My site still shows "Not Secure" after installing the certificate
The certificate being *issued* and the browser showing the padlock are two different things. Work through these in order:
- Hard-refresh (Ctrl+F5 / Cmd+Shift+R) and re-test in a private window — browsers cache security state aggressively.
- Is the certificate actually installed? Visit
https://+ your domain directly. If the browser shows a certificate *error* (not just "Not Secure" on the http version), the certificate wasn't installed correctly — redo Step 3 and make sure all three files were saved and the old certificate replaced. - Is HTTPS redirection on? If
http://yoursite.comloads without redirecting tohttps://, finish Step 4 in the plugin (it updates your site URL and adds a 301 redirect). - Mixed content — the most common cause. Your page loads over HTTPS but an image, stylesheet, or script is still hard-coded to
http://. Test your site at whynopadlock.com — it lists the exact insecure resources. Fix by updating those URLs (search-replacehttp://yoursite.com→https://yoursite.comin your content), or use a mixed-content fixer. - Behind Cloudflare? Set SSL/TLS mode to Full (strict) in Cloudflare. "Flexible" mode causes redirect loops and "Not Secure" states even with a valid certificate installed.
- Certificate installed for the wrong host — if you included www during setup, both
yoursite.comandwww.yoursite.commust be on the certificate. If you only secured one, browsers reaching the other will warn. Re-issue with "Include www" checked.
If none of this resolves it, contact support with your domain name and a screenshot of the browser warning — we can diagnose from the certificate your server is actually serving.