InMotion Hosting Support Center

Using an SSL certificate on your website is very important for security. It is used to create an encrypted connection to the server to protect data from prying eyes. Though it can be used across an entire site, it is most commonly used for portions of the site that use sensitive information, such as shopping cart checkout areas.

How do I know the SSL is working?

It is very important for your visitors to know when they are on a secure area of your site. When the SSL is active on the page you are viewing, they can tell by checking the address bar at the top of the browser. There should be a small padlock icon in the address bar area. The format can can vary among the different browsers. Below are a few examples of different sites with different browsers.

Chrome Security Lock FireFox Security Lock IE Security Lock

 

Why does my lock disappear?

It is a common reaction to blame the SSL or host for having the certificate installed improperly. This is usually not the case. The SSL lock will only appear or display properly if all items on the page are linking securely. If there is even one unsecure link on the page, the SSL will appear as broken. This means it may not display at all, or it may display differently. Again, this will vary depending on the browser you are using. Below are examples of the same browsers using a page that is partially insecure.

Chrome improper lock Firefox no lock visible IE no lock visible

 

Almost exclusively, the cause for this is the use of absolute links for images and text links within the page code instead of relative links. If even ONE link on the page is using the absolute format it will 'break' an otherwise secure page. Below are descriptions of absolute and relative addresss linking.

Absolute addresses

Absolute adddressing for images and links include the entire domain name and the prorocol, which is typically http://. For example, if you were linking image.jpg and your domain name was example.com, the link would be code as <img src="http://example.com/image.jpg">

Relative addresses

Relative addresses differ from absolute in that they include neither the protocol nor the domain name. Using the same image.jpg file as before, the link code to that file in would simply be <img src="/support/image.jpg">.

It's a coding issue? How do I correct it?

The solution is 'relatively' easy, pun intended. You will need to go through the code for your site and change all absolute links to relative ones. With hand-code sites this can be a simple, but tedious process. If your site is coded with a Content Managemetn System such as WordPresss or Drupal, they should already follow this rule on the core level, so you will want to check any links that have been included in the content addition areas such as the editors within the program where you create pages and posts. Once you or your developer has completed this process, you should be able to refresh your site and the lock should display in the correct format.

Support Center Login

Social Media Login

   
Social Login Joomla

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-08-06 5:48 am

http://livesuperfoods.com/ 

http://healthygoods.com/

I have 2 websites so how  to show error ssl that is same to "chrome-to-lock.jpg" of this post.?

I am looking forward to hearing your new replying. Thanks!

Staff
40,710 Points
2014-08-06 8:49 am
Hello HoPhuong,

As stated in the article, the cause for the lock not displaying is almost entirely due to having absolute links in your code. Simply checking the code for the links is what you will need to do. If you would like to have a list of everything that is wrong, you can enter your domain name at http://whynopadlock.com. This will give you a list of every error found. I tested one of your domains and it found over 60 image links that use absolute linking with http://.

Kindest Regards,
Scott M
n/a Points
2014-08-07 6:36 am

Sorry. I told "no true". 

These are 2 websites as http://livesuperfoods.com/  ;   http://healthygoods.com/

How to show an exclamation in the front of these websites (not "yellow triangle").?

 

Staff
40,710 Points
2014-08-07 9:20 am
Hello Ho Phuong,

The yellow triangle is the image that particular browser uses. For instance, FireFox displays the exclamation point while Chrome displays the yellow triangle.

Kindest Regards,
Scott M
n/a Points
2014-12-05 11:35 am

DOMAIN: bayshorefuel.com, I've run my domain name at http://whynopadlock.com. It comes back with ==>

Domain Name: www.bayshorefuel.comURL Tested: https://www.bayshorefuel.com/Number of items downloaded on page: 70

SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:ERROR: cannot verify www.bayshorefuel.com's certificate, issued by '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SSL CA': Unable to locally verify the issuer's authority.

 

 

Certificate valid through: Jan 3 23:59:59 2015 GMTCertificate Issuer: COMODO CA Limited All 70 items called securely!

