My Website has a Digital Certificate but site comes up not secure??

There are many reasons for a site to be listed as not secure.  The checklist below may help you work out which one is the problem.  Start by getting more detailed information on the certificate your browser encountered when it went to visit the site.  In most browsers you can do this by clicking the i in a circle or padlock to the left of the website address.

Common Scenarios:

Certificate expired.  The website has a digital certificate signed for the correct domain name but its expired.  Either the cert hasn't been renewed or the webserver hasn't been reloaded to use the new one.

Wrong certificate.  The name signed onto the certificate doesn’t match the website address in the browser.  This can happen if the wrong cert has been selected or more likely the webserver doesn't have a certificate for the site and will instead use something else to complete the https hand shake.  Check your hosting settings and Buy / Install a certificate if needed.

IF the certificate's name matches and is valid why is my website still reported as not secure.

This can happen when you have not configured your website application to take advantage of encryption.  This scenario is common with Content Management Systems (CMS) like Wordpress where after loading a certificate for the first time you have to update all hyperlinks in the site from http:// to https://

In the case of Wordpress try using a plugin called Really Simple SSL.  It will upgrade all the hyperlinks and should sort things out in a couple of clicks.  If it doesn’t check for any hard coded references in the theme files or the sites .htaccess file or in really rare cases I’ve had developers who have defined variables like site_home in the wp-config.php file.  Still not working?  Check if the site has a Cache and flush it.

For non-wordpress sites you will need to search and replace the references manually.  For sites that don't use internal rewrite rules, like Wordpress does, you also have the option to enable 'Permanent SEO-safe 301 redirect from HTTP to HTTPS' in 'Hosting Settings' section of your hosting control panel.  If the site has its own rewrites and won't load after doing this simply turn it off and wait 5 minutes for the site to come back up.  Then you will need to find where the rewrites are a good place to start is the .htaccess file in your websites document root.