Today I've had two customers report that my ordering page does not show the padlock icon. One, who I had on the phone and who actually had a clue, reported that his address bar did in fact show https, despite the lack of a padlock icon in his browser. Unfortunately I forgot to ask which browser, but in any event there does appear to be an issue. In years, this has never happened before. I can't reproduce it. The only thing I can think of is that I got a cert from GoDaddy for $19 instead of an expensive Verisign or Thawte cert, about a month ago. It's a Red Hat server. Do you think this might be the cause? Any clever brainstorms appreciated.
I found the problem - a graphic was being referenced by its full URL, thus causing the "page contains both secure and insecure items" dialog, and then no padlock. I fixed the URL and now it works properly. Interesting, I never noticed that "feature" before.