My SSL Lock is Not Displaying

Using an SSL certificate on your website is very important for security. It is used to create an encrypted connection to the server to protect data from prying eyes. Though it can be used across an entire site, it is most commonly used for portions of the site that use sensitive information, such as shopping cart checkout areas.

How do I know the SSL is working?

It is very important for your visitors to know when they are on a secure area of your site. When the SSL is active on the page you are viewing, they can tell by checking the address bar at the top of the browser. There should be a small lock icon in the address bar area. The format can can vary among the different browsers. Below are a few examples of different sites with different browsers.

Chrome Security Lock

FireFox Security Lock

IE Security Lock

Why does my lock disappear?

It is a common reaction to blame the SSL or host for having the certificate installed improperly. This is usually not the case. The SSL lock will only appear or display properly if all items on the page are linking securely. If there is even one insecure link on the page, the SSL will appear as broken. This means it may not display at all, or it may display differently. Again, this will vary depending on the browser you are using. Below are examples of the same browsers using a page that is partially insecure.

Chrome improper lock

Firefox no lock visible

IE no lock visible

Almost exclusively, the cause for this is the use of absolute links for images and text links within the page code instead of relative links. If even ONE link on the page is using the absolute format it will ‘break’ an otherwise secure page. Below are descriptions of absolute and relative address linking.

Absolute Addresses

Absolute addressing for images and links include the entire domain name and the protocol, which is typically https://. For example, if you were linking image.jpg and your domain name was example.com, the link would be code as <img src=”https://example.com/image.jpg” />

Relative addresses

Relative addresses differ from absolute in that they include neither the protocol nor the domain name. Using the same image.jpg file as before, the link code to that file in would simply be <img src=”image.jpg” />.

It’s a coding issue? How do I correct it?

The solution is ‘relatively’ easy, pun intended. You will need to go through the code for your site and change all absolute links to relative ones. With hand-code sites this can be a simple, but tedious process. If your site is coded with a Content Management System such as WordPress or Drupal, they should already follow this rule on the core level, so you will want to check any links that have been included in the content addition areas such as the editors within the program where you create pages and posts. Once you or your developer has completed this process, you should be able to refresh your site and the lock should display in the correct format.

137 Comments

  • Hi

    The home page of my website https://fructifyweb.com/ is not showing up SSL certificate. However, all other pages of the website is showing the certificate. Even the backend is also showing. It’s missing only on homepage. Could you please help?

    • Hi, Disha!

      When I visit your website, typing in the full URL including the ‘HTTPS’, the site is secure and the ‘padlock’ is there. Here is the problem: if someone visits your site by typing the short version of the URL, they are not sent to the correct, secure version. All of your on site links use the correct version (https) though, which is why the other pages work fine.

      It’s an easy fix! You can use the Really Simple SSL plugin to do this for you, or set it up yourself manually by editing the .htaccess file. Hope that helps!

  • Install and Manage SSL for your site (HTTPS) this line can not show my hosting how can fix it

    and its my domain plz check it….

    • According to the report I ran from a third party tool here, you’re SSL certificate appears to have expired. The report will also display any errors that may cause your website to not show a green padlock in the browser’s address bar. If you are a customer of InMotion Hosting, please feel free to contact our Support for a review of your SSL and the report.

  • My http will not redirect to https my website. I have logged into my cpanel and set up the redirects . What else could possiby be the issue ?

  • My http will not redirect to https my website is www.zodiacsmeet.com. I have logged into my cpanel and set up the redirects . What else could possiby be the issue ?

  • There is a very simple solution that is overlooked here. If your website is not forcing https connection, then may show up in web browsers as an unsecure connection.

  • Just recently bought a domain and bought a ssl certificate for it. Installed it with the intermediate ca. Checked on the Geotrust crypto checker site to see if it was installed correctly and it said it did, but when I go to the site it says Not Secure. I haven’t built the site yet so it doesn’t have much on it but Index stuff. Was wondering if you can see why it’s not secure. Website is www.example.com.   Thanks.

  • Hi, Thank you for your kind help. I went through every pages and try every solution and it was not working and it was a troublesome. However, I removed some of the links from sharing buttons that I’d created and it is well working now. All pages of my sites shows secure and greed signal padlock. The problem has been fixed for now.

