Sun

SSL: Why no padlock?

  1. Home
  2. Knowledge Base
  3. SSL Certificates
  4. SSL: Why no padlock?

SSL is installed automatically on our shared hosting, the only requirement is that a domain added on cPanel must be pointing directly to the server IP. It can’t be hidden under Cloudflare or anything like that.

First of all, anyone can check if the domain name has SSL installed, there is a great tool for that:

SSL Checker

However, in some cases, even if you have SSL installed, the padlock is not being displayed on the browser. The article will explain the most common reasons for that.

Automatic redirect to HTTPS

By default, most of the websites run on HTTP protocol when installed. If the SSL installed, this is not changed automatically. So when the website is being visited it opens an insecure http://yourdomain.com version and the padlock is not being shown. In order to resolve this, you have two option basically:

  1. Change the default website URL to https://yourdomain.com. This is usually done on your website CMS. For example, in WordPress admin panel, you can go to the ‘Settings’ menu and find the actual option “Website URL” and change it.
  2. Use .htaccess file and add a redirect rule that will redirect your website from HTTP to HTTPS. This method is explained on our knowledgebase.

Website is using insecure links in a website code

Website code might have some external implementation or files that are added using URLs in a website code. For example, it could be Google Analytics code, some custom Scripts, CSS, or Fonts that are loaded from some external server.  Make sure that all such URLs are using https://examplecss.com

If you have a padlock issue, you can open a Developer tool on any internet browser. For example in Mozilla Firefox, it is opened by pressing the F12 button and refresh the page. The developer tool should provide you a console at the bottom of the windows, where you can inspect the code quickly and check for HTTP URLs. Here is an example of how the developer tool console looks:

You can clearly see the loaded code and if it has any URLs. All of them should be HTTPS, so if there are any HTTP URLs, you have to edit your code and adjust it.

Another option to change the URL is via database. You can connect to the website database(for example via phpMyAdmin) and simply use the search function to find all the HTTP URLs and replace them with HTTPS.

There are also some useful tools online that could check your website for these issues. For example https://www.whynopadlock.com/

Was this article helpful?

Related Articles