 

QUESTION:

 

When customers are looking up bayshorefuel.com using Android, smart phones, they are getting a warning message. One warning is "There are problems with the security certificate for the site" another is "Certificate not from a trusted authority". We already submitted a ticket and the problem doesn't seem to get fixed. It has to do with the SSL Certificate. 

Any suggestions on what to do next will be appreciated.

-Thanks

 

Staff
10,077 Points
2014-12-05 1:14 pm
Hello Shamiso H,

I have re-installed your SSL which as fixed the issue, I apologize for the trouble in the matter. It seemed that something with your cabundle was messed up.

Kindest Regards,
TJ Edens
n/a Points
2014-12-05 1:42 pm

Thank you so much for taking such immediate care, TJ Edens. I've run my domain bayshorefuel.com again at http://whynopadlock.com and a valid certificate was found. All went thorugh fine.

 

But I am still not getting the lock to display in the browsers. I have looked at the website code to make sure absolute and relative URLs (adresses) don't exist. Please can you help!

Many Thanks for your support.

Staff
26,031 Points
2014-12-05 2:45 pm
Hello Shamiso,

Thank you for your question. When I initially load your site, the padlock comes up successfully, but after a few seconds the padlock disappears.

When I viewed the source for your page, and searched for "http://" (without the quotation marks), I found the following result:
<link rel="pingback" href="http://www.bayshorefuel.com/xmlrpc.php" />


It looks like this xmlrpc.php script is being called in insecurely, after your site initially loads, causing the padlock to break.

Thank you,
John-Paul
n/a Points
2014-12-05 3:31 pm

Dear John-Paul, I am afraid that the script you mentioned <link rel="pingback" href="http://www.bayshorefuel.com/xmlrpc.php" />might not be the cause. There is something else going on. I have removed  <link rel="pingback" href="http://www.bayshorefuel.com/xmlrpc.php" />and I still don't get a padlock .

Staff
26,031 Points
2014-12-05 4:10 pm
Hello Shamiso,

Thank you for contacting us. I noticed the padlock is breaking when the arrow pops up in your image slider, next to the middle picture.

When I inspected the page in Chrome, I noticed another image is being called in insecurely:
http://www.bayshorefuel.shamisohart.com/wp-content/themes/bayshore/featured_images/selected-item.gif

This image is breaking the security of the page, and the padlock.

Thank you,
John-Paul
n/a Points
2015-01-25 5:30 pm
It is perfect. I had not realized that links to other sites and pictures had to *themselves* use https and relative paths, respectively.
n/a Points
2015-10-13 12:16 am

If you are using the popular Yoast SEO plug in be sure to check your cononical settings for each page.  That is, for each page scroll down to the Yoast SEO settings and click on Advanced.  The last item in this box is Cononical URL.  Set all Cononicals to https://www.example.com not http://www.example.com

n/a Points
2016-01-13 3:25 pm

Hello, we recently installed an SSL certificate but don't show a padlock.  When testing on whynopadlock.com it comes back with this error:

content.incapsula.com is an invalid URL/domain

Our domain is bransoncedarsresort.com

thank you

 

 

 

Staff
35,728 Points
2016-01-13 3:34 pm
Hello Jeannette,

When you look at the evaluation page from whynopadlock.com, it's basically telling you why there is no padlock. It says, "Secure calls made to other websites: content.incapsula.com is an invalid URL/domain". This means that somewhere on your website page, it's making call to that URL - which is being declared as an invalid domain. Remove that call and then your padlock will show.

If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2016-01-13 3:39 pm

Hi Arnel, thanks for being so fast.  I am a newbie and not someone that is familiar with coding.  Can you tell me how and where to do that?  thank you!  Jeannette

Staff
35,728 Points
2016-01-13 4:12 pm
Hello Jeannette,

I'm sorry that you're unfamiliar with the code for your website. When I take a quick look and do a search for "incapsula" on the front page I'm seeing it in two places and it's referenced by a script. Since the script is not coming from a source that's covered by your SSL certificate, it is being listed as insecure. You may need to remove a plugin, or change something in the theme to correct this. If you're not familiar with it, then you may need to speak with a developer to get this done.

I hope this helps to answer your question, please let us know if you require any further assistance.