    Once again, Thank you for your great help.

    Regards

  • Hi, Thank you very much for your prompt response to my email. I did and I could not see there is one I mean not in my knoledge. I am using Really simple ssl plugin. It did everything converting my http to https. Only the sub-menu items and mens at the footer shows https://example.com/sub-menu items but not the as it secure sign in them as well as no padlock. I checked and show some of the pages have links with https://example.com linking within pages. I changed them to https instread http, still couldn’t fix.

    Once again, thank your for your response

    regards

    • Sorry for the problem with your site not always showing the padlock. If you use your browser to “View Source” you can see the code behind your pages. To “View Source”, right click on your page and then look for the View Source option. You may need to right-click on certain parts of the page if you don’t see the option immediately. When you see the page code, run a search for “http:” If you see it being used in any active link, then that is most likely the reason you’re not seeing the padlock. You will need to find the code in your site and make sure that the HTTP is not showing. That would be the only reason that you’re not seeing the padlock in the browser. There are parts of it referencing insecure links.

  • Hi, I wonder if you can help me. My site: greathimalayanguides.com and another site both are hosted baby plan and I recently upgrated to https. since I switched from http to https, some of my pages are with secure notice with padlock and many pages are https but does not shows secure information and padlock. Could you please help me why is it like this? The home pages and some other pages are with secure notifications and other pages such as linking with main pages and post pages are not secure.

    Once again thank you for you guidance in this isue. 

    Regards.

    • Have you checked for any “hard” links to pages or images in your site? Any URL that does not use “https” will make the site “insecure”.

  • Greetings, I will first thank you for the great work you’re doing. 

    Kindly check https://***.co.ke/ https://***.co.ke/ I installed SSL certificate but doesn’t show as “secure”. What could be the problem?

    Thanks in advance

    • I tested your site with the free whynopadlock.com site, and it advised the following on regarding your SSL:
      You currently have TLSv1 enabled.
      This version of TLS is being phased out. This warning won’t break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

      I recommend re-issuing your SSL using TLS v1.2, which should correct your issues.

      All of the SSL’s we issue meet this requirement, including our Free SSL.

      Thank you,
      John-Paul

  • hi i have an issue with redirection with 301 and 302,i have installed ssl and in my htaccess file i have redirected to 301,whe i remove the 301 redirection the padlock disappears.and as far i know redirection is not a good idea for SEO purpose so is there any other way without redirection.plz its a urgent issue so let me kow and thanks in advance

    • Depending on the software you used to build the site, you should be able to configure the domain to use https, rather than use a redirect. If you’re using WordPress, you can follow this guide here to change the site to use https. Otherwise, let us know what software you’re using to build the site, we may be able to find a guide to assist you further.

  • My issue is specific to Safari on Macs & IOS.  I have a EV cert on https://parkerny.com. The cert displays the green EV security on IE and Chrome.  When I use Safari the URL shows as green but then switches back to black letters, half was through the page load.  The URL still shows as https but it is not green which shows the EV cert.

    I ran the site through the whynopadlock.com site and everything passes.

    • Hello,

      Sorry for the issue with your site not showing the link in green in Safari. I looked it up and found that one part of your certificate is generating a concern that doesn’t pass Safari’s requirements for security. You can look at the report here: https://www.ssllabs.com/ssltest/analyze.html?d=parkerny.com.

      The GeoTrust Primary Certification Authority is encrypted in SHA1 and is considered insecure. You can contact your SSL provider and request that they update it in order to fix the issue.

      If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

  • https://hautefashioncouture.com/     Why Pedlock is not showing ?? I have put right redierction code and all still its not working 

  • Hello 

    Sir & Mam

    Hello, my site www.mygoldenchoice.com was using https:// I have recently changed the site to resolve with https:// I also don’t see the secure lock on web browser. I shall follow the instruction here to solve the issue. Thanks for your great help.

     

    • Hello Winmeen Jobs,

      Sorry for the problem with the website not appearing to be secure. The problem has to do with a reference that you’re making in your website to the following:

      Insecure URL: https://www.blogadda.com/images/blogadda.png
      Found in: https://www.winmeen.com/

      I typically use “whynopadlock.com” to run the check – it finds the cause for the padlock not to show and provides the information about it. If you remove that link from your site, then your site will be secure. If you can’t remove it, then that particular site needs to have a “https” link that you can use to connect to it. OR, you can simply replace the image with one saved on your site – that would be easiest.

