Skip to main content

Site Shows "Not Secure"

When the browser says "not secure," your site content is usually fine. It almost always means the HTTPS/SSL certificate hasn't fully kicked in yet, or the browser cached an old state.

First, figure out which case it is​

Common causes​

  1. The SSL certificate is still being issued or activating — right after binding a domain, expect to wait ten-odd minutes.
  2. The browser cached an old HTTP or certificate state.
  3. You didn't type https://.
  4. DNS hasn't propagated globally yet.

Browser address bar not-secure warning - the page reports the connection is not secure, used to judge whether the HTTPS certificate is still inactive

How to fix it​

Try these in order:

  1. Wait 10 to 30 minutes, then refresh the domain status in the AllinCMS admin.
  2. Type https://www.yourdomain.com manually in the address bar.
  3. Open it in an incognito window.
  4. Test in a different browser or on another device.
  5. Go back to your registrar and confirm the DNS records aren't mistyped.

AllinCMS domain status page - the admin shows the domain, enabled state, and SSL status, used to confirm whether HTTPS is live

When to dig into DNS​

If it's still not secure after 30 minutes, or the domain won't open at all, go back and check DNS:

  • Whether the CNAME value matches the one in the AllinCMS admin.
  • Whether www and the root domain are configured in a confusing way.
  • Whether the www CNAME on Cloudflare has proxy turned off.
  • Whether old A or CNAME records from a previous site are still lingering.