There was a problem loading the comments.

How to Fix 'Your Connection Is Not Private' and Mixed Content Warnings

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

Quick answer: Your connection is not private means an untrusted certificate - usually expired, name-mismatched, self-signed, or missing its intermediate chain. Mixed content (a not fully secure padlock) means the HTTPS page loads some assets over HTTP; find them in the browser console and update those links to https.

Two related warnings scare visitors away from a site: the browser's "Your connection is not private" interstitial, and the padlock showing "not fully secure" because of mixed content. They have different causes and different fixes. Here is how to resolve each.

"Your connection is not private"

This full-page warning means the browser does not trust the certificate. The common causes:

  • Expired certificate - renew it. This is the most frequent cause.
  • Name mismatch - the certificate is for a different domain. Issue one that covers the exact hostname, including www if used.
  • Incomplete chain - the intermediate certificate was not installed. Install the full chain your authority provided, not just the site certificate.
  • Self-signed certificate - fine for internal testing, but browsers reject it for public sites. Replace it with a certificate from a trusted authority (a free Let's Encrypt certificate works).

Mixed content (padlock shows "not fully secure")

Here the certificate is valid, but the HTTPS page loads some assets - images, scripts, or stylesheets - over plain HTTP. The browser flags the page as only partially secure. To fix it:

1. Open the browser developer console (F12) and read the mixed-content warnings.
2. Each warning names an asset loaded over http://.
3. Update those links to https:// (or protocol-relative //) in your content, theme, or settings.

On a CMS like WordPress, hardcoded http:// URLs in the database are the usual culprit - a safe search-and-replace from http:// to https:// across the database resolves them in bulk.

Verify

Reload the page and confirm a solid padlock with no console warnings. Clear your cache and any CDN cache so old references are not served.

Frequently asked questions

What is the most common cause of the not-private warning?
An expired certificate; renewing it resolves most cases.

How do I find mixed content?
Open the browser developer console; each warning names an asset still loading over http.

These issues are handled for you on SoftSys managed WordPress hosting, where SSL is installed with the full chain, kept renewed, and the site is served cleanly over HTTPS without mixed-content warnings.


Share via
Did you find this article useful?  

Related Articles

Tags

© Softsys Hosting