      I hope that helps to answer your question! If you require further assistance, please let us know!

      Regards,
      Arnel C.

  • Hi Chris, thank you in advance, I’ve already modify the re- direction in CPanel (wich I believe modifies the .htaccess file) but sometimes the site is showed in https: and other times doesn’t. Is there any waiting time till the .htaccess rule applies on ?

  • I’ve the same issue, I’ve already purchased a new Ip Address and a valid certificate form you guys, I’ve checked my website in https://www.whynopadlock.com/check.php, the result is valid and secure.

    I see the valid SSL certificate when I acces directly to https:// but when I do it via www.kitsune.mx doesn’t work. What can be wrong?, in my code all the images, fonts and other sites are through https://

    Regards, 

  • Hello,

    my site https://www.******ilife.com isredirect to https://www.******ilife.com but not showing lock Sign. how to fix it in blogger. please help me to fix it.

    Thank You

    Shayari Life

    • When I inspect your site in Google Chrome, the “Console” tab states the following:
      “Mixed Content: The page at ‘https://www.******ilife.com/’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘https://www.******ilife.com/search’. This endpoint should be made available over a secure connection.
      (I blanked our your URL for security purposes)

      Thank you,
      John-Paul

  • Hello, my site www.reviewjust.com was using https:// I have recently changed the site to resolve with https:// I also don’t see the secure lock on web browser. I shall follow the instruction here to solve the issue. Thanks for your great help.

  • Oh I’m sorry, I meant I don’t know which one to choose. As in, the secure URL provided by my webhost is very different than the site’s unsecure (original) URL. So I don’t know how to properly do the Search and Replace. (Attempts to change only the http to https haven’t worked thus far. Attempts to change https://domain.com to https://secureserver.domain.com also haven’t worked). I’m wondering what I’m doing wrong.

    • If you are using a CMS (such as WordPress, Joomla, etc.) you should make the change in the dashboard. Then clear your browser cache, or test on another browser. Also, check any caching settings that you may have in the CMS. You can also try using a plugin or extension to make the change, or find/replace.

      You could also try just doing a search of the database (without the replace statement) to see if there are any results.

      Thank you,
      John-Paul

  • Thanks so much for all the great work. Question: After installing my SSL certificate, I’m provided with a new URL containing the https plus the secureserver bit in front of my domain name (eg. https://secureserver.domain.com)  When I do a search and replace in my database to change absolute links to relative, do I include that server bit in the ‘replace’ URL? (Meaning, is it Search for: https://www.domain.com, Replace with: https://www.domain.com OR is it Search for: https://www.domain.com, Replace with: https://www.secureserver.domain.com)?

    • It is up to you, since it depends how you want your website to show in the browser. For example, you must choose what you want people to enter to visit your site.

      Thank you,
      John-Paul

    • Since it seems you are using WordPress ensure you have enabled the SSL successfully. Since many of your pages are serving images insecurely, you may need to update the URL’s to reflect the new address. This is covered in our guide on Correcting image links after a WordPress migration.

      Since calls to google are often caused by Google fonts, check your theme for additional SSL setup steps. Since it mentions mail.google.com check any contact forms, or formmail settings to ensure they are SSL (HTTPS) compatible.

      Thank you,
      John-Paul

  • I’m working on trying to get the SSL working correctly … got the ssl certificate installed but am not get the “secured” padlock … when i tested the website (theinteractivegift.com ) I get this error:

    mail.google.com returned an error (Possibly 404 not found or other webserver error. Details: … didn’t even know that it was checking or going to google … I’m at a loss how to find/fix?   Any help would be greatly appreciated as I’m a realtive newbie …  Thanks.

    • It seems like your site may be accessing something from mail.google.com insecurely. I recommend checking your site code for any calls to that url.

      Thank you,
      John-Paul

  • I’m coming across the same issues as the comments above, but I’m still confused as to how to resolve them.

    • You will need to make sure that you have a valid SSL keyed and installed on your domain. The errors listed do not indicate that the installation went through correctly. If you have an account with us, I advise contacting Live Support so they can review your account and check if the SSL was installed correctly.

