Today I finally managed to set up SSL. To be fair, the company I host my site with did all the heavy lifting. As of today, I’m serving all my content over HTTPS – a step I’ve been wanting to take for quite a while now.

After the certificate was in place, I ran a test on ssllabs.com and I was pretty pleased with the results. Everything seemed to work fine so I went and looked at my site in Safari, expecting to see a little lock beneath my domain name.

Except that there was no lock. I checked the settings and the protocol until I opened up Chrome to see what the dev tools could tell me about this. As it turns out, my site was referencing a tracking script from a subdomain which was not served over HTTPS. That caused Safari (and Chrome as well) to flag the site as not completely secure. I made the script available from my main domain and now everything works as expected. And that’s what I learnt today.