Regards,
Arnel C.
n/a Points
2016-01-13 4:18 pm

Hi Arnel, I appreciate your help.  thanks, Jeannette

Staff
35,728 Points
2016-01-13 5:13 pm
Hello Jeannette,

No problem. If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2016-02-22 5:40 am

Hello, we recently installed an SSL certificate but don't show a padlock.  When testing on whynopadlock.com it comes back with this error:

*** NOTE ***: 0 items means no images were downloaded or existed on the page. It's likely the URL you submitted was not a valid secure URL, or the page being tested only has text on it. Try copying and pasting the secure URL into a new browser window to make sure it displays as you'd expect.

 

Website returned an error (Possibly 404 not found or other webserver error). Details:HTTP/1.0 503 Service Unavailable

Certificate valid through: Feb 22 08:38:58 2017 GMTCertificate Issuer: GeoTrust Inc. SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

 

Domain Name: www.lifeinterwoven.org

 

I am learning to install SSL certificate.

 

Thank you for your support.

Regards

 

Staff
35,728 Points
2016-02-22 9:17 am
Hello,

Thanks for the question about the SSL issue you're seeing. Basically, whenever a SSL certificate is being used to secure a website, ALL the items that are on the website are expected to be coming from your website. However, if certain elements use a DIFFERENT URL that are not covered by your certificate, then i t is considered non-secure because you have items from your site coming from a "foreign" source. When I went to your site, I can only see "under construction" screen. When I look at the page source using a tool like Chrome's Inspect Element, I can find a few URLs being referenced that involve a different URL (I saw a .au URL for example). You would need to remove these references in order to get your SSL certificate to be considered "secure." The 503 error is generally given for something that is trying to be accessed by temporarily down. So, it's possible that you're linked to a resource that is not responding. I hope that helps to explain why you're seeing the error. You will need to examine you website code in order to fix that issue.

If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2016-02-22 10:04 pm

Hi Arnel,

 

Thank you very much for your knowledge. I appreciate your help.

Regards

Sue

n/a Points
2016-03-08 11:41 pm

Thanks for all of this information. 

n/a Points
2016-03-15 5:00 am

Hello there,

Please help me, I have recently bought a dedicated IP and SSL certificate for my website, when I check https://www.toksfashionboutique.com I don't see the padlock sign, amazingly when working in wordpress dashboard the padlock is here, but when I visit my site it disappears again.

I tested my url in www.whynopadlock.com, I got the error messages below, I have tried everything, also if I click on that link with the error message, it comes back with a blank page, I am totally confused. 

Please help!

 

 

Valid Certificate found. Certificate valid through: Mar 4 23:59:59 2017 GMTCertificate Issuer: COMODO CA Limited SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2 Total number of items: 114Number of insecure items: 2

Insecure URL: http://toksfashionboutique.com/wp-content/themes/Cartsy/images/texture/tts_texture1.pngFound in: https://www.toksfashionboutique.com/

Insecure URL: http://fonts.googleapis.com/css?family=Crimson+TextFound in: https://www.toksfashionboutique.com/wp-content/themes/Cartsy/style.css

 

Secure calls made to other websites:

maxcdn.bootstrapcdn.com is valid and secure.

static.addtoany.com is valid and secure.

assets.pinterest.com is valid and secure.

Staff
6,421 Points
2016-03-15 10:11 am
It looks like http://toksfashionboutique.com/wp-content/themes/Cartsy/images/texture/tts_texture1.png is identified as an insecure URL. I suggest trying to change the http:// to https:// wherever that image is linked.
n/a Points
2016-03-15 2:48 pm

I am not sure where the image is I have looked in all my image folder.

I will still carryon searching.

What about the second error message any help please?

Valid Certificate found. Certificate valid through: Mar 4 23:59:59 2017 GMTCertificate Issuer: COMODO CA Limited SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2 Total number of items: 114Number of insecure items: 2

Insecure URL: http://************.com/wp-content/themes/Cartsy/images/texture/tts_texture1.pngFound in: https://www.***********.com/

Insecure URL: http://fonts.googleapis.com/css?family=Crimson+TextFound in: https://www.**********.com/wp-content/themes/Cartsy/style.css

 

Secure calls made to other websites:

maxcdn.*********.com is valid and secure.

static.*******.com is valid and secure.

assets.*********.com is valid and secure.