  • Does it matter if the website developer is using a http: for their credit but don’t have a secure site to change it to https?

  • Thank you for the reply, Scott! My SSL is a free one from StartCom (3 years), don´t know what happened, but started working next day and is OK from then on.

  • I install Certifcate to hawakradio.com but it doesn’t work on any browser 

    i use https://www.whynopadlock.com to check but i don’t get any problem !

  • I have one https://www.mydomain.com which is EV Extended SSL. I make another website call to https://sub1.mydomain.com which DV SSL. Will the green bar be there on my https://www.mydomain.com or I will have to buy EV SSL for sub1.mydomain.com

    • It depends on the specific SSL you purchase. For example, you could pay more for an SSL that covers the subdomains. Since we do not currently offer EV SSL’s, I cannot provide a specific price.

      Thank you,
      John-Paul

  • Hi Scott, No, I am not having the issue any more.  I had the ssl installed, but was still seeing the “old” way of getting to the site. I found a site somewhere that helped me. It seems that I needed to edit my .htaccess file (you need ftp to see it) and add a few lines of code in order to tell all incoming requests that from now on, any http requests or port 80, are now https.  That fixed it. This is the code that I edited with my site name, and pasted into the .htaccess file.

    “RewriteEngine On

    Options +FollowSymLinks

    RewriteEngine on

    RewriteCond %{HTTP_HOST} ^yoursite.com [NC]

    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]

    RewriteEngine On

    RewriteCond %{SERVER_PORT} 80

    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]”

    just replace yoursite.com with your real website name

  • Already uninstalled and installed the certificate again, any idea? 

    Domain Name: www.guiaprev.com.br
    URL Tested: https://www.guiaprev.com.br
    Number of items downloaded on page: 69


    SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
    ERROR: no certificate subject alternative name matches

     

     


    Certificate valid through: Feb 7 23:49:13 2020 GMT
    Certificate Issuer: StartCom Ltd. 
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

    All 69 items called securely!

     


    Secure calls made to other websites:

    fonts.googleapis.com is valid and secure.

    fonts.gstatic.com is valid and secure.

  • I have a little different issue than the others previously posted, I have several websites that I control, the first one that I am dealing with so far is a single page site. I checked whynopadlock.com, and got all green check marks that all links were good. All links are relative or are in fact https and working properly.

    expediterelectricllc.com  I can and do access it using https, and that works, but when i type it in the browser as I just did, It is not causing a secure connection. i.e. no green https in the corner, but instead the “i” that shows for more information.  The only time it shows as a secure link is if I directly use the https:// prefix to the site name.

     

    Thank you

     

    • I notice the SSL issuer is StartCom. Is this the free SSL? If so, I believe that they are not being recognized any longer. I am unsure if anything other than the free SSL will be distrusted, but the articles I found about it state that Google, Apple, and Mozilla all will have their browsers reject them as of January 2017.

    • When visiting the site without prefixing it with https:// I am getting redirected to the https version. This displays the green lock for me. Are you still having an issue?

  • to @Ho Phuong…

    I’d got grey locked too when try to change any https:// into https:// at my blogger template.

    ..and then it’s come to be green locked after I change all url link and images url from https:// into https://

    ..so be sure to change all url link on your template and posts from https:// into https:// to fix the locked into green.

    EXAMPLE:

    If an image source url is http://www.domain.com/image.jpg

    Than make sure to change the url into https://www.domain.com/image.jpg

    Do the same step to all of your posts, and on your blog template too.

     

    I hope this can be fix your problems.

     

    best regards,

    Nova Daris

    https://daytonastatecollege.blogspot.com

  • Thanks Tim

    But how do I get to the resource that is on HTTP? I have not been able to figure out what in line # 18 is causing the error. Can you please view source file of www.myblog.medtreatserve.com and suggest what changes do I have to do in line # 18. 

    • Sanket, I’m using Chrome, and I’m not seeing any errors, or issues when loading your site via HTTPS. I would recommend contacting the administrators for whynopadlock.com, and seeing if this may be a bug in their software.

  • Hi:

    I am getting the below Insecure form call error. Could you please guide me how to fix it.

