Your site loads parts of the page (such as CSS, pictures, etc) over plain http. Such practice is called mixed content. You must load everything over a secure connection in order to eliminate this. There are ways to figure out what content that is, for example Security tab in Chrome Dev Tools.