Some links on this page are affiliate links. See full disclosure in the page footer.

Why Your Website Still Says Not Secure After Installing SSL

Web Hosting Help graphic from Tech Help Canada showing HelperX Bot with icons for domains, hosting, email, SSL, and WordPress

Installing SSL is a major step, but it does not always finish the job. Your website can still show “Not Secure” if the certificate is not active for the right domain, the site is still loading over HTTP, or the page includes insecure resources.

Start by checking the exact page and exact domain version that shows the warning.

The Site Is Still Loading Over HTTP

If the address starts with http://, the visitor is not using the secure version of the site.

Try opening the same page with https://. If that works, the site may need a redirect from HTTP to HTTPS. Without a redirect, some visitors may land on the unsecured version through old bookmarks, old search results, links, or typed addresses.

The HTTPS version should become the normal version of the website.

The Certificate Is Installed for a Different Domain

The certificate must match the hostname in the browser.

Check these separately:

  • yourbusiness.ca
  • www.yourbusiness.ca
  • Any subdomain, such as shop.yourbusiness.ca

If the certificate covers only one version, the other version may still show a warning. This can happen after a site launch, migration, domain change, or subdomain setup.

The Certificate Is Not Fully Active Yet

Some SSL setups require domain validation, installation, and server configuration before the certificate works. If one step is pending, the site may still warn visitors.

Check whether:

  • The certificate was issued
  • The certificate was installed
  • The domain points to the hosting plan where the certificate is installed
  • The certificate has renewed successfully
  • The certificate covers the domain visitors are using

Buying SSL, validating SSL, and installing SSL may be separate steps depending on the setup.

The Page Has Mixed Content

Mixed content means the page itself loads over HTTPS but some files on the page still load over HTTP.

Common examples include:

  • Images inserted years ago with http:// URLs
  • Stylesheets from an old theme
  • Scripts from a plugin
  • Fonts loaded from an insecure URL
  • Embedded videos, maps, or widgets
  • Page builder assets
  • Hard-coded links in theme files

Browsers may block some of these resources. That can make the site look broken or keep security warnings visible.

In WordPress, mixed content often appears after SSL is installed because older content still contains HTTP links.

WordPress URLs Still Use HTTP

WordPress has site URL settings that tell it what address to use.

If the WordPress Address or Site Address still starts with http://, WordPress may keep generating old links. Changing these settings without a backup can cause login or redirect problems, so check carefully before editing.

If you are unsure, take a backup first and confirm that SSL works at the HTTPS version of the site.

Cache Is Showing an Older Version

After SSL changes, cache can make troubleshooting confusing.

Check:

  • Browser cache
  • WordPress caching plugins
  • Hosting cache
  • CDN cache
  • Page builder cache
  • Optimization plugins

Test in a private window and on another device. If the warning disappears after cache is cleared, test the main pages again to make sure the fix holds.

The Redirect Points to the Wrong Place

Redirects can create warnings when they send visitors through an unsecured or mismatched URL.

For example:

  • HTTP redirects to the wrong domain
  • Non-www redirects to www, but the certificate does not cover www
  • A plugin creates a redirect loop
  • An old redirect sends visitors to an outdated page

Redirects should move visitors directly to the preferred HTTPS version.

What to Check in Order

Use this order to narrow the issue:

  1. Open the exact page that shows the warning.
  2. Confirm whether it is http:// or https://.
  3. Check both www and non-www.
  4. View the certificate details in the browser.
  5. Check whether the certificate is expired or mismatched.
  6. Look for mixed content warnings.
  7. Check WordPress URL settings if the site uses WordPress.
  8. Clear cache and retest.
  9. Review redirects if HTTP still appears.

Change one thing at a time. If you adjust SSL, WordPress URLs, redirects, and cache all at once, it becomes harder to know which fix worked.

When Managed SSL Helps

SSL problems can involve your domain, hosting, certificate, redirects, WordPress settings, and cached files. If you do not want to manage those moving parts yourself, a managed SSL option can be useful.

If your site needs help getting SSL installed and maintained, you can explore Managed SSL Service through Tech Help Canada Hosting.

HelperX Bot

Not sure what to read next?

I can suggest related Tech Help Canada articles based on the topic you’re reading now.

 

Want a heads-up once a week whenever a new article drops?

Subscribe here

Tweet
Share
Share
Pin
WhatsApp
Reddit
Email

Leave a Comment

Table of Contents

Open Table of Contents
Tweet
Share
Share
Pin
WhatsApp
Reddit
Email