Installed SSL certificate, works for 3 seconds and then goes back to 'Not Secure'

I recently made a site that shows the worldwide travel restrictions due to the COVID situation ( Today I installed a Let’s Encrypt SSL certificate on the website, what went pretty well. However it’s not working like it should. When I go to the website, it shows the site is secure for about 3 seconds, then when the site is fully loaded it suddenly goes back to ‘Not Secure’.

When I ran my site through the SSL checker ( everything came back green. I also have an SSL that makes all requests redirect to secure HTTPS access.

I am using a Ubuntu 18.04 server, which I run through an AWS EC2 instance.

I read a bunch of other posts about people who have similar problems, but this one seems different, at it does show secure before the site/interactive travel map is fully loaded.

tl;dr: When the SSL works for 3 seconds, but when the site is fully loaded, it shows ‘Not Secure’, what could this indicate.

My domain is:

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

1 Like

I’m on my mobile phone now, so can’t check 100 %, but I think your OpenStreetMap is causing mixed content troubles. Is it loaded through HTTP in stead of HTTPS?

1 Like

Hi @ajaxwammes

there are two different problems:

That doesn’t work because your http doesn’t work -

http -> Timeouts, so the redirect isn’t visible.

The status isn’t “not secure”, it’s simple mixed content.

is http.


Juergen shared with me the OpenStreetMap is actually loaded through http. Although it should be possible to load the OpenStreetMap through https, right?

1 Like

I see. I never knew the HTTP is not working. To solve this, should I take a look into my Domain Name System service (AWS Route53)? Or somewhere else?

And in case I can get HTTP to work, will it change anything? As you mentioned that the openstreetmap is in HTTP?


1 Like

That has nothing to do with DNS, but with access to port 80 (possibly firewall blocking that) and your webserver which should be listening on port 80.

Yes, I’m 99.99999999 % sure that’s possible.

It would change the lack of redirect problem, but not your disappearance of the lock icon: that’s due to OpenstreetMaps being loaded through HTTP

1 Like

Makes sense! Thanks for clarifying this, it all got a lot clearer. I am going to see if I can sort this out, thanks!