I have SSL installed on the site and it works fine on Chrome on Macbook. However, Safari on Macbook and Chrome on mobile devices do not have the padlock.
I have checked the SSL chain and have verified that it is in the correct order. I also have force HTTPS on for all files and links on the server
Hostinger - Apache/NGINX
I can login to a root shell on my machine (yes or no, or I don't know): not sure
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Wordpress
I'm getting a secure lock on my Android Chrome browser. Could you perhaps share a screenshot of a broken lock with information about the security state on that browser? You can tap on the (broken) lock which would present a small menu with also the text "Connection is secure" (in my case) or probably something else if the connection is not secure. If you tap that text, you'll get more security details. If you could take a screenshot of that, it would be most helpful.
Despite what is being reported by https://www.missingpadlock.com/, your website does in fact contain "mixed content" (content served over http instead of https), which will result in your website being reported as insecure by most major browsers (thus no padlock). Please go through your WordPress settings and links to update each mention of "http" to "https". You might begin with Changing The Site URL | WordPress.org.
In addition, based on the results of SSL Server Test: ddesai.com (Powered by Qualys SSL Labs), it appears that your webserver has a very strict (meaning small) list of acceptable cipher suites. This "overhardening" can result in some systems failing to establish a secure connection due to being unable to use any of the limited suites available. I recommend switching to an "intermediate" configuration based on https://ssl-config.mozilla.org/.
you site appears to be wordpress based. install "Better Search and Replace" which can search for http:// and replace it with https:// etc in a flash on all tables
I use it to consolidate database links etc as it can change any URL etc
It doesn't matter if the HTTP links redirect to a HTTPS: if the protocol used on the website is HTTP, it will be mixed content.
I guess the Really Simple SSL-plugin isn't very good at fixing mixed content:
Mixed Content: The page at 'https://ddesai.com/' was loaded over HTTPS, but requested an insecure element 'http://ddesai.com/wp-content/uploads/2021/05/luca-bravo-alS7ewQ41M8-unsplash-scaled.jpeg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Mixed Content: The page at 'https://ddesai.com/' was loaded over HTTPS, but requested an insecure element 'http://ddesai.com/wp-content/uploads/2021/05/casamokc.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Mixed Content: The page at 'https://ddesai.com/' was loaded over HTTPS, but requested an insecure element 'http://ddesai.com/wp-content/uploads/2021/05/193e8793306107.5e611c0106a83.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Mixed Content: The page at 'https://ddesai.com/' was loaded over HTTPS, but requested an insecure element 'http://ddesai.com/wp-content/uploads/2021/05/Screen-Shot-2021-05-30-at-12.11.08-AM.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Mixed Content: The page at 'https://ddesai.com/' was loaded over HTTPS, but requested an insecure element 'http://ddesai.com/wp-content/uploads/2021/05/zippymockup-e1622344215839.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Mixed Content: The page at 'https://ddesai.com/' was loaded over HTTPS, but requested an insecure element 'http://ddesai.com/wp-content/uploads/2021/05/mtndew.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
And that's just your homepage.
It seems by the way my Chromium version automatically upgrades to HTTPS and if that's successfull, it'll keep the lock and won't mark the page as insecure. So my statement above in this post may vary between browsers and browser versions.
You can also search your wordpress database posts for http://, I seem to remember there was a way to do all this via SQL..
As an aside, your website has great protocol support (h3 QUIC etc) but you are serving a 5MB jpg that takes 12 seconds to load on my connection for quick image optimization check out https://squoosh.app/ or https://tinypng.com/ - or perhaps there is a plugin that can do it for you. That 5MB image would safely reduce to about 600KB.
Hi all, I figured it out it was actually very simple.
For some reason the url for media was not the same as the url in the media library, so I had to remove and reattach images that showed up as http:// when I inspected the page.
for quick image optimization check out 