cPanel - Security & Access - Troubleshooting SSL issues (mixed content, propagation, expired cert)

In this article, we’ll cover common SSL issues that you might encounter on your website. 

Mixed Content

One of the most common reasons an SSL-protected website still shows as “Not Secure” is something called mixed content.

When an SSL certificate is installed, your website is expected to load entirely over a secure connection (HTTPS). This means every part of the page must be delivered securely, not just the main address. 

Mixed content happens when:

  • The website itself loads securely using https://
  • But some parts of the page still load using http:// 

Even if only one item on the page is insecure, the browser no longer considers the page fully secure.

Why Mixed Content Causes SSL Warnings

SSL works by encrypting all data sent between your website and its visitors. This encryption only applies to content loaded over HTTPS. 

When insecure (HTTP) content is included on a secure (HTTPS) page:

  • That content is not encrypted
  • Browsers cannot guarantee visitor safety
  • The secure connection is considered incomplete 

 Because of this, modern browsers will:

  • Remove the padlock icon
  • Show a “Not Secure” warning
  • Block certain parts of the website from loading 

 This can make it appear as though SSL is not working, even though the certificate itself is installed correctly.

Important Clarification

Mixed content does not mean your SSL certificate is broken or invalid. It means:

  • The SSL certificate is active
  • The website is partially secure
  • The page fails security checks because not all content is encrypted 

Browsers evaluate the security of the entire page, not just the certificate. 

Common Causes of Mixed Content

Mixed content usually appears when:

  • Themes or plugins load files using HTTP
  • External services or embeds do not use HTTPS 

 

How to Fix Mixed Content 

For WordPress Websites

If your WordPress website is showing SSL warnings due to mixed content, you can fix it by updating old links from http:// to https://. The easiest way to do this is with the Better Search Replace plugin.

Step 1: Make a Backup (Important) 

Before making any changes:

  • Backup your website files and database
  • This ensures you can restore your site if anything goes wrong 

Step 2: Install and Activate Better Search Replace

Log in to your WordPress admin dashboard

  1. Go to Plugins → Add New
  2. Search for Better Search Replace 
  3. Click Install Now, then Activate 

Step 3: Open Better Search Replace

Once activated, you can find the plugin in the WordPress menu: 

Go to Tools → Better Search Replace  

Step 4: Update Links:

  1. In the Search for field, enter http
  2. In the Replace with field, enter https
  3. Select the database tables you want to update (usually all tables are fine)
  4. Run a dry run first (this will show how many changes will be made without actually changing anything)
  5. If everything looks correct, run the replacement for real 

Step 5: Clear Cache

  • Clear your WordPress cache if you use a caching plugin
  • Clear your browser cache
  • If you use a CDN, clear that cache as well 

 

For Non-WordPress Websites 

If your site does not use WordPress:

  • Update all website links from http:// to https://
  • Check images, scripts, and embedded content 

 

Expired certificate  

 You can check if your SSL certificate has expired by going to your website and clicking on the padlock icon to view the certificate. 

Steps to check the validity period: 

Firefox:

  1. Click on the padlock
  2. Click on ‘Connection secure’ 
  3. Click on ‘More Information’
  4. Click on ‘View Certificate’
  5. Check the validity period  

Chrome:

  1. Click on the settings button
  2. Click on ‘Connection is secure’
  3. Click on ‘Certificate is valid’ 
  4. Check the validity period 

For cPanel:

  1. Go to the ‘Security’ section
  2. Click on ‘SSL/TLS Status
  3. Check if the Auto-SSL is running and the domains are included
  4. Allow a few minutes for Auto-SSL to install a new SSL certificate 

For Managed WordPress

The Auto-SSL feature is running constantly in the background making sure that your website is covered by a SSL certificate.

If you have any concerns that your SSL certificate did not renew, please don’t hesitate to reach out and we’ll gladly assist. 

 

SSL certificate issuance and propagation.

Depending on the type of SSL certificate you choose, the issuance time can vary:

Domain Validated (DV) certificate:

  • In this category are the Let’s Encrypt SSL certificates and our Simple SSL Certificate
  • These can take anywhere from a few minutes to a few hours to be activated and installed 

 

Organisation Validation (OV) certificate:

  • In this category are our Organisational certificates and our Wildcard Organisational Certificates
  • These can take a few days to activate as these require some additional checks 

 

Extended Validation (EV) certificate:

  • In this category are our Extended certificates
  • These certificates take the longest to activate as these require even more verifications. You can expect this to take a few days as well 

Article ID: 1976
Created On: Tue, Jan 13, 2026 at 9:52 AM
Last Updated On: Wed, Jan 21, 2026 at 8:48 PM

Online URL: https://www.heartinternet.uk/support/article/cpanel-security-access-troubleshooting-ssl-issues-mixed-content-propagation-expired-cert.html