Broken Padlock
A broken padlock is what you get when your website is not fully secured. It’s called a “broken padlock” because browsers used to show an image of a broken padlock in the address bar.
Some browsers will simply display a message saying “Not Secure” like this:
Common Causes of broken padlock.
Mixed Content
Mixed content means although the page is being referenced using SSL (i.e. it starts with https://
), some of the internal references are non-SSL. Generally this indicates that you are loading images, fonts, CSS or JavaScript over http
rather than https
.
If you see a “Not Secure” message, but click on the message and see a valid certificate, the problem might be caused by mixed content.
If you do a “View Source” in your browser and search for “http://” you can often find the root cause quickly. If you need more help, the find http references plugin builds a report on issues like this.
Expired SSL Certificate
SSL certificates must be renewed, and you forget to renew (or the credit card you use to auto-renew is expired). You’ll get a broken padlock.
Clicking on the message will show a dialog like this:
Clicking on the Certificate line will show a dialog like this: