For a website owner, the disappearance of the browser padlock is one of the most alarming security signals. Often the site worked fine until a new template was installed or a few images were updated, after which a warning appears in the address bar. The technical reasons behind this are well understood, but locating and fixing them can be a serious challenge for an inexperienced developer.
Mixed content problem
The most common cause is mixed content, meaning resources loaded over HTTP inside an HTTPS page. This could be an image, JavaScript file, CSS or video. Modern browsers remove the padlock icon in this case and print a warning to the console. In Sayt.uz experience, the root of the problem most often lies in hardcoded http:// links in older templates. To fix it, review the site's HTML, CSS and JavaScript files and replace all http:// with https://, or better, use the protocol-relative // format.
Expired or invalid certificate
The second common cause is certificate expiration or issuance for the wrong domain. Automatic renewal may have stopped working, for example the Let's Encrypt certbot service halted or the cron job was disabled. Sometimes the certificate is issued for the main domain but does not include the www subdomain. In that case the browser shows an error when the user arrives via www. To verify, the openssl s_client -connect domain.uz:443 command can be used.
External services and widgets
Many sites embed widgets and scripts from third parties โ Google Maps, YouTube, online chats and payment systems. If one of these services does not run over HTTPS or uses an expired certificate, the whole page is flagged as "not fully secure". In that case each external resource must be reviewed individually and removed or replaced if necessary.
Subdomains and canonical links
The site may have defined http://domain.uz as the canonical URL for SEO. This sends a conflicting signal to browsers and search engines even if the page opens over HTTPS. All canonical, hreflang and Open Graph URLs must begin with https://. Additionally, .htaccess or nginx configuration must enforce a 301 redirect from HTTP to HTTPS.
Sayt.uz practice
The Sayt.uz technical team analyzed 1,247 client requests about the padlock issue in April 2036. Of these, 64 percent were due to mixed content, 21 percent to expired certificates, 9 percent to domain mismatch and 6 percent to external widgets. After launching an automated check tool, 88 percent of issues were detected before the client even reported them. SSL reinstallation costs 95,000 soum, while a mixed content audit costs 145,000 soum. In most cases the problem is resolved within a few hours.