How to fix the connection not private error when using HTTPS Captive Portal for Hotspot

When we use the HTTPS captive portal page in Hotspot Web Portal function, sometimes the hotspot client only gets "Your connection is not private" as the image showing below, "Untrusted Connection" or "Invalid Security Certificate." These are common warning messages when we try to open an HTTPS website which does not have a trusted certificate but using a self-signed certificate instead. It occurs in all web browsers no matter its Safari, Internet Explorer, Google Chrome or Mozilla Firefox, the error messages and symptoms varies between browsers, and sometimes the user may be prevented from the webpage for security concerns.

To solve the issue for Hotspot Web Portal, we first need a certificate that is issued by a certificate authority such as Let's Encrypt and Comodo. Next, we need to import the certificate into the router. Here are two solutions.

1. Obtain the certificate from Let's Encrypt for your DrayDDNS domain name
2. Import the paid certificate from certificate authority such as Comodo

1. Obtain the certificate from Let's Encrypt for your DrayDDNS domain name.

This is a convenient and free service if you can apply a DrayDDNS domain name for your Vigor router. In firmware version 3.9.0, administrator can apply a domain name for the router with DrayDDNS and obtain a trusted certificate from the Certificate Authority (CA), Let's encrypt. Please visit the following link for the configuration. Visit here to learn how to Use Let's Encrypt Certificate for your DDNS Domain

2. Import the paid certificate from certificate authority

You may select this option if you have a trusted certificate for your own domain name.

1. Download and the certificate and private key from your certificate provider. Then, go to Certificate Management >> Local Certificate to upload them.
2. In SSL VPN >> General Setup, select the Server Certificate that you uploaded in step a.
3. After the trusted certificate is applied to the domain name, we can use this domain name into Captive Portal URL to replace the default portal.draytek.com

Ignore the warning message

If you are unable to obtain and import a trusted certificate, the hotspot client will need to ignore the browser's warning messages about insecure certificates, and proceed to load the router's landing page.

Generally, devices will pop-up the built-in browser to open the portal page, and that browser will not show a certificate error. However, if the device didn't open the browser automatically, and the user needs to open the webpage manually, the browser may display a warning message like the image below. The hotspot user just needs to click Show detail, then click Visit the website to proceed to the login page.