How to Fix the “Your Connection is not Private” Error

by

7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

your connection is not private

Have you noticed the “Your connection is not private” error popping up on your site? It can be frustrating when you’re just trying to get on with your day.

Are you wondering why browsers are suddenly playing gatekeeper? Why are they blocking access to your website when your visitors have accessed it countless times before?

The good thing is that you are not alone and it is fixable. The “Your connection is not private” error is a common SSL issue. It is also a hurdle that stands between your site’s visitors and a smooth web experience. In this article, we will help you understand the error message and offer easy solutions to fix it. 

TL;DR: The “Your connection is not private” error is a result of SSL certificate errors. Fix these errors as soon as possible to avoid potential security issues. Once done, scan your site for malware using MalCare’s robust scanner and malware removal capabilities.

What is the “Your connection is not private” error?

The “Your connection is not private” error is a common heads-up that can pop up on any browser. It is essentially the internet’s way of saying: “Proceed with caution.”

So here’s the deal: This warning flashes on your or your site visitors’ screen when there’s something off with the SSL certificate of your site. An SSL certificate is like a digital passport for websites, confirming they’re safe to visit. Sometimes, the error occurs because the browser just can’t set up a secure handshake with your website. Either way, it’s like a big, flashing sign saying there might be a security risk ahead, nudging visitors to maybe not go there.

Your connection is not private error Google Chrome

Despite the ominous vibe of the message, most browsers might give you a little “Click here to proceed” link to bypass the warning. But, let’s be clear: skipping past this warning isn’t the best idea. It’s kind of like ignoring a “Beware of Dog” sign and hoping for the best.

Your connection is not private error proceed anyway option

If you’re a website owner or admin getting reports of this error from your visitors, there are steps you can take to fix the issue, making sure your site’s SSL certificate is in tip-top shape.

What is causing the “Your connection is not private” error?

At the heart of it, the “Your connection is not private” error usually points to some issue with the SSL certificate of the website. Think of the SSL certificate as the website’s ID proving it’s safe to interact with. When something’s off with that ID, browsers get skeptical. 

Here are the usual suspects causing this error:

  • The SSL certificate has seen better days: Maybe your site’s SSL certificate has expired, it’s missing, or it was never valid to begin with.
  • Not playing well with subdomains: If the SSL certificate is all set for the main domain but forgets about the subdomains, browsers are going to raise an eyebrow. It’s like having permission to enter the building but not the particular room you want to go to.
  • Identity crisis: Sometimes, a web server shows an SSL certificate for the wrong site, especially if multiple sites are sharing the same IP address—think of it as having multiple flats in the same building. The confusion is real!
  • Trust issues with self-signed certificates: Self-signed certificates are those that are issued by the developer or organization responsible for maintaining a site, rather than a valid certificate authority. When a site uses such a certificate, browsers may not trust them.
  • The certificate authority looks fishy: Some certificates come from authorities that browsers just don’t like or trust. For example, Symantec-issued certificates are no longer accepted by browsers.
  • Techy features gone wrong: Sometimes, the certificate uses features or protocols that the browser can’t digest. For example, if the certificate uses the deprecated SHA-1 algorithm, modern browsers will reject it.
  • A case of mistaken timing: If there’s a mismatch between your device’s date-time settings and the real world’s, it’s a red flag for browsers. It’s as if you’re living in a different timeline.

Fix the “Your connection is not private” error

Fixing the “Your connection is not private” error might be easier than you think. Here are some of the steps you can take:

1. Check your site’s SSL certificate

First things first, let’s talk about your SSL certificate, the cornerstone of secure browsing:

  • Is your site missing an SSL certificate? It’s well past time to get an SSL certificate. This is a non-negotiable in today’s web world.
  • Has your site’s SSL certificate expired? Everything has an expiration date, including SSL certificates. This is usually 90 to 365 days from the date of issue. Time to renew it, and processes can vary depending on who issued your certificate. To check if your site’s SSL certificate has expired, simply run your site URL on the Qualys SSL Labs tool.
Qualys SSL Labs untrusted certificate test
  • Is your site using an unsupported SSL certificate? Not all certificates are created equal. Case in point: certificates issued by Symantec. If yours is giving browsers a hard time, you might need to change it. Identifying this is easy if you use the Qualys SSL Labs tool mentioned earlier.
  • Does your site’s SSL certificate have configuration issues? Make sure your certificate correctly covers all your domains, including any subdomains. You can typically check this when issuing a certificate for your site.

How you can check if the certificate covers all your domains

  1. Open your site on a browser and click on the padlock icon or the dot-dash icon next to your site URL in the address bar.
SSL secure padlock
  1. Click on Connection is secure and then click on the certificate icon or Certificate is valid. This will show you the SSL certificate for your site.
SSL certificate details 1
SSL certificate details 2
  1. Click on the Details tab and go to the Certificate Fields section.
  1. Scroll down to find and click on Certificate Subject Alternative Name. The Field Value section below will show you all the domains and subdomains for which the certificate is valid.
SSL certificate details 3

2. Ensure HTTPS redirection

Sometimes, the simplest solutions are the best. Making sure your site automatically redirects visitors from insecure HTTP connections to secure HTTPS ones can save a lot of headaches. You can usually set this up with a plugin like Really Simple SSL or Easy HTTPS Redirection, or directly through your hosting provider’s dashboard.

