Why does my browser say my site is insecure?

A common issue after adding an SSL certificate is that your browser still shows your site as insecure. This most often happens because there are links on your page that still point to HTTP instead of HTTPS. For example, look at the following code to link an image.

<img src="http://www.w3schools.com/html/pic_mountain.jpg" alt="Mountain View" style="width:304px;height:228px;">

Notice how the URL is directly linked with 'http' at the beginning. When visiting the site in Firefox, the following is displayed:

01 SSL troubleshooting.png

You can see the padlock icon in the top left of the browser shows a warning icon instead.

Cause of this error

If you click on the warning icon the text explains that there are 'unencrypted elements' on the page you're viewing.

From the example above, this is happening because the image was linked using 'HTTP' and not 'HTTPS'. Another way to confirm what on your site is linked insecurely is to use the following site:

Fixing unencrypted elements

There are two solutions:

  • Link all external image files using 'HTTPS'. This is called an 'absolute link'.
  • Link all internal image files (files on your web server) using relative links.

See also

Did this article answer your questions?

Article last updated PST.