Antivirus blocks my websites that once had SSL but cancelled later

[bencuri]

I noticed an oddity with some of the websites I built. I have one, that has been HTTP since 10 years. A few years ago when changing hosting, I accidentally activated SSL on it, but cancelled the SSL right away (I cannot run that site engine on HTTPS). The site is up and running, but sometimes when I visit it since then, I get an error message: "Your connection is not private" from the browser or a similar error message from the virus scanner. I noticed this happens when I empty the cache of the browser, and type "mydomain.com" only to the search bar. If I type "http://mydomain.com", the site loads fine. So it seems the problem is that the browser is trying to force HTTPS even if the certificate has been cancelled long ago. Recently I did the same mistake with another site, when moving to another hosting, accidentally ticked the SSL option, and even if I cancelled it later, now the same error is happening there too. I checked the error message carefully, and noticed an oddity. For the other site, where I cancelled the SSL years ago, the Virus scanner error message still displays the certificate as if it was valid. Check the photo attached. But it is not valid any more. It has been cancelled long ago, and my hosting provider confirmed it makes no effect. Yet, Kaspersky and Eset scanners are looking for it and report it as valid. How is this possible?

For a while I thought this is a universal problem, but today I investigated that this error is only present on my own computers. That is: on computers where I visited the problem sites during the time when the SSLs were active. So I came to the conclusion now that something was saved on my computers that makes the Virus scanners still look for the certificates and consider the website HTTPS.

Does anyone know why this is? Maybe Windows stores SSL certificates in the Certificate Inventory, and if the certificate of a site has problems, the Virus Scanner flags it as risky? Or it is the virus scanner itself that stores previous SSL info somewhere and is checking it against the recent state of the site to determine risk?

 

[Schulte]

Hello @bencuri, Welcome.

I think here several circumstances come into question.

On a previous visit your browser stored the then valid certificate in the Windows certificate store.
The certificate is valid for all pages that are stored by this provider and use SSL. The certificate has been renewed and is valid.

The modern browsers try to reach a page via SSL first. They find the certificate and try to connect with it. This does not succeed, hence the various error messages, from the browser and also from Kaspersky.

Can you remove the certificate from the Windows store? (If necessary it will be reloaded later).

[bencuri]

This is the second thing that I wanted to ask, that how do I recognise the proper certificate to remove there? The once concerned here is a Sectigo certificate, but there is a bunch of them there, and I have found no reference in them which one was responsible to safeguard the website in question. I am not even sure I am looking at the proper certificate group, because the same type appears in several other group too. Here are they from one of the groups, see the attachment: