Thank you for your reply.
Not really sure why the certificate shows up but, the padlock remains red.
I just included a screen shot and it is red while the certificate looks good.
I clicked on the padlock and selected 'view site information'.
Looks very much like a mixed-content problem--your site is serving some resources (images, CSS, or something) via HTTP. I'd expect whynopadlock.com to have shown that, though.
Yourpage requested js/css from https://172.104.4.10/
As the ip address "172.104.4.10" does not meet the DnsName of the certificate "www.howlingdev.site"
It seems you are using Wordpress, please visit https://www.howlingdev.site/wp-admin/options-general.php
And change the site URL from "172.104.4.10" to "www.howlingdev.site"
Yes JemmyLoveJenny, That fixed the problem.
As soon as I went into WP under general > settings > site url and changed the IP address to human friendly DNS, the padlock came up.
The padlock went away when I put the IP address in the address bar.
I'm not sure what that field affects exactly.
I must have set that before I purchased the domain name.
The web browser software checks that the name in the address bar matches one of the names in the certificate. But (while it is technically possible to issue certificates for IP addresses), Let's Encrypt doesn't issue certificate for IP addresses, only for DNS domain names. That means that if you access a site with a Let's Encrypt certificate via HTTPS using its IP address, it will always be a mismatch, as seen by your browser.
This behavior is a bit different between HTTP and HTTPS, because of the presence of certificates and the need to proactively list individual names in the certificate when requesting them. For example, in HTTP, you could sometimes make an "unauthorized" name for a web site that you don't run yourself, just by registering a domain name and pointing it at the web site's IP address. If the web site operator doesn't try to proactively prevent this and only a single site is hosted on that server, it will normally work—as long as the browser can find the server, the site content will come up.
But in HTTPS, if you point an "unauthorized" domain name at a site, it will be invalid to access it that way from a browser's point of view, because the site will never serve a certificate that matches that name, and therefore the browser will not be able to confirm whether the connection is, in fact, to the intended site.