Chrome Android flags a website as "unsafe site" ?

Discussion in 'Plugins/Modules/Addons' started by Nexus Fred, Jan 2, 2022.

  1. Nexus Fred

    Nexus Fred Member

    Hello,
    One of my website hosted on my server with ISPConfig is flags as "unsafe site" by Chrome Android.

    The Let's Encrypt certificate is valid, and there are no mixed content.

    TLS Certificate has not been revoked
    OCSP Staple: Good
    OCSP Origin: Good
    CRL Status: Not Enabled

    TLS Certificate expiration
    The certificate expires March 16, 2022 (73 days from today)

    Certificate Name matches MyWebiste.tld

    Subject MyWebiste.tld
    Valid from 16/Dec/2021 to 16/Mar/2022
    Issuer R3

    Subject R3
    Valid from 04/Sep/2020 to 15/Sep/2025
    Issuer ISRG Root X1

    Subject ISRG Root X1
    Valid from 20/Jan/2021 to 30/Sep/2024
    Issuer DST Root CA X3
    TLS Certificate is correctly installed

    I have many other websites hosted on this server, and they are not flags as "unsafe site" by Chrome Android.
    I wonder if the issue can be generated by the fact that is the only website who have a second subdomain other than www.
    MyWebiste.tld ; www.MyWebiste.tld ; subdomain.MyWebiste.tld

    When I installed this subdomain I generated a certificate for it.

    Best Regards
    Nexus
     
  2. ahrasis

    ahrasis Well-Known Member

    Weird. How old is that android and its chrome?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    That's not related in my opinion. I guess the android version must be really old so that it does not has the root certificates that LE uses in it's certificate store, so nothing wrong with the server or it's setup then.
     
  4. Nexus Fred

    Nexus Fred Member

    @ahrasis @till
    The android Chrome version is 96.04664.104.
    This issue appear only if the option "Always use secure connection" is on.
    The fact that I have a subdomain other than www is the only difference with the other website hosted on this server.
    That very strange. o_O
     
    Last edited: Jan 3, 2022
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    This option is where? I don't think that we have such an option in ISPConfig.
     
  6. Nexus Fred

    Nexus Fred Member

    @till it's not on ISPConfig but in the setting of Chrome Android (sorry)
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you get the error when you access the subdomain only, or also when you access the main domain?
     
  8. Nexus Fred

    Nexus Fred Member

    @till I get this error on both
     
  9. ahrasis

    ahrasis Well-Known Member

  10. Nexus Fred

    Nexus Fred Member

    @ahrasis Thanks. I'm curious to know where Google found some malware or phishing pages !!
     
  11. Nexus Fred

    Nexus Fred Member

    I check my website with Google Console and I do not have any security issue on both website (main domain and subdomain) ... I will try to contact google if I can find how to do that ;)
     

Share This Page