Why no padlock says all good, but no padlock

Hi, I have a Let’s Encrypt certificate on my shared hosting server (A2 hosting) and I have run my WP site through whynopadlock, which shows a valid certificate and 95 items called securely, yet I don’t have a padlock or “secure” indicator.

If I manually type my domain into a browser bar “https://cancrime.com” - I get a padlock and secure.

If I simply type “cancrime.com” into a browser bar, I get a “not secure” and no padlock.

Any help is mucho appreciated.


Both HTTP and HTTPS versions of a site can exist simultaneously. By default when you type the name of a website in by itself, the browser will assume you want the (insecure) HTTP site.

Things you can do about this:

You can set your site to redirect visitors who arrive at the HTTP site to the HTTPS site. The method to do this will depend on your web server software etc.

Once people visit the HTTPS site you can set the HSTS header (Google that) to tell their web browser to visit only the HTTPS site after that, and never the insecure one.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.