My SSL Lock is Not Displaying

Using an SSL certificate on your website is very important for security. It is used to create an encrypted connection to the server to protect data from prying eyes. Though it can be used across an entire site, it is most commonly used for portions of the site that use sensitive information, such as shopping cart checkout areas.

How do I know the SSL is working?

It is very important for your visitors to know when they are on a secure area of your site. When the SSL is active on the page you are viewing, they can tell by checking the address bar at the top of the browser. There should be a small lock icon in the address bar area. The format can can vary among the different browsers. Below are a few examples of different sites with different browsers. Chrome Security Lock FireFox Security Lock IE Security Lock

Why does my lock disappear?

It is a common reaction to blame the SSL or host for having the certificate installed improperly. This is usually not the case. The SSL lock will only appear or display properly if all items on the page are linking securely. If there is even one insecure link on the page, the SSL will appear as broken. This means it may not display at all, or it may display differently. Again, this will vary depending on the browser you are using. Below are examples of the same browsers using a page that is partially insecure. Chrome improper lock Firefox no lock visible IE no lock visible Almost exclusively, the cause for this is the use of absolute links for images and text links within the page code instead of relative links. If even ONE link on the page is using the absolute format it will ‘break’ an otherwise secure page. Below are descriptions of absolute and relative address linking.

Absolute Addresses

Absolute addressing for images and links include the entire domain name and the protocol, which is typically https://. For example, if you were linking image.jpg and your domain name was example.com, the link would be code as <img src=”https://example.com/image.jpg” />

Relative addresses

Relative addresses differ from absolute in that they include neither the protocol nor the domain name. Using the same image.jpg file as before, the link code to that file in would simply be <img src=”image.jpg” />.

It’s a coding issue? How do I correct it?

The solution is ‘relatively’ easy, pun intended. You will need to go through the code for your site and change all absolute links to relative ones. With hand-code sites this can be a simple, but tedious process. If your site is coded with a Content Management System such as WordPress or Drupal, they should already follow this rule on the core level, so you will want to check any links that have been included in the content addition areas such as the editors within the program where you create pages and posts. Once you or your developer has completed this process, you should be able to refresh your site and the lock should display in the correct format.

Thoughts on “My SSL Lock is Not Displaying

  • Install and Manage SSL for your site (HTTPS) this line can not show my hosting how can fix it

    and its my domain plz check it….

    • According to the report I ran from a third party tool here, you’re SSL certificate appears to have expired. The report will also display any errors that may cause your website to not show a green padlock in the browser’s address bar. If you are a customer of InMotion Hosting, please feel free to contact our Support for a review of your SSL and the report.

  • My http will not redirect to https my website. I have logged into my cpanel and set up the redirects . What else could possiby be the issue ?

  • There is a very simple solution that is overlooked here. If your website is not forcing https connection, then may show up in web browsers as an unsecure connection.

  • Just recently bought a domain and bought a ssl certificate for it. Installed it with the intermediate ca. Checked on the Geotrust crypto checker site to see if it was installed correctly and it said it did, but when I go to the site it says Not Secure. I haven’t built the site yet so it doesn’t have much on it but Index stuff. Was wondering if you can see why it’s not secure. Website is http://www.example.com.&nbsp;  Thanks.

  • Hi, Thank you for your kind help. I went through every pages and try every solution and it was not working and it was a troublesome. However, I removed some of the links from sharing buttons that I’d created and it is well working now. All pages of my sites shows secure and greed signal padlock. The problem has been fixed for now.

    Once again, Thank you for your great help.

    Regards

  • Hi, Thank you very much for your prompt response to my email. I did and I could not see there is one I mean not in my knoledge. I am using Really simple ssl plugin. It did everything converting my http to https. Only the sub-menu items and mens at the footer shows https://example.com/sub-menu items but not the as it secure sign in them as well as no padlock. I checked and show some of the pages have links with http://example.com linking within pages. I changed them to https instread http, still couldn’t fix.

    Once again, thank your for your response

    regards

    • Sorry for the problem with your site not always showing the padlock. If you use your browser to “View Source” you can see the code behind your pages. To “View Source”, right click on your page and then look for the View Source option. You may need to right-click on certain parts of the page if you don’t see the option immediately. When you see the page code, run a search for “http:” If you see it being used in any active link, then that is most likely the reason you’re not seeing the padlock. You will need to find the code in your site and make sure that the HTTP is not showing. That would be the only reason that you’re not seeing the padlock in the browser. There are parts of it referencing insecure links.