3. Run a malware scan

Malware can mess with your site’s secure connection. Use a WordPress security plugin to scan for and clean up any malware and keep your site safe and sound. We recommend using MalCare since it has robust and automated malware detection and cleaning capabilities that can weed out even the most sneaky malware.

4. Clear your site’s cache

If you’re using a WordPress caching plugin like WP Rocket, WP Fastest Cache, etc., now might be a good time to clear out that cache. Cached data can sometimes cause this error to stick around longer than it is welcome.

5. Contact your hosting provider

If nothing seems to work, go straight to the source. Your hosting provider can offer insights or solutions you might not have considered. They’re there to help, so don’t hesitate to reach out.

Prevent the “Your connection is not private” error

When it comes to preventing the “Your connection is not private” error, prevention is definitely better than cure. Here’s how you can keep your website cruising smoothly without bumping into this privacy error.

1. Get your SSL certificate sorted

The first step is to ensure you properly install an SSL certificate. This can solve some of the most basic issues like expired or misconfigured SSL certificates.

2. Choose the right web hosting provider

Not all hosting services are created equal. A reliable web hosting provider not only helps with the initial setup of an SSL certificate but also plays a crucial role in maintaining it. Do a little digging and go for a host known for its SSL support and robust security features. Some examples of reliable web hosts are Cloudways, Hostinger, BlueHost, etc.

3. Adopt good certificate management habits

Having an SSL certificate isn’t a set-it-and-forget-it deal. You need to keep an eye on a few things to ensure everything runs smoothly:

  • Regular checks: Keep an eye on your website’s SSL status now and then to make sure everything’s in order. It’s all about staying informed.
  • Renewal reminders: SSL certificates have expiration dates. Mark your calendar or set up reminders so you’re not caught off guard when it’s time to renew.
  • Use HTTPS redirection: Make it a habit to employ HTTPS redirection. This can often be easily managed with plugins like Easy HTTPS Redirection, automatically ensuring all your website traffic is secure. Alternatively, you can edit your .htaccess file (for Apache servers) or your nginx.conf file (for nginx servers) and add the following lines of code for the same purpose.

Apache servers

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

Nginx servers

server
{
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}
  • Set certificate auto-renewal: If you are a technically adept site owner or administrator, you can set cron jobs to auto-renew your SSL certificates. With Google enforcing a move to 90-day validity SSL certificates, a cron job scheduled to renew SSL certificates from a trusted source like Let’s Encrypt can save a lot of time and effort. Here’s how you can do this.

The program used to renew Let’s Encrypt SSL certificates is called certbot. Install it on your Apache or nginx server by entering the following command in the Terminal:

sudo apt install certbot

Once installed, open your crontab in edit mode by entering:

crontab -e

Add the following line in it:

For Apache servers:

30 1 1 */3 * certbot renew --post-hook “service apache2 reload”

For nginx servers:

30 1 1 */3 * certbot renew --post-hook “systemctl reload nginx”

This line runs the cron job at 01:30 AM on the 1st date of every 3rd month i.e. it will run every 90 days, on January 1st, April 1st, July 1st, and October 1st. If you need a different schedule, here’s an easy guide on cron jobs and their parameters.

Final thoughts

The “Your connection is not private” error is a common occurrence but facing it can be very frustrating. Website visitors can find it scary to proceed and put their data into the hands of a site that may not be secure. As a website owner/admin, it can be worrying as this error could drive traffic away from your site. This can harm your SEO rankings and potential earnings.

Understanding the roots of this error—be it through SSL certificate mishaps, system issues, or external software interactions—becomes critical to solving it. And solving it, in turn, ensures a safer website for visitors and owners/admins alike. If you are a site owner/admin, strengthen your site’s security by adding MalCare to it. MalCare’s robust firewall, automatic malware detection and removal capabilities, as well as tried-and-tested bot protection, make it essential for any website owner/admin concerned about their site’s security.

FAQs

What causes the “Your connection is not private” error?

This error usually appears when there’s an issue with the SSL certificate of a website. Causes can range from expired certificates, and incorrect configurations, to browser incompatibility.

Can I bypass the “Your connection is not private” error?

While most browsers offer an option to proceed to the website anyway, doing so is not recommended. Bypassing this warning could expose you to security risks, such as data theft.

How do I fix the “Your connection is not private” error as a website visitor?

Try refreshing the page, clearing your browser’s cache, or checking your computer’s date and time settings. If the issue persists, the problem might be on the website’s end.

How do I fix the “Your connection is not private” error as a website owner?

Ensure your SSL certificate is correctly installed, up-to-date, and not expired. Also, consider setting up HTTPS redirection and keeping an eye on your site’s configuration to prevent future errors.

Can outdated browsers cause the “Your connection is not private” error?

Yes, older browsers might not support the latest security protocols or recognize newer SSL certificates, resulting in this error.

Do I need to be concerned about the “Your connection is not private” error as a website owner?

Absolutely. This error can deter visitors from accessing your site, potentially harming your reputation and leading to a loss of traffic or revenue.

Category:

You may also like


Website logs
What are the Different Types of Website Logs?

Imagine driving a car without knowing your speed, engine temperature, or fuel levels. Sounds terrifying, right? Well, managing a website without understanding website logs is a bit like that. You…

cross-site-scripting-xss-attacks-what-how-prevent-them
What is Cross-Site Scripting (XSS) and How to Prevent It?

Websites can sometimes act strangely, showing unexpected pop-ups or exposing personal information. This isn’t just a glitch—it’s often due to a sneaky trick called Cross-Site Scripting (XSS). You might be…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.