Staff
6,421 Points
2016-03-15 3:16 pm
Those errors look like outgoing links for your Google fonts. Like the images, they are reaching content on http:// instead of https://, so they are not making a "secure" connection. This does not mean that the SSL is insecure. The browser is just warning visitors that there are insecure URLs. I recommend hosting fonts on your server and using CSS to connect with them. This way they will be behind https://.
n/a Points
2016-03-17 12:54 pm

I had a similar issue wth and image in my wordpress and what I did to fix it was to change the http://myexample.com form the wordpress dashboard to https://myexample.com after that i took the image and uploaded it to the server again and it worked.

n/a Points
2016-05-21 3:31 am

I have an one issue realted to this...I have installed certification from hosting side...may be it is properly installed bt my websites all pages were not showing properly then I searched something from net and did some changes in .htaccess file then...all pages are working but there is not showing any secured green bar on url....can anybody solve this problem....thanks in advance.....

Staff
40,710 Points
2016-05-23 11:51 am
Try running the different pages through websites such as WhyNoPadlock.com. This will list each individual item.
n/a Points
2016-06-05 9:22 am

I have juct installed ssl certifecate and the Lock is not showing on the prowser, what can I do to make it appear?

 

thanks 

Staff
26,031 Points
2016-06-06 12:01 pm
Hello Maala,

You may have to change your URL to HTTPS, or enable HTTPS in your Dashboard. The setup will differ based on how you built your site. Are you using a CMS such as WordPress, Joomla, Drupal, etc?

Thank you,
John-Paul
n/a Points
2016-07-16 11:32 am

Hi man! Thanks for this incredible work! I have got the same problem on my website, I have been trying to get it running with https, but it does not seem to be working: casinativo.comInstalled the SSL insecure content fixer, and it has worked from time to time, but eventually the green thing disappears. What's your recommendation to have it always green? thanks a lot.Alejandro

Staff
40,710 Points
2016-07-18 2:59 pm
Once it is green, it should be OK unless something changes. To find out what the specific issues are, there is a site called whynopadlock.com that will identify any errors on the page.
n/a Points
2016-07-18 12:08 am

Hello, we recently installed an SSL certificate but don't show a padlock.  When testing on whynopadlock.com it comes back with this error:

Domain Name: www.dinarglobal.comURL Tested: https://www.dinarglobal.comNumber of items downloaded on page: 0 *** NOTE ***: 0 items means no images were downloaded or existed on the page. It's likely the URL you submitted was not a valid secure URL, or the page being tested only has text on it. Try copying and pasting the secure URL into a new browser window to make sure it displays as you'd expect.

Valid Certificate found.

Certificate valid through: Jan 1 23:59:59 2017 GMTCertificate Issuer: COMODO CA Limited SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

 

 

Staff
40,710 Points
2016-07-18 2:54 pm
It appears there is an error in the setup of your domain. When I try to visit the domain I get the following:
"Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

I see the domain is pointed to CloudFlare. You will need to check settings there and/or with your host to ensure any redirections you put in are correct.
n/a Points
2016-08-05 3:59 am

Thanks John Paul - I was struggling with images that were saved to my site prior to moving to https - then I renamed the whole wordpres site in the Settings > General to https - problem solved!

Thanks for your tips and advice,

Kacy

n/a Points
2016-09-30 1:13 pm
Staff
11,901 Points
2016-09-30 1:17 pm
You have mixed content on your site. Some of your images are being served over HTTP and not HTTPS. Look at this plugin as it may fix the issue. I've used it before to fix the same problem. https://wordpress.org/plugins/ssl-insecure-content-fixer/
n/a Points
2016-10-11 1:58 pm

Thanks Tim - the plugin you suggested WORKED!  Thanks again - Jeannette

n/a Points
2016-10-12 12:45 pm

Sir, I'm having an issue with SSL. My blog serving with SSL but https not showing in google search links. Please can you tell why this issue? Here is my blog https://www.usefulblogging.com/ .