  • Hi, I wonder if you can help me. My site: greathimalayanguides.com and another site both are hosted baby plan and I recently upgrated to https. since I switched from http to https, some of my pages are with secure notice with padlock and many pages are https but does not shows secure information and padlock. Could you please help me why is it like this? The home pages and some other pages are with secure notifications and other pages such as linking with main pages and post pages are not secure.

    Once again thank you for you guidance in this isue. 

    Regards.

    • Have you checked for any “hard” links to pages or images in your site? Any URL that does not use “https” will make the site “insecure”.

    • I tested your site with the free whynopadlock.com site, and it advised the following on regarding your SSL:
      You currently have TLSv1 enabled.
      This version of TLS is being phased out. This warning won’t break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

      I recommend re-issuing your SSL using TLS v1.2, which should correct your issues.

      All of the SSL’s we issue meet this requirement, including our Free SSL.

      Thank you,
      John-Paul

  • hi i have an issue with redirection with 301 and 302,i have installed ssl and in my htaccess file i have redirected to 301,whe i remove the 301 redirection the padlock disappears.and as far i know redirection is not a good idea for SEO purpose so is there any other way without redirection.plz its a urgent issue so let me kow and thanks in advance

    • Depending on the software you used to build the site, you should be able to configure the domain to use https, rather than use a redirect. If you’re using WordPress, you can follow this guide here to change the site to use https. Otherwise, let us know what software you’re using to build the site, we may be able to find a guide to assist you further.

  • My issue is specific to Safari on Macs & IOS.  I have a EV cert on https://parkerny.com. The cert displays the green EV security on IE and Chrome.  When I use Safari the URL shows as green but then switches back to black letters, half was through the page load.  The URL still shows as https but it is not green which shows the EV cert.

    I ran the site through the whynopadlock.com site and everything passes.

    • Hello,

      Sorry for the issue with your site not showing the link in green in Safari. I looked it up and found that one part of your certificate is generating a concern that doesn’t pass Safari’s requirements for security. You can look at the report here: https://www.ssllabs.com/ssltest/analyze.html?d=parkerny.com.

      The GeoTrust Primary Certification Authority is encrypted in SHA1 and is considered insecure. You can contact your SSL provider and request that they update it in order to fix the issue.

      If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

    • Hello Winmeen Jobs,

      Sorry for the problem with the website not appearing to be secure. The problem has to do with a reference that you’re making in your website to the following:

      Insecure URL: http://www.blogadda.com/images/blogadda.png
      Found in: https://www.winmeen.com/

      I typically use “whynopadlock.com” to run the check – it finds the cause for the padlock not to show and provides the information about it. If you remove that link from your site, then your site will be secure. If you can’t remove it, then that particular site needs to have a “https” link that you can use to connect to it. OR, you can simply replace the image with one saved on your site – that would be easiest.

      I hope that helps to answer your question! If you require further assistance, please let us know!

      Regards,
      Arnel C.

  • Hi Chris, thank you in advance, I’ve already modify the re- direction in CPanel (wich I believe modifies the .htaccess file) but sometimes the site is showed in https: and other times doesn’t. Is there any waiting time till the .htaccess rule applies on ?

  • I’ve the same issue, I’ve already purchased a new Ip Address and a valid certificate form you guys, I’ve checked my website in https://www.whynopadlock.com/check.php, the result is valid and secure.

    I see the valid SSL certificate when I acces directly to https:// but when I do it via http://www.kitsune.mx doesn’t work. What can be wrong?, in my code all the images, fonts and other sites are through https://

    Regards, 

    • When I inspect your site in Google Chrome, the “Console” tab states the following:
      “Mixed Content: The page at ‘https://www.******ilife.com/’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘http://www.******ilife.com/search’. This endpoint should be made available over a secure connection.
      (I blanked our your URL for security purposes)

      Thank you,
      John-Paul

  • Oh I’m sorry, I meant I don’t know which one to choose. As in, the secure URL provided by my webhost is very different than the site’s unsecure (original) URL. So I don’t know how to properly do the Search and Replace. (Attempts to change only the http to https haven’t worked thus far. Attempts to change http://domain.com to https://secureserver.domain.com also haven’t worked). I’m wondering what I’m doing wrong.

