"Not secure" warning in the browser
What causes the "Not secure" or padlock warning in browsers and how to get your site back to secure HTTPS.
If visitors see a "Not secure" warning or a broken padlock icon in their browser's address bar, it can make your site look untrustworthy — even if it's perfectly safe to use. Don't worry: this is usually a fixable technical issue, not a sign that anything bad has happened.
Quick summary
The warning means your site's SSL certificate — the technology that encrypts connections and shows the padlock — is missing, expired, or misconfigured. Contact us and we'll renew or reinstall it. In most cases this is resolved within a few hours.
What is SSL and why does it matter?
SSL (Secure Sockets Layer) is the technology behind HTTPS — the "S" in https://. It encrypts the connection between your visitor's browser and your website so no one can intercept the data.
Modern browsers show a padlock icon in the address bar when SSL is active. When it's missing or broken, they show:
- A "Not secure" label next to the URL
- A broken padlock icon
- A full red warning page (for serious certificate errors) that stops visitors from entering
Full red warning page?
If visitors see a full-screen red warning page telling them not to proceed, this is more urgent. Contact us straight away — this may scare visitors away completely.
Common causes
| Cause | What it looks like |
|---|---|
| Expired SSL certificate | Warning appeared suddenly, was fine before |
| SSL not installed | Happened after switching to a new host or domain |
| Mixed content | Some resources (images, scripts) still load over HTTP |
| Domain changed | Certificate covers the old domain, not the new one |
| Self-signed certificate | Warning present since the site launched |
Step 1 — Note the exact warning message
Different error messages mean different things:
- "Your connection is not private" — Chrome's message for an SSL problem
- "Warning: Potential Security Risk Ahead" — Firefox's version
- "This Connection is Not Secure" — Safari's message
- ERR_CERT_DATE_INVALID — Expired certificate
- ERR_CERT_COMMON_NAME_INVALID — Domain doesn't match the certificate
- ERR_CERT_AUTHORITY_INVALID — Certificate from an untrusted source
Write down the exact message and take a screenshot.
Step 2 — Check the certificate details
Click the padlock icon (or "Not secure" text) in the browser address bar.
Click "Certificate" or "Certificate is not valid."
Check the expiry date. If it expired in the past, the certificate needs renewing.
Check the domain the certificate covers. It should match your site's URL exactly (including or excluding "www" depending on your setup).
Step 3 — Contact us
SSL certificate issues need to be fixed at the server level — in your hosting account. This is not something you can fix from within WordPress.
Contact us with:
- Your site URL
- A screenshot of the error
- The exact error message (from Step 1)
- Whether this appeared suddenly or has always been there
We'll renew, reinstall, or reconfigure the certificate and verify it's working across all pages.
Using Cloudflare or another proxy?
If your site uses Cloudflare (a service that routes traffic through its network for speed and security), the SSL configuration involves both Cloudflare and your hosting. Let us know if you use Cloudflare so we can address both sides.
Common questions
Related guides
- What is SSL & HTTPS?
- My website is down
- Cloudflare basics for clients
- Info to gather before contacting support
- SSL & HTTPS explained
Need a hand?