    Insecure <form> call
    Found on line # 18 in file: www.myblog.medtreatserve.com/index.html

    (Note: Chrome will show a security error for any secure page with an insecure <form> call on the page)

     

    Thanks 

    Sanket

    • Make sure any resources you are calling on your page are over HTTPS. Google displays this when you are calling a URL over HTTP on an HTTPS page.

  • Hello. I have problem with website. Its WP site. I use SSL today.Google show A punctuation mark in adress bar. Can u help my? 

     

    Domain Name: kristinageorge.com
    URL Tested: https://kristinageorge.com
    Number of items downloaded on page: 165


    Valid Certificate found.

    Certificate valid through: Dec 27 23:27:00 2019 GMT
    Certificate Issuer: GoDaddy.com, Inc. 
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

    Total number of items: 165
    Number of insecure items: 2

    Insecure URL: https://kg.bplus.studio/wp-content/uploads/2015/05/Antoinette-clutch.jpg
    Found in: https://kristinageorge.com/

    Insecure URL: https://kristinageorge.com/wp-content/uploads/2016/12/mega_menu_transparent.png
    Found in: https://kristinageorge.com/wp-content/uploads/cherry-css/style.css?ver=1483911543

     


    Secure calls made to other websites:

    maxcdn.bootstrapcdn.com is valid and secure.

    fonts.googleapis.com is valid and secure.

    cdnjs.cloudflare.com is valid and secure.

    fonts.gstatic.com is valid and secure.

     

  • I got rid of: https://www.eslteachingonline.com/wp-content/uploads/2015/05/Screen-Shot-2015-06-07-at-2.56.34-PM.png as loading via non-HTTPS.

    I ran a test and see: 

    Total number of items: 61
    Number of insecure items: 1

    Insecure URL: https://www.eslteachingonline.com/
    Found in: https://www.eslteachingonline.com/

    • You will want to work with an experienced web developer, if you don’t have one already, to assist you in resolving this issue.

    • It appears that the placeholder for your image is still in place <img src="https://www.eslteachingonline.com/wp-content/uploads/2015/05/Screen-Shot-2015-06-07-at-2.56.34-PM.png" alt="Teach English in Korea"> Again, I strongly recommend working with an experienced web developer to resolve these issues.

  • I cleared WordPress cache and that image is gone now, and whynopadlock shows all 59 items secure. However, I still only get my home page locked. All other pages are https (without the padlock). This is strange.

    • When I go to https://www.eslteachingonline.com/category/jobs-korea/ I still see the image https://www.eslteachingonline.com/wp-content/uploads/2015/05/Screen-Shot-2015-06-07-at-2.56.34-PM.png as loading via non-HTTPS.

    • It looks like the image is mentioned in https://www.eslteachingonline.com/wp-content/cache/minify/0f031.css This URL also indicates that this is cached data. I would clear your WordPress cache, and try again.

  • I ran the site through https://www.whynopadlock.com/check.php and I got 1 error. Could this cause my entire site NOT to padlock?

    See below:

    Total number of items: 60
    Number of insecure items: 1

    Insecure URL: https://www.streetadvisor.com/content/shared/images/bg-texture-red.png
    Found in: https://www.eslteachingonline.com/wp-content/cache/minify/0f031.css

     

     

  • My website is https://www.eslteachingonline.com/

    The main page above is secure with the padlock, but if you click on any other pages, they show https but NOT the padlock.

    Thanks I appreciate your help on this!

     

     

    • Paul, the reason your sub-sites don’t show the padlock is because the sub-pages “The site includes HTTP resources.” This is due to having mixed non-HTTPS content on an HTTPS page. As this issue has to do with the coding of your site or sites, it is outside of the scope of support that we are able to provide. You will want to work with an experienced web developer, if you don’t have one already, to assist you in resolving this issue.

    • Paul, they should show when you hover over them. You should be able to look at the status bar when hovering. Also, you could view the source code of the page. What is your site?

  • Aren’t all my pages supposed to show the padlock? Only my home page shows it in Safari but not Chrome. Do I need to wait for Google to recrawl my website for all pages to show with a padlock. I don’t get any errors on any pages when I use the “whynopadlock” site checker. Thanks in advance!

