Browser Warning About Site Security - What It Means
A friendly tour of browser security warnings and what causes each one.
Your browser blocks a site with a warning. The warning is rarely wrong. This guide explains what each kind of warning means, what the browser actually checked, and what to do.
What the browser is doing
Before showing you a website, the browser is like a careful traveller arriving at a new country. It looks at three things:
- Does the website have a valid ID? (the certificate)
- Does the ID match the address on the door? (the hostname)
- Is the ID issued by someone the traveller trusts? (the certificate authority)
If any of those checks fail, the browser refuses to enter and shows a warning. It is doing its job.
The warnings you will see
“Your connection is not private”
Catch-all warning. Could mean the certificate is expired, the hostname is wrong, the issuer is untrusted, or someone is intercepting your traffic on the network.
Action: stop. Do not enter passwords or payment information. Try the same site from a different network (e.g. mobile data instead of Wi-Fi). If the warning is gone, your local network may be the problem.
“The certificate has expired”
The simplest one. The site owner forgot to renew. The site is probably the same one you have always used. But the secure channel cannot be verified, so you cannot tell.
Action: if you own the site, renew now. If you do not, wait for it to be fixed - do not bypass the warning.
“Subject Alternative Name mismatch” / “The certificate is not valid for this hostname”
The certificate is real, but it was issued for a different domain. Could be a server misconfiguration, or it could be a phishing site trying to look like another.
Action: check the URL bar very carefully. Sites like paypa1.com are not paypal.com.
“Issued by an unknown authority”
The certificate was signed by someone the browser does not recognise. Sometimes that is a corporate internal CA (your IT department). Sometimes it is a self-signed certificate someone is testing with. Sometimes it is suspicious.
Action: only proceed if you trust the network you are on and you know why the certificate is unusual.
“This site is not secure” (no warning page, just an address-bar message)
Some browsers show this on plain HTTP sites - no encryption at all. Not technically a certificate problem, since there is no certificate. The site simply has not enabled HTTPS.
If it is your site
Run a scan. It will tell you exactly which check failed: Free SSL scanner. Then fix that specific thing - expiry, hostname coverage, chain, or issuer.
Why these warnings hurt
Most visitors do not understand the technical detail. They see red. They leave. Studies show single-digit click-through rates on warning pages. If your site shows one for even a few hours, the SEO and revenue damage stays around much longer.
Continuous monitoring catches certificate issues before browsers show them to users. It is cheaper than the alternative.
Frequently asked questions
- What does “Your connection is not private” mean?
- The browser cannot verify the website’s identity using its SSL certificate. Possible causes are an expired cert, wrong hostname, untrusted issuer, or a man-in-the-middle interception.
- Why does only Chrome show the warning?
- Each browser updates its trusted-CA list on its own schedule. A certificate from a recently-distrusted authority can show fine in older browsers and fail in Chrome.
- Can a security warning be a false alarm?
- Rarely. The warning is the browser doing its job. Even if the site is legitimate, the certificate is genuinely broken or misconfigured and needs the owner’s attention.
Check any site in seconds
Scan a domain with our free SSL tool and see the certificate, grade, and any issues - no signup needed.
Related guides
-
“This Website Cannot Be Trusted”: What It Means and How to Fix It
What the “this website cannot be trusted” error really means, and how to fix it fast.
-
HTTPS Not Working? A Plain-English Troubleshooting Guide
Why HTTPS suddenly stops working and how to diagnose it in under 10 minutes.
-
SSL/TLS Vulnerabilities - A Quick Guide for Non-Experts
A non-expert tour of well-known SSL/TLS vulnerabilities and how to check yours.
From the blog
-
SSL Certificate Outages - 4 Real Incidents and What They Teach Us
Four real-world certificate outages from major companies, in plain English. What broke, how it broke, and the simple monitoring step that would have caught it.