If your website shows a “Not Secure” warning in the browser, it usually means the website is not loading securely using HTTPS.
This warning can appear in browsers such as Google Chrome, Microsoft Edge, Firefox, and Safari.
A “Not Secure” warning can make visitors lose trust in your website, especially if your site has forms, login pages, or payment pages.
What Does “Not Secure” Mean?
“Not Secure” usually means that the connection between the visitor’s browser and your website is not fully protected by SSL.
This can happen if:
- Your website is loading with HTTP instead of HTTPS.
- The SSL certificate is missing.
- The SSL certificate has expired.
- The SSL certificate is not installed correctly.
- The website has mixed content.
- The domain is not pointing to the correct server.
What Is the Difference Between HTTP and HTTPS?
HTTP is the unsecured version of a website address.
Example: http://yourdomain.co.za
HTTPS is the secured version of a website address.
Example: https://yourdomain.co.za
A website should normally load using HTTPS when an SSL certificate is installed and working correctly.
Common Reasons Your Website Says Not Secure
There are several common reasons why a website may show as not secure.
SSL Certificate Is Not Installed
If there is no SSL certificate installed for the domain, the website may show a “Not Secure” warning.
You can usually fix this by enabling a free Let’s Encrypt SSL certificate in DirectAdmin.
SSL Certificate Has Expired
SSL certificates must renew before they expire.
If the certificate expires, visitors may see a security warning.
Free Let’s Encrypt SSL certificates normally renew automatically, but renewal can fail if there is a DNS, hosting, or domain issue.
Website Is Not Redirecting to HTTPS
Sometimes the SSL certificate is installed, but the website still loads using HTTP.
In this case, you may need to enable a redirect from HTTP to HTTPS.
This forces visitors to use the secure version of your website.
Mixed Content Errors
Mixed content happens when a website loads using HTTPS, but some files still load using HTTP.
This can include:
- Images
- CSS files
- JavaScript files
- Fonts
- Embedded content
Mixed content can cause the browser to show a warning even when SSL is installed.
This often happens after enabling SSL on an older website.
Domain Is Not Pointing Correctly
The domain must point to the correct hosting server for SSL to work correctly.
If the domain points to the wrong server, the SSL certificate may fail or show the wrong certificate.
DNS changes can also take time to update.
Step 1 – Check the Website Address
Open your website in a browser.
Look at the website address.
If it starts with: http://
try changing it to: https://
If the HTTPS version works, you may only need to enable an HTTPS redirect.
Step 2 – Check If SSL Is Installed
Log into DirectAdmin and check whether an SSL certificate is installed for the domain.
Open your browser and visit: https://cp.yourdomain.co.za (Replace yourdomain.co.za with your own domain name.)
Enter your DirectAdmin username and password.
Click: Log In
Click: Account Manager
Then click: SSL Certificates
Check whether SSL is enabled for the domain.
Step 3 – Enable or Renew the SSL Certificate
If SSL is not enabled, you can enable a free Let’s Encrypt SSL certificate from DirectAdmin.
If SSL is already enabled but not working, check for errors or contact HostworX Support.
Step 4 – Enable HTTPS Redirect
If the HTTPS version works but the website still opens as HTTP, enable an HTTPS redirect.
This helps force visitors to the secure version of your website.
Step 5 – Check for Mixed Content
If the website loads using HTTPS but still shows a warning, the website may have mixed content.
Mixed content usually needs to be corrected inside the website, theme, plugin, database, or website settings.
WordPress websites may need their site URL updated to HTTPS.
Important Notes
Please keep the following in mind:
- A “Not Secure” warning does not always mean the website is hacked.
- It usually means the website is not fully loading through HTTPS.
- SSL must be installed for the correct domain.
- The domain must point to the correct hosting server.
- Mixed content may need website-level fixes.
- DNS changes may take time to update.
When Should I Contact HostworX Support?
Contact HostworX Support if:
- SSL will not install.
- The certificate shows as expired.
- The wrong SSL certificate appears.
- The website still says “Not Secure” after SSL is enabled.
- You see mixed content errors and are unsure how to fix them.
- The domain recently changed DNS or hosting servers.
Conclusion
A “Not Secure” warning usually means your website is not fully protected by HTTPS.
This may be caused by a missing SSL certificate, an expired certificate, HTTP links, mixed content, or DNS issues.
Enabling SSL and forcing HTTPS usually fixes most basic security warnings, but some websites may need additional content or configuration changes.


