Chrome "Insecure downlad blocked" error when attempting local PC backup

I have a C8 Hub v2.3.7.145 and just recently I started getting this error on Chrome which I have never seen before when doing any local backups to the PC. Unless I click on KEEP the downloaded file won't save so Chrome is attempting to prevent what it thinks is a possible corrupted file?


If I use a different browser like Firefox and perform the same operation I don't get any errors, it just does the local backup and puts it in the download folder.

Any ideas on what I need to do?

Sounds like this feature:

And it's probably because .LZF is a rather uncommon format and also one of the "archive" formats Chrome doesn't like.

You should still be able to hit "Keep." I'm not sure if using https:// instead of http:// to visit your hub will make any difference, but that's also a factor they apparently put into play when deciding when to display this warning.

You should also be able to disable the feature entirely for your hub's IP, assuming yours won't change:

A final note:

As you can read above, their goal is security, not corruption.


Thanks for the quick reply. So you think this recent development is due to a Chrome update and not an HE platform update...

I saw it start happening after a Chrome update and it happens on all of my Hubitats, regardless of the version they have.

Hitting Keep works just fine, but it is an annoying step and they do not appear to have any way to say that it is a "trusted" site.


Right, aside from the things mentioned in that article, I don't think there's much the hub can do about this.

If you still wanted to check (though given the above, I'd doubt it's the case), you can use the Hubitat Diagnostic Tool to roll back to your previous platform version and re-test, as always. (And note that the hub, of course, will not update unless you do so, so this behavior wouldn't have changed for that reason on its own.)

I get the same warning downloading backups of my router config in .tar.gz format, so certainly a Chrome thing and not a Hubitat thing.

I just tested and found that using https eliminates the error for my router, even though the security certificate doesn't match the URL.


I just noticed something... the security certificate for my hub (my C-8 even) is listed as having expired in 2021. Does anyone know of a way to renew/regenerate it for the hub? I looked around but only found a way to provide one not generate a new self-signed one (that I could have my browser accept). I did a search in the community but did not find a method either...

That doesn't seem normal . . . @mike.maxwell any thoughts?

Just did a double-check and all 4 of my hubs have exactly the same information in the certificate:

Issued To:

  • Common Name (CN) = Hubitat Elevation
  • Organization (O) = Hubitat, Inc.
  • Organizational Unit (OU) = Hub

Issued By:

  • Common Name (CN) = Hubitat Elevation
  • Organization (O) = Hubitat, Inc.
  • Organizational Unit (OU) = Hub

Validity Period:

  • Issued On = Thursday, January 10, 2019 at 4:29:33 PM
  • Expires On = Wednesday, April 14, 2021 at 5:29:33 PM