    • You need to make sure you are forcing HTTPS and that way when Google crawls it, they know your site is using HTTPS. https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

  • Sir, I’m having an issue with SSL. My blog serving with SSL but https not showing in google search links. Please can you tell why this issue? Here is my blog https://www.usefulblogging.com/ .

    • I recommend requesting that Google re-crawl, and re-render your site. You can follow our instructions on this process using Google’s Webmaster Tools at https://www.inmotionhosting.com/support/website/google-tools/using-fetch-as-googlebot-in-webmaster-tools Keep in mind that for Step 7 you will want to click “Fetch and Render” instead of just “Fetch”.

    • You have mixed content on your site. Some of your images are being served over HTTP and not HTTPS. Look at this plugin as it may fix the issue. I’ve used it before to fix the same problem. https://wordpress.org/plugins/ssl-insecure-content-fixer/

  • Thanks John Paul – I was struggling with images that were saved to my site prior to moving to https – then I renamed the whole wordpres site in the Settings > General to https – problem solved!

    Thanks for your tips and advice,

    Kacy

  • Hello, we recently installed an SSL certificate but don’t show a padlock.  When testing on whynopadlock.com it comes back with this error:

    Domain Name: www.dinarglobal.com
    URL Tested: https://www.dinarglobal.com
    Number of items downloaded on page: 0 

    *** NOTE ***: 0 items means no images were downloaded or existed on the page. It’s likely the URL you submitted was not a valid secure URL, or the page being tested only has text on it. Try copying and pasting the secure URL into a new browser window to make sure it displays as you’d expect.


    Valid Certificate found.

    Certificate valid through: Jan 1 23:59:59 2017 GMT
    Certificate Issuer: COMODO CA Limited 
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

     

     

    • It appears there is an error in the setup of your domain. When I try to visit the domain I get the following:
      “Firefox has detected that the server is redirecting the request for this address in a way that will never complete.”

      I see the domain is pointed to CloudFlare. You will need to check settings there and/or with your host to ensure any redirections you put in are correct.

    • Once it is green, it should be OK unless something changes. To find out what the specific issues are, there is a site called whynopadlock.com that will identify any errors on the page.

  • Hi man! Thanks for this incredible work! I have got the same problem on my website, I have been trying to get it running with https, but it does not seem to be working: casinativo.com
    Installed the SSL insecure content fixer, and it has worked from time to time, but eventually the green thing disappears. What’s your recommendation to have it always green? thanks a lot.

    Alejandro

  • I have juct installed ssl certifecate and the Lock is not showing on the prowser, what can I do to make it appear?

     

    thanks 

    • Hello Maala,

      You may have to change your URL to HTTPS, or enable HTTPS in your Dashboard. The setup will differ based on how you built your site. Are you using a CMS such as WordPress, Joomla, Drupal, etc?

      Thank you,
      John-Paul

  • I have an one issue realted to this…I have installed certification from hosting side…may be it is properly installed bt my websites all pages were not showing properly then I searched something from net and did some changes in .htaccess file then…all pages are working but there is not showing any secured green bar on url….can anybody solve this problem….thanks in advance…..

    • Try running the different pages through websites such as WhyNoPadlock.com. This will list each individual item.

  • I had a similar issue wth and image in my wordpress and what I did to fix it was to change the https://myexample.com form the wordpress dashboard to https://myexample.com after that i took the image and uploaded it to the server again and it worked.

  • I am not sure where the image is I have looked in all my image folder.

    I will still carryon searching.

    What about the second error message any help please?

    Valid Certificate found.

    Certificate valid through: Mar 4 23:59:59 2017 GMT
    Certificate Issuer: COMODO CA Limited 
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

    Total number of items: 114
    Number of insecure items: 2

    Insecure URL: https://************.com/wp-content/themes/Cartsy/images/texture/tts_texture1.png
    Found in: https://www.***********.com/

    Insecure URL: https://fonts.googleapis.com/css?family=Crimson+Text
    Found in: https://www.**********.com/wp-content/themes/Cartsy/style.css

     


    Secure calls made to other websites:

    maxcdn.*********.com is valid and secure.

    static.*******.com is valid and secure.

    assets.*********.com is valid and secure.

    • Those errors look like outgoing links for your Google fonts. Like the images, they are reaching content on https:// instead of https://, so they are not making a “secure” connection. This does not mean that the SSL is insecure. The browser is just warning visitors that there are insecure URLs. I recommend hosting fonts on your server and using CSS to connect with them. This way they will be behind https://.

