Website Shows as Secure On Some ISPs but not others

I have a website that is with Cloudflare. So it is secure etc and https all fine. My hosting company even say its fine and secure.

Yet on some ISPs - Virgin Media for one - its users get the Not Secure error. This is a large proportion of the UK population and mine is a UK site.

Why would my secure https site show as secure in most places but show as not secure if the person attempting to access it is connecting it via Virgin Media ISP?

And more importantly, how can I fix it so it shows as Secure for all web users?

Thanks

Al

What’s the domain?

It’s liverpoolpsychotherapy.co.uk

Works on virtually everything it seems - but not for users with Virgin Media ISP

This sounds familiar. Like that ISP runs some sort of inline virus blocker or something. I’m heading out right now, but maybe @domjh remembers some similar posts.

1 Like

Hmm… Not finding anything similar with Virgin mentioned.

@alun.parry, are you on Virgin Media to test?

How long ago did you enable Cloudflare SSL?

Yes I’m on virgin to test

I enabled cloud flare two days ago.

It works fine if not via virgin

Are you seeing any SSL certificate on the site when on Virgin? Are you able to post a screenshot of the ‘not secure’? With as many details shown as possible?

1 Like

Then when I go to 4G I get it all fine

Is there a way to test this on a desktop browser where you can open up Dev Tools and view the Console Log?

Yes if you talk me through it. Not sure how to access those but yes I can do it on a desktop.

In Chrome, F12 usually opens up Dev Tools. It’s also under the View menu -> Developer -> Developer Tools. There’s a Console section that will show details, but there’s also a Security tab that will tell you why a site shows Not Secure.

Then when I click View Certificate I get this…

The certificate differs from this one for another CF site that is working fine even on Virgin.

The certficate that is working states sni.cloudflaressl.com whereas the one that isnt fully working does not.

Is that significant?

It looks like you’re running Avast anti-virus. Can you turn it off while you test this?

I turned it off and the certificate still said the same.

Why do you think that all my other CF sites show the certificate as sni.cloudflaressl.com whereas the problem site shows the certificate as something else?

It seems that the cloudflare SSL isn’t being picked up on the problem site?

It still shows Avast? I wonder if it’s baked into the ISP, which is why I mentioned earlier remembering a similar problem.

In Dev Tools, check out the Network tab. If you load the site, you can check out the headers, which will show you which server you’re hitting:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.