So. Your website is live, it's got a Free SSL, but still seeing a "Not Secure" warning; what gives??
In this article, we will discuss why a secured website might still display this warning as well as what you can do to try and secure all of the content of your pages.
First, Does an SSL Encrypt site content?
It might seem natural that if you use an SSL certificate, then this too will secure all of your website content; however, this isn't the case. Although the Secure Socket Layer is encrypting the real traffic moving between your content and various computers, you may still have content that's not able to be encrypted, like iframes for example.
Since iframes and similar content are technically not located in the same place as the content of your website, this means customers may still receive messages that the page they're viewing contains unsecured content; especially if there are images or other elements that arn't encrypted at their host.
What can you do?
Though these warnings do not mean that a failure of your SSL certificate has occurred, they can still be worrisome to viewers and impact your site's conversions negatively. If an image, video or URL-link refers to an unsecured file hosted on a third party server, outside your website, you’ll need to use a different URL or modify the image link to use the secure "https" protocol.
In some cases, the content must also be "secured" at the host for this to work. You might need to reach out to the content originator to obtain a secured version of the content or recommend that they offer such a thing.
Pro Tip: It's important to remember "one bad apple spoils the whole basket." If the location of the content you are using is unsecured, the simple logic here is that it probably shouldn't be on your website at all. In some cases, it's not possible to make the content you want to use securely. So it's best to consider alternate options.
If you have double-checked and confirmed that your site has no iframes or unsecured content but your SSL is not active, you can unassign the site currently attached to the domain then reassign the site again to reset the SSL provision. For instructions on how to do this, check out our article: Change Assigned Website on Domain