My site has a valid certificate, but Chrome marks it as insecure.

I tried my site using Brave and Firefox, and both mark it as secure.

I also ran this online test, and everything looks fine:


I am running Version 69.0.3497.100 (Build officiel) (64 bits) on a MacBook Pro.

In some threads I read this can happen if the date and time on my computer are incorrect, but they are correct.

    Works fine for me on Chrome 69 and 70 on a MacBook Pro running macOS Mojave 10.14. Is there any chance you were playing around with HTTPS Public Key Pinning? If so, maybe you pinned an old public key and now Chrome thinks your new cert's public key is an impostor.
    – Spiff
    Commented Oct 18, 2018 at 1:57
  • It also works fine for me. Any chance you were messing with the certificates and then updated to your current one and Chrome just has the old one cached still? You can try clearing all of the settings in Chrome for your site and have it download the proper certificate. Commented Oct 18, 2018 at 2:00
  • Spiff Thanks for checking! No, I haven't been playing with Public Key Pinning. Not knowingly in any case. Commented Oct 18, 2018 at 2:31
  • @HazardousGlitch, I am reluctant to clear all my settings. Or did you mean cache by the way? I will check if I manage to clear it just for my site. Commented Oct 18, 2018 at 2:32

I found what it was. After updating Chrome and restarting it, the lock sign was fine. Chrome did not mark my site as insecure anymore. However, as soon as I accessed my server on another port with a self-signed certificate, and I accepted browsing despite the self-signed certificate warning given in Chrome, my site got marked as insecure, even on the tab where I was accessing the standard port (443).

    Thanks! If you don't want to close down all your tabs to restart Chrome, you can also just open up an incognito tab and go to the site there to check if the certificate is working.
    – kevinmicke
    Commented Mar 12, 2019 at 16:28
    UGH--i had to actually uninstall then reinstall chrome to get it to accept the cert. i've done this a million times and this hasn't happened before, so chrome must have changed things. Fun. Commented Mar 21, 2019 at 18:37
    Oh for the good old days when I didn't hate Chrome.
    – Bob Stein
    Commented Apr 7, 2021 at 16:45
    I was having a similar issue. Worked fine on an incognito tab, but not the main. Just restarting chrome solved it for me. Must be some cache somewhere.
    – racitup
    Commented Dec 9, 2022 at 19:09

In my case, some of the images (or another resource) inside my website using http so Chrome (and other browsers) say "Connection is not secure" while Certificate (valid)


For me, the root cause turned out to be that I was referencing the wrong cert file.

Everything was working well, until one day ALL of my sites suddenly became Not Secure. All the certificates were valid but I was referencing the cert.pem file instead of the fullchain.pem file.

In each of my server.js files I replaced:

var cert_url = '/etc/letsencrypt/live/<yoursitehere>.com/cert.pem';

with this:

var cert_url = '/etc/letsencrypt/live/<yoursitehere>.com/fullchain.pem';

This resolved the issue.

Source: https://community.letsencrypt.org/t/invalid-intermediate/91378/3

  • The question (the title and the body) have to do with: "Why does Chrome say "Your connection to this site is not secure" even if the certificate is valid?" This is the same problem I had which is how I found the listing in the first place. The answers here didn't solve my problem but additional searching on another site and extrapolating from the answer provided there led me to the solution that I posted. Commented Oct 3, 2021 at 7:35

This is what worked for me.

First, before I configured SSL for my localhost web server I had previously enabled "Allow invalid certificates for resources loaded from localhost." in chrome://flags.

Later on I configured SSL properly and couldn't get the green lock to appear even though my certificate was valid according to Chrome.

After trying solution after solution eventually I went into chrome://flags and disabled the "Allow invalid certificates for resources loaded from localhost." flag, restarted Chrome, and poof - green lock.

Maybe there is a cache of some sort at play with what sites are Secure/Not Secure once that flag is enabled - not sure - but this fixed my issue.


Since you don't want to reset all of your settings (I don't blame you), here is a link on how to find and delete the specific certificate for your site:


I don't have a Mac so I wasn't able to actually go through the directions to test it.