    • If you are using a CMS (such as WordPress, Joomla, etc.) you should make the change in the dashboard. Then clear your browser cache, or test on another browser. Also, check any caching settings that you may have in the CMS. You can also try using a plugin or extension to make the change, or find/replace.

      You could also try just doing a search of the database (without the replace statement) to see if there are any results.

      Thank you,
      John-Paul

  • Thanks so much for all the great work. Question: After installing my SSL certificate, I’m provided with a new URL containing the https plus the secureserver bit in front of my domain name (eg. https://secureserver.domain.com)  When I do a search and replace in my database to change absolute links to relative, do I include that server bit in the ‘replace’ URL? (Meaning, is it Search for: http://www.domain.com, Replace with: https://www.domain.com OR is it Search for: http://www.domain.com, Replace with: https://www.secureserver.domain.com)?

    • It is up to you, since it depends how you want your website to show in the browser. For example, you must choose what you want people to enter to visit your site.

      Thank you,
      John-Paul

    • Since it seems you are using WordPress ensure you have enabled the SSL successfully. Since many of your pages are serving images insecurely, you may need to update the URL’s to reflect the new address. This is covered in our guide on Correcting image links after a WordPress migration.

      Since calls to google are often caused by Google fonts, check your theme for additional SSL setup steps. Since it mentions mail.google.com check any contact forms, or formmail settings to ensure they are SSL (HTTPS) compatible.

      Thank you,
      John-Paul

  • I’m working on trying to get the SSL working correctly … got the ssl certificate installed but am not get the “secured” padlock … when i tested the website (theinteractivegift.com ) I get this error:

    mail.google.com returned an error (Possibly 404 not found or other webserver error. Details: … didn’t even know that it was checking or going to google … I’m at a loss how to find/fix?   Any help would be greatly appreciated as I’m a realtive newbie …  Thanks.

    • It seems like your site may be accessing something from mail.google.com insecurely. I recommend checking your site code for any calls to that url.

      Thank you,
      John-Paul

    • You will need to make sure that you have a valid SSL keyed and installed on your domain. The errors listed do not indicate that the installation went through correctly. If you have an account with us, I advise contacting Live Support so they can review your account and check if the SSL was installed correctly.

  • Does it matter if the website developer is using a http: for their credit but don’t have a secure site to change it to https?

  • Thank you for the reply, Scott! My SSL is a free one from StartCom (3 years), don´t know what happened, but started working next day and is OK from then on.

    • It depends on the specific SSL you purchase. For example, you could pay more for an SSL that covers the subdomains. Since we do not currently offer EV SSL’s, I cannot provide a specific price.

      Thank you,
      John-Paul

  • Hi Scott, No, I am not having the issue any more.  I had the ssl installed, but was still seeing the “old” way of getting to the site. I found a site somewhere that helped me. It seems that I needed to edit my .htaccess file (you need ftp to see it) and add a few lines of code in order to tell all incoming requests that from now on, any http requests or port 80, are now https.  That fixed it. This is the code that I edited with my site name, and pasted into the .htaccess file.

    “RewriteEngine On

    Options +FollowSymLinks

    RewriteEngine on

    RewriteCond %{HTTP_HOST} ^yoursite.com [NC]

    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L]

    RewriteEngine On

    RewriteCond %{SERVER_PORT} 80

    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]”

    just replace yoursite.com with your real website name

  • I have a little different issue than the others previously posted, I have several websites that I control, the first one that I am dealing with so far is a single page site. I checked whynopadlock.com, and got all green check marks that all links were good. All links are relative or are in fact https and working properly.

    expediterelectricllc.com  I can and do access it using https, and that works, but when i type it in the browser as I just did, It is not causing a secure connection. i.e. no green https in the corner, but instead the “i” that shows for more information.  The only time it shows as a secure link is if I directly use the https:// prefix to the site name.

