Welcome!

This community is for professionals and enthusiasts of our products and services.
Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.

Hide Intro Register

Resolved

Chrome says some of the pages on my website are "Not Secure" but I thought everything was set up correctly. How do I fix it?

9/9/20, 5:22 PM 205 views

I swear I set up everything correctly: I got an SSL certificate for my domain from AWS Certificate Manager. I'm using an application load balancer and the certificate is associated with it. I'm serving my website from an EC2 instance. When I click "Not Secure" in Chrome, it even says that the certificate is valid. And, on top of that, some of the pages on my site ARE secure even though the homepage and some of the other pages aren't. Why would that happen? And what do I do to fix it?

Reply Comment Share

2 Answers

Jesse Wiener

9/15/20, 4:05 PM

Hi Stan,

This is a more common problem than you might think!

First, even though the browser says "Not secure" on your homepage, if the the SSL certificate was provisioned via AWS Certificate Manager and properly associated with your load balancer, and if your other pages show as secure, the certificate is valid and the problem lies elsewhere.

As for what causes this to happen:
When a site is otherwise secure but some pages show as not secure, it usually means an image or a hyperlink is referring to content via "http" instead of "https." So-called "mixed content" ends up being blocked by browsers and makes your site appear insecure.

Take a closer look at the code for your homepage and look at the links - especially the image tags. I'm willing to bet that there are some images referenced via "http" rather than "https." Compare that to the pages that ARE secure, and most likely, you'll see that all of those links contain "https."

Fixing it is as simple as changing "http" to "https" in the code. That should make the page secure. Good luck! Let us know if that doesn't solve it.

Best,
Jesse

Comment Share

Dan Logan

10/13/20, 8:14 PM

What Jesse said. As a back and frontend guy, I just want to make it clear that every form you create, every XHR button you use a link to, must be secured in order for the browser to show a full auth. It also includes your libraries and everything else you import. Keep your stuff up to date and make sure you aren't making any requests that aren't on port 443 and you'll be good. Cheers my dood.

Comment Share

Ask a Question

Writer

188

Stan Field

Keep Informed

2 follower(s)

About This Community

This community is for users of the AWS cloud platform. We answer questions about how to use both AWS in general and the tools we provide to our customers. Read Guidelines