fbpx
Knowledge Base

Website displaying a “Connection not secure” message

Category: TroubleShooting | Last modified: October 8, 2021

Some users have noticed recently that their website is showing as insecure when viewed from certain browsers or devices, but not from others. The insecure notice looks similar to the following:

Below we will explain why a site may appear insecure in some browsers, while loading correctly in others, and we’ll provide some options for how to deal with it going forward.

Why is it happening now?

All sites hosted at Pressable come with a complimentary secure socket layer (SSL) certificate powered by Let’s Encrypt for free, configured automatically. We love Let’s Encrypt because it is a free automated and open certificate (CA) authority that is intended to benefit the general public, provided by a reputable organization called Internet Security Research Group (ISRG).

Recently Let’s Encrypt announced a change to their root certificate. Essentially, their CA X3 certificate that is trusted by older browsers and devices expired, and only their newer ISRG Root X1 certificate is available. Older devices that only trust the expired root certificate will show a warning.

Does this mean my site is insecure and not protected?
Not at all! All sites hosted at Pressable are configured with an up-to-date SSL certificate from Let’s Encrypt. It just means that older devices will not correctly see the certificate because they are looking for the expired CA X3 certificate.

What devices are affected?

Let’s Encrypt shared a list of affected devices on this page: https://letsencrypt.org/docs/certificate-compatibility, which include:

  • macOS < 10.12.1
  • iOS < 10
  • Mozilla Firefox < 50
  • Chrome and Safari on older, outdated devices

On some devices, you might notice that Chrome displays a warning, while FireFox works correctly. This is because FireFox relies on its own root certificate which is compatible, while Chrome does not yet offer this (but will soon).

Also please note that some custom proxies and company firewalls may need to be reconfigured to work properly with the new Let’s Encrypt root certificate.

What can be done to resolve it?

Ultimately this is an issue that is resulting from the need for updated programs/software. A few options to remediate the warning notices include:

  • The user experiencing the certificate error could update their computer/browser/device software
  • They can try viewing the website using FireFox
  • In the case of a company proxy or firewall, please consult with your IT department
  • An independant SSL certificate could be purchased and configured through Cloudflare
  • If the issue is affecting only a specific type of Android device, please contact our Customer Success team for a potential solution
An Automattic Invention A family of WordPress solutions.