Quick answer: Your connection is not private means an untrusted certificate - usually expired, name-mismatched, self-signed, or missing its intermediate chain. Mixed content (a not fully secure padlock) means the HTTPS page loads some assets over HTTP; find them in the browser console and update those links to https.
Two related warnings scare visitors away from a site: the browser's "Your connection is not private" interstitial, and the padlock showing "not fully secure" because of mixed content. They have different causes and different fixes. Here is how to resolve each.
This full-page warning means the browser does not trust the certificate. The common causes:
www if used.Here the certificate is valid, but the HTTPS page loads some assets - images, scripts, or stylesheets - over plain HTTP. The browser flags the page as only partially secure. To fix it:
1. Open the browser developer console (F12) and read the mixed-content warnings. 2. Each warning names an asset loaded over http://. 3. Update those links to https:// (or protocol-relative //) in your content, theme, or settings.
On a CMS like WordPress, hardcoded http:// URLs in the database are the usual culprit - a safe search-and-replace from http:// to https:// across the database resolves them in bulk.
Reload the page and confirm a solid padlock with no console warnings. Clear your cache and any CDN cache so old references are not served.
What is the most common cause of the not-private warning?
An expired certificate; renewing it resolves most cases.
How do I find mixed content?
Open the browser developer console; each warning names an asset still loading over http.
These issues are handled for you on SoftSys managed WordPress hosting, where SSL is installed with the full chain, kept renewed, and the site is served cleanly over HTTPS without mixed-content warnings.