Reputation: 458
Why does my site have HTTPS in chrome but HTTP in safari?
I'm hosting a site on AWS EC2. I got an SSL certificate using certbot. On Chrome, the site is accessed from HTTPS and the padlock appears. On Safari it says NOT SECURE next to my site's name, and cookies cannot be set (cookies are working in Chrome and they also appear in the Network panel of Safari--they're just not being set because my site isn't secure).
I don't know or understand why my site isn't secure in Safari.
When I click the padlock I can access this certificate (images attached):
I also did SSL Server Test on https://www.ssllabs.com/ssltest/analyze.html?d=arriveanywhere.xyz
I got a B grade and it said:
This server supports TLS 1.0 and TLS 1.1. Grade capped to B.
Additionally, it said I don't have a DNS CAA set up -- could this be my issue?
Please let me know why it's insecure in Safari but not Chrome...
I have looked around SO, and couldn't find an answer. I don't think this is a duplicate.
Upvotes: 0
Views: 1461
Answers (1)
Reputation: 123629
Browsers traditionally default to http://... if no explicit method is given (i.e. only domain given). Typically sites will be configured to explicitly redirect http:// to https://, but your site is not configured like this. Still, Chrome will access the site with https:// anyway since starting in version 90, Chrome’s address bar will use https:// by default, improving privacy and even loading speed for users visiting websites that support HTTPS. Thus what you see is the new default.
Upvotes: 2
Related Questions
- why is safari the only browser flagging my https website as not secure
- HTTPS to HTTP on AWS EC2
- AWS S3 images served only via HTTP, but Chrome upgrades to HTTPS
- https showing error ERR_SSL_PROTOCOL_ERROR
- Chrome says SSL invalid, but certificate is valid
- Safari is forcing HTTPS on everything when I don't want it to
- HTTPS on a EC2 instance
- HTTPS domain shows blank page while HTTP works fine
- Chrome trying to load http site over https
- Can't Access HTTPS on AWS EC2