.

~# certbot --nginx -d www.acme.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.acme.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.acme.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/www.acme.com/privkey.pem
This certificate expires on 2026-04-08.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for www.acme.com to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://www.acme.com

~# cat /etc/nginx/sites-available/default
# Default server configuration
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}

server {
        root /usr/share/nginx/acme;
        index index.html index.htm;
        server_name www.acme.com acme.com;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.acme.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.acme.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.acme.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name www.acme.com acme.com;
    listen 80;
    return 404; # managed by Certbot
}

9peppe · January 8, 2026, 1:07pm

Certificate valid, but connection not secure?

I suspect mixed content, but there's no way to answer properly with the little information you gave us.

Winfried2025 · January 8, 2026, 2:39pm

What more infos can I provide to try and find what the problem is?

When viewed from the WAN, the browser says: "The identity of this webiste has not been verified."

Winfried2025 · January 8, 2026, 2:47pm

Found it: Simply close and restart Chrome :-/

It didn't occur to me that it'd be necessary… but googling for it would have solved it. Sorry for the inconvenience.

Winfried2025 · January 8, 2026, 4:09pm

Nope, was stil there. Hitting F12 and looking in the Console section showed the problem: The page had a form to search through Google.

Removing that section fixed it.

Mixed Content: The page at 'https://www.acme.com/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'Google'. This endpoint should be made available over a secure connection.

Topic		Replies	Views
Chrome showing "Not secure" on a website with SSL certificate Help	3	8581	November 18, 2019
Google Chrome "Not Secure". nginx letscrypt certbot Help	3	4383	September 22, 2018
Connection not secure but certificate seems valid? Help	3	1315	November 2, 2020
Renewed my cert but Chrome is still stating "Not secure" Help	19	4024	September 30, 2018
Certificate valid but flagged by Chrome as "Not secure" Help	11	15072	November 30, 2022

Firefox OK, but Chrome says "Not secure"

Related topics