  • Hello there,

    Please help me, I have recently bought a dedicated IP and SSL certificate for my website, when I check https://www.toksfashionboutique.com I don’t see the padlock sign, amazingly when working in wordpress dashboard the padlock is here, but when I visit my site it disappears again.

    I tested my url in www.whynopadlock.com, I got the error messages below, I have tried everything, also if I click on that link with the error message, it comes back with a blank page, I am totally confused. 

    Please help!

     

     

    Valid Certificate found.

    Certificate valid through: Mar 4 23:59:59 2017 GMT
    Certificate Issuer: COMODO CA Limited 
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

    Total number of items: 114
    Number of insecure items: 2

    Insecure URL: https://toksfashionboutique.com/wp-content/themes/Cartsy/images/texture/tts_texture1.png
    Found in: https://www.toksfashionboutique.com/

    Insecure URL: https://fonts.googleapis.com/css?family=Crimson+Text
    Found in: https://www.toksfashionboutique.com/wp-content/themes/Cartsy/style.css

     


    Secure calls made to other websites:

    maxcdn.bootstrapcdn.com is valid and secure.

    static.addtoany.com is valid and secure.

    assets.pinterest.com is valid and secure.

    • It looks like https://toksfashionboutique.com/wp-content/themes/Cartsy/images/texture/tts_texture1.png is identified as an insecure URL. I suggest trying to change the https:// to https:// wherever that image is linked.

  • Hello, we recently installed an SSL certificate but don’t show a padlock.  When testing on whynopadlock.com it comes back with this error:

    *** NOTE ***: 0 items means no images were downloaded or existed on the page. It’s likely the URL you submitted was not a valid secure URL, or the page being tested only has text on it. Try copying and pasting the secure URL into a new browser window to make sure it displays as you’d expect.

     



    Certificate valid through: Feb 22 08:38:58 2017 GMT
    Certificate Issuer: GeoTrust Inc.
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

     

    Domain Name: www.lifeinterwoven.org

     

    I am learning to install SSL certificate.

     

    Thank you for your support.

    Regards

     

    • Hello,

      Thanks for the question about the SSL issue you’re seeing. Basically, whenever a SSL certificate is being used to secure a website, ALL the items that are on the website are expected to be coming from your website. However, if certain elements use a DIFFERENT URL that are not covered by your certificate, then i t is considered non-secure because you have items from your site coming from a “foreign” source. When I went to your site, I can only see “under construction” screen. When I look at the page source using a tool like Chrome’s Inspect Element, I can find a few URLs being referenced that involve a different URL (I saw a .au URL for example). You would need to remove these references in order to get your SSL certificate to be considered “secure.” The 503 error is generally given for something that is trying to be accessed by temporarily down. So, it’s possible that you’re linked to a resource that is not responding. I hope that helps to explain why you’re seeing the error. You will need to examine you website code in order to fix that issue.

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

  • Hi Arnel, thanks for being so fast.  I am a newbie and not someone that is familiar with coding.  Can you tell me how and where to do that?  thank you!  Jeannette

    • Hello Jeannette,

      I’m sorry that you’re unfamiliar with the code for your website. When I take a quick look and do a search for “incapsula” on the front page I’m seeing it in two places and it’s referenced by a script. Since the script is not coming from a source that’s covered by your SSL certificate, it is being listed as insecure. You may need to remove a plugin, or change something in the theme to correct this. If you’re not familiar with it, then you may need to speak with a developer to get this done.

      I hope this helps to answer your question, please let us know if you require any further assistance.

      Regards,
      Arnel C.

  • Hello, we recently installed an SSL certificate but don’t show a padlock.  When testing on whynopadlock.com it comes back with this error:

    content.incapsula.com is an invalid URL/domain

    Our domain is bransoncedarsresort.com

    thank you

     

     

     

    • Hello Jeannette,

      When you look at the evaluation page from whynopadlock.com, it’s basically telling you why there is no padlock. It says, “Secure calls made to other websites: content.incapsula.com is an invalid URL/domain”. This means that somewhere on your website page, it’s making call to that URL – which is being declared as an invalid domain. Remove that call and then your padlock will show.

