SSL Padlock Problems and Solutions

SSL-Padlock_LI SSL Padlock Problems and Solutions

If you’ve recently implemented a secure socket layer (SSL) on your domain, but see that the padlock is still open, you might have a case of mixed media on the site, or something else might be going on.

The goal is to have a green, closed padlock next to your website URL when viewed in the search bar.

Here are several reasons why the padlock might still be open and how to fix them.

  1. Applied SSL, but the lock is still red. If you’ve added an SSL Certificate to your website, be sure you’ve activated it. There are several Certificate options, plus implementation is not automatic when you purchase the Certificate. Check with your domain host, who may be different than your website host, to find out if you need to complete additional steps.
  2. Applied and activated the SSL, but the lock is still red. You may have mixed media on the site, which means, if you have images or document files on the site, they too need to be optimized for the lock to close and turn green. If you have a WordPress site, you’re in luck. There are a several plugins you can activate to solve the problem, including WP Force SSL, Really Simple SSL, Easy HTTPS Redirection, SSL Insecure Content Fixer, and more. There are also several for image optimization. To find them, from your dashboard, click plugins. In the add new search box, look for SSL image optimizers. Choose from among the more popular ones that have been updated recently, install, and activate one.
  3. Mixed-media issue on a non-WordPress site. When you activate an SSL, the site lock will turn green when the site pages and contents are optimized. If you do not have a WordPress site, fixing this issue can be very time intensive. In this article from Kinsta, they outline how to optimize images and content for the web, as well as define Lossy vs Lossless optimization.
  4. Sometimes my lock appears and other times it doesn’t. You might experience the vanishing lock when switching browsers. Each of the top world browsers address SSL differently. You may experience this phenomenon if you’re using absolute links on your pages, content, images, and text, rather than relative links. To solve it, use relative links to connect content, text, and images from within the site. Relative links do not use the full URL in the link structure. For example, absolute links look like A relative link looks completely different like ../images/filename.jpg or without the initial “../” depending on if you’re linking to a top-level or sub-level page or image. To fix this, you need to go through all the links on your site and change all absolute links to relative ones. On a hand-coded site, it will be tedious. In WordPress and Drupal, the link format is determined at the core level. Check there to see how the links are structured. Once changed, it becomes a global, one-time change across the site. You can also use a plugin to remedy the situation.
  5. SSL applied, but my Google analytics seem screwed up. When you switch to an SSL domain (https://) that is a different domain name than a non-SSL domain. In your Google Search Console, be sure to change the analytics domain to the https:// version. Also, change it in your WordPress analytics settings. You may need to verify the site in the Search Console once you apply the change.

Come July 2018, if you don’t have an SSL certificate associated with your domain, Chrome will mark the site as insecure, and the site’s search ranking will be negatively impacted. Chrome will be downgrading non-SSL sites to follow SSL-secure sites in search results.

Also, you may have trouble using AdWords with a non-SSL secure site.

Now that you are armed with this important information, how long will it take you to implement the change? Start planning today.

Additional Resources