Seeing "Not Secure" in the browser address bar is alarming to visitors. Here are the most common reasons and how to fix them.
Reason 1: SSL Certificate is Missing or Expired
-
Check: Click the "Not Secure" text. Does it say "Certificate is invalid" or "Missing"?
-
Fix: Run AutoSSL in cPanel (see Article 72). If it's expired, AutoSSL should automatically renew it. If not, install a new certificate.
Reason 2: Mixed Content (Most Common)
-
What is it? Your site loads via HTTPS, but some elements (images, scripts, CSS) are still being loaded via HTTP. Browsers block these "mixed" elements and show the warning.
-
How to find it: Right-click on your page > "Inspect" > Open the "Console" tab. You will see red errors like: "Mixed Content: The page at '...' was loaded over HTTPS, but requested an insecure image 'http://...'."
-
How to fix it:
-
WordPress: Install a plugin like "Really Simple SSL" or "SSL Insecure Content Fixer." These plugins automatically rewrite HTTP URLs to HTTPS.
-
Manual: Go through your site and change any hardcoded
http://links tohttps://or use relative paths (//).
-
Reason 3: You Are Not Forcing HTTPS
-
Fix: Implement a redirect from HTTP to HTTPS as described in Article 73. Sometimes visitors still type
http://manually.
Reason 4: Certificate Doesn't Cover Your Domain
-
If your SSL is for
www.yourdomain.combut you are visitingyourdomain.com(or vice versa), you might get a warning. Ensure your certificate covers both versions (most free Let's Encrypt certificates do).
