first, your certificate is good and your connections are secure (checked via https://check-your-website.server-daten.de/?q=laplume.lu ):
Your certificate has both domain names:
expires in 88 days laplume.lu, www.laplume.lu - 2 entries
and your domain connections are ok:
But there are some problems:
- You don’t have redirects http -> https. So if a user comes to your http version, this is insecure. That’s your first image.
- You send http status 403, forbidden, but using a browser there is content visible. Looks like this is a spam detection to block tools, but then you have to use your browser to find mixed content.
So first find your port 80 vHost and add a redirect http -> https.