     

    Thank you

     

    • I notice the SSL issuer is StartCom. Is this the free SSL? If so, I believe that they are not being recognized any longer. I am unsure if anything other than the free SSL will be distrusted, but the articles I found about it state that Google, Apple, and Mozilla all will have their browsers reject them as of January 2017.

    • When visiting the site without prefixing it with https:// I am getting redirected to the https version. This displays the green lock for me. Are you still having an issue?

  • Already uninstalled and installed the certificate again, any idea? 

    Domain Name: www.guiaprev.com.br
    URL Tested: https://www.guiaprev.com.br
    Number of items downloaded on page: 69


    SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
    ERROR: no certificate subject alternative name matches

     

     


    Certificate valid through: Feb 7 23:49:13 2020 GMT
    Certificate Issuer: StartCom Ltd. 
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

    All 69 items called securely!

     


    Secure calls made to other websites:

    fonts.googleapis.com is valid and secure.

    fonts.gstatic.com is valid and secure.

  • to @Ho Phuong…

    I’d got grey locked too when try to change any http:// into https:// at my blogger template.

    ..and then it’s come to be green locked after I change all url link and images url from http:// into https://

    ..so be sure to change all url link on your template and posts from http:// into https:// to fix the locked into green.

    EXAMPLE:

    If an image source url is http://www.domain.com/image.jpg

    Than make sure to change the url into https://www.domain.com/image.jpg

    Do the same step to all of your posts, and on your blog template too.

     

    I hope this can be fix your problems.

     

    best regards,

    Nova Daris

    https://daytonastatecollege.blogspot.com

    • Sanket, I’m using Chrome, and I’m not seeing any errors, or issues when loading your site via HTTPS. I would recommend contacting the administrators for whynopadlock.com, and seeing if this may be a bug in their software.

    • Make sure any resources you are calling on your page are over HTTPS. Google displays this when you are calling a URL over HTTP on an HTTPS page.

  • Hello. I have problem with website. Its WP site. I use SSL today.Google show A punctuation mark in adress bar. Can u help my? 

     

    Domain Name: kristinageorge.com
    URL Tested: https://kristinageorge.com
    Number of items downloaded on page: 165


    Valid Certificate found.

    Certificate valid through: Dec 27 23:27:00 2019 GMT
    Certificate Issuer: GoDaddy.com, Inc. 
    SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2

    Total number of items: 165
    Number of insecure items: 2

    Insecure URL: http://kg.bplus.studio/wp-content/uploads/2015/05/Antoinette-clutch.jpg
    Found in: https://kristinageorge.com/

    Insecure URL: http://kristinageorge.com/wp-content/uploads/2016/12/mega_menu_transparent.png
    Found in: https://kristinageorge.com/wp-content/uploads/cherry-css/style.css?ver=1483911543

     


    Secure calls made to other websites:

    maxcdn.bootstrapcdn.com is valid and secure.

    fonts.googleapis.com is valid and secure.

    cdnjs.cloudflare.com is valid and secure.

    fonts.gstatic.com is valid and secure.

     

    • You will want to work with an experienced web developer, if you don’t have one already, to assist you in resolving this issue.

    • It appears that the placeholder for your image is still in place <img src="https://www.eslteachingonline.com/wp-content/uploads/2015/05/Screen-Shot-2015-06-07-at-2.56.34-PM.png" alt="Teach English in Korea"> Again, I strongly recommend working with an experienced web developer to resolve these issues.

  • I cleared WordPress cache and that image is gone now, and whynopadlock shows all 59 items secure. However, I still only get my home page locked. All other pages are https (without the padlock). This is strange.

    • Paul, the reason your sub-sites don’t show the padlock is because the sub-pages “The site includes HTTP resources.” This is due to having mixed non-HTTPS content on an HTTPS page. As this issue has to do with the coding of your site or sites, it is outside of the scope of support that we are able to provide. You will want to work with an experienced web developer, if you don’t have one already, to assist you in resolving this issue.

    • Paul, they should show when you hover over them. You should be able to look at the status bar when hovering. Also, you could view the source code of the page. What is your site?

  • Aren’t all my pages supposed to show the padlock? Only my home page shows it in Safari but not Chrome. Do I need to wait for Google to recrawl my website for all pages to show with a padlock. I don’t get any errors on any pages when I use the “whynopadlock” site checker. Thanks in advance!