The complexity of the HTTPS module makes it easy for errors to occur, which can result in those notorious warning messages. If you see the message “This connection is untrusted” or “This connection is not private” while loading a website, it’s a signal for the site’s administration that the communication between the browser and the server – specifically regarding the SSL certificate – may not be functioning properly.
This connection is untrusted
“This connection is untrusted” is one of the common errors a browser can display to the user when loading a website. However, the reason for such a security alert is not necessarily a genuine threat to the user. Without verifying it, you cannot assume the user can safely navigate the site. Typically, this message appears when the SSL certificate has been installed incorrectly on the server, or the server uses a self-signed certificate. Browsers automatically recognize certificates from trusted authorities, whereas locally created certificates require the user to manually bypass the warning by adding the site to a “trusted” list. The procedure may differ depending on the browser in use. If you are unsure who is using an untrusted certificate and why, it’s recommended not to add the site to your exceptions.
Another reason for the error message (improper installation) often stems from a broken installation chain of the certificate, meaning the browser cannot confirm its authenticity. The “This connection is untrusted” error is unlikely to appear on high-traffic sites that handle sensitive user data, such as payment information. If it does, it’s possible the site has fallen victim to a hacking attack or the administrator made a mistake during installation. To avoid this issue, it’s advised not to use SSL certificates from untrusted issuers. If the certificate is from a trusted authority and the error still persists, reinstall it according to the hosting provider’s instructions. If problems continue, you should contact the certificate issuer.
This connection is not secure (private)
A message about an insecure (or not private) connection may appear if SSL certificates are revoked or have expired. A certificate can be revoked for various reasons. Trusted certificate authorities publish a list of revoked certificates. If a user encounters a site with a revoked certificate, it’s best to avoid it. The administrator should contact the issuer to find out why the certificate was revoked. Naturally, SSL certificates also expire after a set period and must be renewed regularly. This gives both the administrator and users confidence that the site is routinely checked and protected against online threats. To prevent this message from appearing, remember to check the certificate’s validity and keep it up to date.
Mixed content
A common error involves components on HTTPS sites that are loaded from HTTP URLs. While the solution is simple, it can be time-consuming: the administrator must review the site’s code and replace any HTTP links with HTTPS. This type of error is often overlooked when it comes to images or other externally sourced content. It’s also commonly referred to as the “yellow padlock problem.” We discussed this topic in one of our previous posts: Mixed Content – the yellow padlock problem.