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

  • If you are using the popular Yoast SEO plug in be sure to check your cononical settings for each page.  That is, for each page scroll down to the Yoast SEO settings and click on Advanced.  The last item in this box is Cononical URL.  Set all Cononicals to https://www.example.com not https://www.example.com

  • DOMAIN: bayshorefuel.com, I’ve run my domain name at https://whynopadlock.com. It comes back with ==>

    Domain Name: www.bayshorefuel.com
    URL Tested: https://www.bayshorefuel.com/
    Number of items downloaded on page: 70


    SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
    ERROR: cannot verify www.bayshorefuel.com’s certificate, issued by ‘/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SSL CA’: Unable to locally verify the issuer’s authority.

     

     


    Certificate valid through: Jan 3 23:59:59 2015 GMT
    Certificate Issuer: COMODO CA Limited

    All 70 items called securely!

     

    QUESTION:

     

    When customers are looking up bayshorefuel.com using Android, smart phones, they are getting a warning message. One warning is “There are problems with the security certificate for the site” another is “Certificate not from a trusted authority”. We already submitted a ticket and the problem doesn’t seem to get fixed. It has to do with the SSL Certificate. 

    Any suggestions on what to do next will be appreciated.

    -Thanks

     

    • Hello Shamiso H,

      I have re-installed your SSL which as fixed the issue, I apologize for the trouble in the matter. It seemed that something with your cabundle was messed up.

      Kindest Regards,
      TJ Edens

  • Dear John-Paul, I am afraid that the script you mentioned <link rel=”pingback” href=”https://www.bayshorefuel.com/xmlrpc.php” />might not be the cause. There is something else going on. I have removed  <link rel=”pingback” href=”https://www.bayshorefuel.com/xmlrpc.php” />and I still don’t get a padlock .

    • Hello Shamiso,

      Thank you for contacting us. I noticed the padlock is breaking when the arrow pops up in your image slider, next to the middle picture.

      When I inspected the page in Chrome, I noticed another image is being called in insecurely:
      https://www.bayshorefuel.shamisohart.com/wp-content/themes/bayshore/featured_images/selected-item.gif

      This image is breaking the security of the page, and the padlock.

      Thank you,
      John-Paul

    • It is perfect. I had not realized that links to other sites and pictures had to *themselves* use https and relative paths, respectively.

  • Thank you so much for taking such immediate care, TJ Edens. I’ve run my domain bayshorefuel.com again at https://whynopadlock.com and a valid certificate was found. All went thorugh fine.

     

    But I am still not getting the lock to display in the browsers. I have looked at the website code to make sure absolute and relative URLs (adresses) don’t exist. Please can you help!

    Many Thanks for your support.

    • Hello Shamiso,

      Thank you for your question. When I initially load your site, the padlock comes up successfully, but after a few seconds the padlock disappears.

      When I viewed the source for your page, and searched for “https://” (without the quotation marks), I found the following result:

      &ltlink rel=”pingback” href=”https://www.bayshorefuel.com/xmlrpc.php” /&gt

      It looks like this xmlrpc.php script is being called in insecurely, after your site initially loads, causing the padlock to break.

      Thank you,
      John-Paul

  • Sorry. I told “no true”. 

    These are 2 websites as https://livesuperfoods.com/  ;   https://healthygoods.com/

    How to show an exclamation in the front of these websites (not “yellow triangle”).?

     

    • Hello Ho Phuong,

      The yellow triangle is the image that particular browser uses. For instance, FireFox displays the exclamation point while Chrome displays the yellow triangle.

      Kindest Regards,
      Scott M

  • https://livesuperfoods.com/ 

    https://healthygoods.com/

    I have 2 websites so how  to show error ssl that is same to “chrome-to-lock.jpg” of this post.?

    I am looking forward to hearing your new replying. Thanks!

    • Hello HoPhuong,

      As stated in the article, the cause for the lock not displaying is almost entirely due to having absolute links in your code. Simply checking the code for the links is what you will need to do. If you would like to have a list of everything that is wrong, you can enter your domain name at https://whynopadlock.com. This will give you a list of every error found. I tested one of your domains and it found over 60 image links that use absolute linking with https://.

      Kindest Regards,
      Scott M

Was this article helpful? Let us know!