We already tell you, if your TLS certificate is configured in an unsafe way, soon expiring or already expired. But there is more to it than that. Last year Google distrusted certificates of Symantec and its subsidiaries. This lead to a warning in Chrome browsers (and other major browser vendors) that should prevent website visitors visiting the intended website.
This only applies to certificates issued by a Symantec CA prior to June 1, 2016.
There are a lot posts out there which already explain very good why these certificates are a problem:
In our Website Security Monitor as well as in Discovery you will get notified about the new issue "legacy certificate". And it will look like this:
Symantec sold its certificate business to its competitor DigiCert. DigiCert is meant to have a better infrastructure and is able to sign new certificates from 1.12.2017.
The only solution is to replace the existing certificate with a new one from any Certificate Authority trusted by Google Chrome (and the others).