Your agency launched your site with no SSL and Google flagged it as not secure

What the Not Secure warning actually means

SSL is the little padlock icon you see next to a website address. It tells the visitor that the connection between their browser and your site is private - nobody can read what they type in.

When SSL is missing, your address bar shows http:// instead of https://, and modern browsers display a red Not Secure label. On a phone, some browsers show a full-screen warning before the site even loads.

A visitor looking for a plumber, therapist, or cafe is not going to read past that warning. They go back to Google and click the next result.

Why your agency skipped SSL at launch

There is no technical reason to launch a site without SSL in 2026. Let's Encrypt has provided free certificates since 2016, and every reputable hosting provider sets them up automatically.

So why did it happen? Three usual reasons:

• The agency used a cheap hosting account where SSL was a paid add-on, and nobody ticked the box
• The site was built on the agency's staging server and launched without anyone configuring the live domain properly
• Whoever did the launch is junior and did not know SSL was missing until a client complained

None of these are your problem. They are signs the agency treated your launch as a checkbox, not a job.

What it cost you in lost customers

The damage from a missing SSL is not abstract. It hit you in three ways.

First, every visitor who saw Not Secure left. Studies put the bounce rate on insecure pages above 80 percent for small business sites. You paid Google for some of that traffic and got nothing back.

Second, Google ranks insecure sites lower. HTTPS has been a confirmed ranking signal since 2014. While your site sat on http://, it was being held back in search results without anyone telling you.

Third, contact forms on insecure sites get fewer submissions. Even people who stay on the page hesitate before typing their phone number into a box that the browser has just told them is not safe. The agency that built the site knew this, or should have.

How to check your site and get it fixed

Open your website in Chrome. Look at the address bar. If it shows a padlock and starts with https://, you are fine now - but ask the agency how long it was missing for. If it still shows Not Secure or http://, the problem is live.

The fix itself is straightforward. Anyone competent can do it in under an hour:

• Install a free SSL certificate on the hosting (Let's Encrypt or Cloudflare both do this for free)
• Configure the site to redirect every http:// address to https://
• Update any internal links or images that still reference http://
• Resubmit the site to Google Search Console under the https:// version

If your agency tries to charge you a setup fee for SSL, that is the moment to walk. The certificate is free and the work is one of the most basic launch tasks there is.

What to ask your current agency

Send them a short email. Keep it factual:

The site was launched on [date] without SSL. Visitors saw a Not Secure warning until [date it was fixed, or today]. Can you confirm when SSL was installed, why it was not in place at launch, and what compensation you are offering for the months of lost traffic?

You will get one of three replies. They will blame the host. They will say SSL was an upgrade you never paid for. Or they will go quiet. The third one is the most common.

None of those answers are acceptable. SSL is not an upsell. It is the equivalent of a builder handing you a house with no front door and asking if you would like to pay extra for one.

If you are getting this kind of basic stuff wrong at launch, the rest of the work is almost certainly being treated the same way. I look after small business sites end-to-end and SSL is installed before the site ever goes live - it is part of the launch, not an extra. SkipTheAgency's Maintained plan starts at £65/month and includes the certificate, the renewal, and the Cloudflare protection in front of it.