I enabled SSL and set the dns settings:
But my site is showing a “Not Secure” error in the address bar… why?
Can anyone help please?
Hey, — a few things cause that “Not Secure” indicator even when SSL looks “enabled” in the Netlify UI. Quick sanity checks first, then the deeper stuff:
1. Are you actually visiting https://? By far the most common cause. If the URL bar shows http://yourdomain.com (no s), the browser will say “Not Secure” no matter how well your cert is provisioned, because you’re just not on the encrypted connection. Try typing the URL explicitly with https:// in front. If that loads with the padlock, the cert is fine — you just need to flip on Domain management → HTTPS → Force HTTPS in Netlify so every visitor is auto-redirected.
2. Is the certificate actually issued yet? Go to Site configuration → Domain management → HTTPS. You want to see “Your site has HTTPS enabled” with a Netlify-managed Let’s Encrypt cert. If it says “Waiting on DNS propagation”, “Provisioning certificate”, or shows an error like “doesn’t appear to be served by Netlify”, the cert hasn’t issued — the “Not Secure” warning is just the side effect. Wait 15–30 min after DNS is correct, then click Renew certificate.
3. Apex vs. www mismatch. If your cert covers www.example.com but you’re hitting example.com (or vice versa), the host you’re visiting won’t have a valid cert. Confirm both the apex and www are listed under your site’s domains in Netlify, and both show as verified.
4. DNS pointing through a proxy (Cloudflare, etc.)? If your domain is at Cloudflare with the orange-cloud proxy on, set those records to DNS only (grey cloud). Otherwise Cloudflare terminates SSL and Netlify can’t validate the cert via HTTP challenge — and if Cloudflare’s SSL mode is “Flexible”, browsers often flag the page as not fully secure.
5. Mixed content. If the cert is fine and the URL is https://, but you still see “Not Secure”, open DevTools → Console. Look for warnings like “Mixed Content: The page was loaded over HTTPS, but requested an insecure resource…”. That means an <img>, <script>, or <link> somewhere in your site is hardcoded with http://. Fix those to https:// (or protocol-relative //).
To help narrow it down, can you share:
-
Your custom domain (the actual URL you’re visiting) and the
.netlify.appsite name -
A copy of the exact URL in your address bar when you see “Not Secure” — including the
http/httpsprefix -
What the Domain management → HTTPS panel says (e.g., “HTTPS enabled”, “Provisioning”, error text)
With those, the cause is usually obvious within a minute.
Thanks @matrixuser
Everything looks correct in netlify (see screenshots below)
I’m trying to hit https://seedbuilders.com/ and https://www.seedbuilders.com/ but it seems like the browser just hangs now…
Can anyone from netlify please help??
This is incredibly worrying to me that production sites actually depend on this…