Staff
545 Points
2016-10-12 12:58 pm
I recommend requesting that Google re-crawl, and re-render your site. You can follow our instructions on this process using Google's Webmaster Tools at http://www.inmotionhosting.com/support/website/google-tools/using-fetch-as-googlebot-in-webmaster-tools Keep in mind that for Step 7 you will want to click "Fetch and Render" instead of just "Fetch".
n/a Points
2016-10-16 8:07 am

every time i search up my site it  show up with no https what do i do 

Staff
11,901 Points
2016-10-17 6:54 am
You need to make sure you are forcing HTTPS and that way when Google crawls it, they know your site is using HTTPS. http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
n/a Points
2016-11-18 10:17 am

Aren't all my pages supposed to show the padlock? Only my home page shows it in Safari but not Chrome. Do I need to wait for Google to recrawl my website for all pages to show with a padlock. I don't get any errors on any pages when I use the "whynopadlock" site checker. Thanks in advance!

Staff
545 Points
2016-11-18 10:59 am
You will need to make sure that all of the links within your site use the https format.
n/a Points
2016-11-18 2:01 pm

How would I check those links? Thanks!

Staff
545 Points
2016-11-18 2:03 pm
Paul, they should show when you hover over them. You should be able to look at the status bar when hovering. Also, you could view the source code of the page. What is your site?
n/a Points
2016-11-18 2:12 pm

My website is https://www.eslteachingonline.com/

The main page above is secure with the padlock, but if you click on any other pages, they show https but NOT the padlock.

Thanks I appreciate your help on this!

 

 

Staff
545 Points
2016-11-18 2:19 pm
Paul, the reason your sub-sites don't show the padlock is because the sub-pages "The site includes HTTP resources." This is due to having mixed non-HTTPS content on an HTTPS page. As this issue has to do with the coding of your site or sites, it is outside of the scope of support that we are able to provide. You will want to work with an experienced web developer, if you don't have one already, to assist you in resolving this issue.
n/a Points
2016-11-18 2:27 pm

I ran the site through https://www.whynopadlock.com/check.php and I got 1 error. Could this cause my entire site NOT to padlock?

See below:

Total number of items: 60Number of insecure items: 1

Insecure URL: http://www.streetadvisor.com/content/shared/images/bg-texture-red.pngFound in: https://www.eslteachingonline.com/wp-content/cache/minify/0f031.css

 

 

Staff
545 Points
2016-11-18 2:29 pm
Paul, yes. This image appears to be the issue.
n/a Points
2016-11-18 2:31 pm

Problem is I can't find the image.. 

 

Staff
545 Points
2016-11-18 2:33 pm
The URL appears to be from streetadvisor.com There may be a plugin, or 3rd party code that includes the image.
n/a Points
2016-11-18 2:35 pm

That makes sense because the image is not in my media folder.

n/a Points
2016-11-18 2:39 pm

I found the plugin. I'll disable it and see what happens. https://en-ca.wordpress.org/plugins/tags/streetadvisor

 

 

Staff
545 Points
2016-11-18 2:41 pm
Paul, that's great that you found it! I hope this fixes the issue!
n/a Points
2016-11-18 2:45 pm

I disabled and deleted the plugin, but I run a whynopadlock.com and still get the same error for the same image. Weird!

Staff
545 Points
2016-11-18 2:48 pm
It looks like the image is mentioned in https://www.eslteachingonline.com/wp-content/cache/minify/0f031.css This URL also indicates that this is cached data. I would clear your WordPress cache, and try again.
n/a Points
2016-11-18 2:55 pm

I cleared Wordpress cache and that image is gone now, and whynopadlock shows all 59 items secure. However, I still only get my home page locked. All other pages are https (without the padlock). This is strange.

Staff
545 Points
2016-11-18 2:57 pm
When I go to https://www.eslteachingonline.com/category/jobs-korea/ I still see the image http://www.eslteachingonline.com/wp-content/uploads/2015/05/Screen-Shot-2015-06-07-at-2.56.34-PM.png as loading via non-HTTPS.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

64 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!