Skip to main content
If your browser shows a security warning when visiting your site — such as “Your connection is not private”, “Deceptive site ahead”, or a certificate error — the cause depends on which warning is shown.

”Your Connection Is Not Private” (SSL Certificate Error)

This means the SSL certificate is missing, expired, or does not match the domain. Certificate not installed — if you have not yet installed an SSL certificate, see Installing a Free Let’s Encrypt SSL Certificate. Certificate expired — Let’s Encrypt certificates renew automatically. If renewal failed, go to Websites & DomainsSSL/TLS Certificates in Plesk and reissue the certificate manually by clicking Renew. Domain mismatch — ensure the certificate covers the exact domain your visitors are accessing (e.g. both example.com and www.example.com). Reissue the certificate and check both variants are included.

”Deceptive Site Ahead” (Google Safe Browsing Warning)

This warning is issued by Google and means your site has been flagged for malware, phishing, or harmful content — not an SSL issue.
1

Scan for Malware

Log in to Plesk and check Imunify360 under Websites & Domains for any detected malware or infected files. Clean any flagged files.
2

Review Your Site

Check for any recently added content, scripts, or plugins that may have introduced malicious code.
3

Request a Google Review

Once the site is clean, go to Google Search Console and submit a review request under Security Issues. Google typically reviews and clears the warning within a few days.
Do not request a Google review until the malware has been fully removed. Submitting while infected will result in the warning remaining and may delay future review requests.

Mixed Content Warning (Padlock with Warning Icon)

This occurs when a page loaded over HTTPS includes resources (images, scripts, stylesheets) served over HTTP. The fix is to ensure all asset URLs use https://. For WordPress sites, the Better Search Replace plugin can update URLs across the database.