Why Does My Website Say Not Secure?

If your website shows a “Not Secure” warning in the browser, it usually means the website is not loading securely using HTTPS.

This warning can appear in browsers such as Google Chrome, Microsoft Edge, Firefox, and Safari.

A “Not Secure” warning can make visitors lose trust in your website, especially if your site has forms, login pages, or payment pages.


What Does “Not Secure” Mean?

“Not Secure” usually means that the connection between the visitor’s browser and your website is not fully protected by SSL.

This can happen if:

  • Your website is loading with HTTP instead of HTTPS.
  • The SSL certificate is missing.
  • The SSL certificate has expired.
  • The SSL certificate is not installed correctly.
  • The website has mixed content.
  • The domain is not pointing to the correct server.

What Is the Difference Between HTTP and HTTPS?

HTTP is the unsecured version of a website address.

Example: http://yourdomain.co.za

HTTPS is the secured version of a website address.

Example: https://yourdomain.co.za

A website should normally load using HTTPS when an SSL certificate is installed and working correctly.


Common Reasons Your Website Says Not Secure

There are several common reasons why a website may show as not secure.


SSL Certificate Is Not Installed

If there is no SSL certificate installed for the domain, the website may show a “Not Secure” warning.

You can usually fix this by enabling a free Let’s Encrypt SSL certificate in DirectAdmin.


SSL Certificate Has Expired

SSL certificates must renew before they expire.

If the certificate expires, visitors may see a security warning.

Free Let’s Encrypt SSL certificates normally renew automatically, but renewal can fail if there is a DNS, hosting, or domain issue.


Website Is Not Redirecting to HTTPS

Sometimes the SSL certificate is installed, but the website still loads using HTTP.

In this case, you may need to enable a redirect from HTTP to HTTPS.

This forces visitors to use the secure version of your website.


Mixed Content Errors

Mixed content happens when a website loads using HTTPS, but some files still load using HTTP.

This can include:

  • Images
  • CSS files
  • JavaScript files
  • Fonts
  • Embedded content

Mixed content can cause the browser to show a warning even when SSL is installed.

This often happens after enabling SSL on an older website.


Domain Is Not Pointing Correctly

The domain must point to the correct hosting server for SSL to work correctly.

If the domain points to the wrong server, the SSL certificate may fail or show the wrong certificate.

DNS changes can also take time to update.


Step 1 – Check the Website Address

Open your website in a browser.

Look at the website address.

If it starts with:  http://

try changing it to:  https://

If the HTTPS version works, you may only need to enable an HTTPS redirect.


Step 2 – Check If SSL Is Installed

Log into DirectAdmin and check whether an SSL certificate is installed for the domain.

Open your browser and visit: https://cp.yourdomain.co.za (Replace yourdomain.co.za with your own domain name.)

Enter your DirectAdmin username and password.

Click: Log In

Click: Account Manager

Then click: SSL Certificates

Check whether SSL is enabled for the domain.


Step 3 – Enable or Renew the SSL Certificate

If SSL is not enabled, you can enable a free Let’s Encrypt SSL certificate from DirectAdmin.

If SSL is already enabled but not working, check for errors or contact HostworX Support.


Step 4 – Enable HTTPS Redirect

If the HTTPS version works but the website still opens as HTTP, enable an HTTPS redirect.

This helps force visitors to the secure version of your website.


Step 5 – Check for Mixed Content

If the website loads using HTTPS but still shows a warning, the website may have mixed content.

Mixed content usually needs to be corrected inside the website, theme, plugin, database, or website settings.

WordPress websites may need their site URL updated to HTTPS.


Important Notes

Please keep the following in mind:

  • A “Not Secure” warning does not always mean the website is hacked.
  • It usually means the website is not fully loading through HTTPS.
  • SSL must be installed for the correct domain.
  • The domain must point to the correct hosting server.
  • Mixed content may need website-level fixes.
  • DNS changes may take time to update.

When Should I Contact HostworX Support?

Contact HostworX Support if:

  • SSL will not install.
  • The certificate shows as expired.
  • The wrong SSL certificate appears.
  • The website still says “Not Secure” after SSL is enabled.
  • You see mixed content errors and are unsure how to fix them.
  • The domain recently changed DNS or hosting servers.

Conclusion

A “Not Secure” warning usually means your website is not fully protected by HTTPS.

This may be caused by a missing SSL certificate, an expired certificate, HTTP links, mixed content, or DNS issues.

Enabling SSL and forcing HTTPS usually fixes most basic security warnings, but some websites may need additional content or configuration changes.

  • directadmin ssl management, ssl troubleshooting, not secure warning, website security
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to Change Your DirectAdmin Password

Changing your DirectAdmin password regularly helps improve the security of your hosting account...

How to Check If Your SSL Certificate Is Working

After enabling an SSL certificate, you should check that your website loads securely using HTTPS....

How to Enable a Free SSL Certificate Using Let’s Encrypt in DirectAdmin

SSL certificates help secure your website and protect information sent between your website and...

How to Enable Hotlink Protection in DirectAdmin

Hotlink protection helps prevent other websites from directly using your images, files, or media...

How to Force HTTPS Redirects in DirectAdmin

After installing an SSL certificate, visitors may still be able to access your website using the...