Broken Padlock

Why does my site show as insecure?

A broken padlock is what you get when your website is not fully secured. It’s called a “broken padlock” because browsers used to show an image of a broken padlock in the address bar.

Firefox Insecure Cart

Some browsers will simply display a message saying “Not Secure” like this:

Insecure Cart

Common Causes of broken padlock.

Mixed Content

Mixed content means although the page is being referenced using SSL (i.e. it starts with https://), some of the internal references are non-SSL. Generally this indicates that you are loading images, fonts, CSS or JavaScript over http rather than https.

If you see a “Not Secure” message, but click on the message and see a valid certificate, the problem might be caused by mixed content.

Insecure Cart

If you do a “View Source” in your browser and search for “http://” you can often find the root cause quickly. If you need more help, the find http references plugin builds a report on issues like this.

Expired SSL Certificate

SSL certificates must be renewed, and you forget to renew (or the credit card you use to auto-renew is expired). You’ll get a broken padlock.

Clicking on the message will show a dialog like this:

Insecure Cart - invalid cert

Clicking on the Certificate line will show a dialog like this:

Insecure Cart




Still have questions? Use the Search box in the upper right, or try the full list of FAQs. If you can't find it there, head over to the Zen Cart support forum and ask there in the appropriate subforum. In your post, please include your Zen Cart and PHP versions, and a link to your site.

Is there an error or omission on this page? Please post to General Questions on the support forum. Or, if you'd like to open a pull request, just review the guidelines and get started. You can even PR right here.
Last modified March 27, 2021 by Scott C Wilson (960e2013).