Why isn't my SSL lock showing in the browser?



@ryan can you please help me My free ssl certificate didn’t work although my status is active
This is my request #1427014


Your issue is also Mixed Content Errors. I’ll reply on your ticket as well :slight_smile:


Please @ryan see my Request #1427014 again i did all this methods and still got the same problem :cold_sweat:


You may want to going to the Crypto tab and making sure that you have both Always Use HTTPS and Automatic HTTPS rewrites turned on. And also review the page rules recommended in this video. The admin one in particular.


I have active SSL on my site splyco.com, however some times and in some browsers it shows a green padlock and in others it does not. Any way to fix this?


I visited your site and it let me go to the http version. Turn on Always Use HTTPS in Cloudflare’s Crypto tab.

When I visit it using HTTPS, I get a mixed content error due to a hard-coded http:// URL for: logo-red-2.png and favicon.ico

It also has www and non-www intermixed in your URLs as well. Probably hard-coded also.


What means:
It also has www and non-www intermixed in your URLs as well?


I already turn on Always use HTTPS, but my site still not show the green padlocks in both Chrome and Firefox even when it shows https:// in the url
Earlier it shows the green padlock but since i upload the new version of website, the padlock disappear. I am using Wordpress. I
My website url: https://reino.news/
Please advise. Thank you very much!


Mixed content. Scroll up to Ryan’s post on the subject.


I have set Cloudflare free SSL yesterday and today SSL lock is showing on Mobile Browsers but on Laptop its only showing Https without padlock also, chrome says this site is not fully secure.


Same problem as many people I have ssl but no lock
I contacted support 4 times and got the same email
I already downloaded the SSL plugin you cleared chache as advised but still have no lock


Moringa looks good to me. No mixed content issues. Are you still not getting the lock?


Still a Mixed Content issue. Using Dev Tools in Chrome, I see several images with http in the URL.

It’s possible you have HTTP hard-coded in some of your content. But for starters, I’d make sure WordPress Settings-> General has your Site URL set to HTTPS.

Then at Cloudflare’s Crypto tab, turn on Always Use HTTPS (you probably already did this) and Automatic HTTPS Rewrites (at the bottom of the Crypto page).

If you have wp-cli installed on your server, you can also do a search and replace for http://example.com:
wp search-replace ‘http://techsable.com’ 'https://techsable.com
Some WordPress plugins can do this as well.


Thanks, the email from Nick with this and what you advsed sorted it out

Then at Cloudflare’s Crypto tab, turn on Always Use HTTPS (you probably already did this) and Automatic HTTPS Rewrites (at the bottom of the Crypto page).


Hey everyone, I have 2 sites, both set up the same way on my server using Cloudflare flexible SSL and the flexible SSL plugin installed. One site has the green padlock whilst the other has mixed content issue.

I really am stumped as to what I can do to fix it on the site that is showing that issue as I didn’t do anything different on that site.

I tried adding the plugin SSL Insecure Content Fixer as Cloudflare suggested in their post and cleared my cache but it didn’t fix it.

Please help!


Recheck your second site settings.


Hi, I’m hoping someone can help a newb out here please.

I have the cloudflare free plan and am trying to get the shared SSL to work. I have changed the nameservers but when I enter HTTPS before my URL a broken version of it displays and it says insecure. My certificate is showing as active in cloudflare.

My site is hosted by hostgator and when I look at the options through their control panel it seems I can either pay for an SSL certificate through them or pay a one off fee to install a third party certificate. When I click install third party it asks for the ‘SSL Certificate’, ‘RSA Private Key’, and ‘SSL CA Certificate (Trusted Authority / “CA Bundle”)’.

My question is should I be providing hostgator with the information which I can somehow get from cloudflare and installing that way, or am I doing something else wrong? Thanks.


If your Cloudflare certificate is active, it’s probably not a Hostgator problem. I’m guessing it’s Mixed Content. What’s the URL?


Thanks for the reply, it’s http://aeonreviews.com/ any help appreciated, thanks.


Yes, lots of mixed content.

I suggest you pay the one-off fee to install a Cloudflare Origin Certificate and Key:
And the CA Certificate:

Once that’s all done, I would set Cloudflare’s SSL to Full (Strict) and then enable “Always Use HTTPS.” That should get you a long way toward the green lock.