If SSL is installed but the browser still shows Not Secure, the site is usually loading mixed content or redirecting inconsistently between HTTP and HTTPS.
Common symptoms
- The padlock is missing
- Only some pages show warnings
- Images, scripts, or styles are blocked
Troubleshooting steps
- Force the site URL and canonical application settings to use
https://consistently. - Review the page source or browser console for mixed content references to
http://assets. - Update hardcoded asset URLs inside templates, CMS settings, or database content.
- Enable or correct HTTPS redirect rules so visitors are not left on plain HTTP pages.
- Purge any caching layers after updating URLs or redirect logic.
Additional notes
- A valid certificate alone does not prevent mixed content warnings.
- One outdated theme file or custom script can keep the warning active.
When to contact support
Contact support if the certificate is valid and full HTTPS is enforced but the browser still warns.