SSL Zen Help Center
← Back to Help Center

My site still shows "Not Secure" after installing the certificate

Last updated July 2, 2026 · Troubleshooting

The certificate being *issued* and the browser showing the padlock are two different things. Work through these in order:

  1. Hard-refresh (Ctrl+F5 / Cmd+Shift+R) and re-test in a private window — browsers cache security state aggressively.
  2. Is the certificate actually installed? Visit https:// + your domain directly. If the browser shows a certificate *error* (not just "Not Secure" on the http version), the certificate wasn't installed correctly — redo Step 3 and make sure all three files were saved and the old certificate replaced.
  3. Is HTTPS redirection on? If http://yoursite.com loads without redirecting to https://, finish Step 4 in the plugin (it updates your site URL and adds a 301 redirect).
  4. Mixed content — the most common cause. Your page loads over HTTPS but an image, stylesheet, or script is still hard-coded to http://. Test your site at whynopadlock.com — it lists the exact insecure resources. Fix by updating those URLs (search-replace http://yoursite.comhttps://yoursite.com in your content), or use a mixed-content fixer.
  5. Behind Cloudflare? Set SSL/TLS mode to Full (strict) in Cloudflare. "Flexible" mode causes redirect loops and "Not Secure" states even with a valid certificate installed.
  6. Certificate installed for the wrong host — if you included www during setup, both yoursite.com and www.yoursite.com must be on the certificate. If you only secured one, browsers reaching the other will warn. Re-issue with "Include www" checked.

If none of this resolves it, contact support with your domain name and a screenshot of the browser warning — we can diagnose from the certificate your server is actually serving.

Still need help?

Can't find what you're looking for? Our team will get you sorted.

Contact support