So you want your website to use HTTPS. You want to secure your website and enjoy the search engine benefits. In order to get that sweet padlock, there are a couple of things you need to do.
Install an SSL certificate
Before your website can use HTTPS, you need to have an SSL certificate for your domain name. You will need to get this SSL certificate from an SSL certificate vendor and install it on your hosting account.
You can install your certificate using the SSL/TLS section in your control panel. For more information, see this article.
Force all visitors to use HTTPS
After installing an SSL certificate, you need to make sure your visitors are actually using https. To do so, you need to redirect all traffic to the https version of your website. See this article for a few ways to do that.
Make sure all urls use HTTPS
If your website has a valid SSL certificate and is using https, but you do not see a padlock, this is because some of the URLs on your website do not use https.
To get a padlock, all urls on the page must use https. All images, CSS and JavaScript files on the page must be loaded over https or the page will not be considered secure.
There are multiple ways to look for http urls. Sometimes, you may see “Mixed Content” in the JavaScript console in your browser, with the http URL next to it. You may also be able to view the source code of the page in your browser and look for http URLs there.
The next step is to find out what generated the bad URLs and how to fix them. Unfortunately, there is no general method to do so: it depends on many aspects of how you built your website.