To get a ‘secure lock’ icon at the address bar, your website must meet 3 conditions as below.
- Valid Certificate: The connection to the site should be using a valid, trusted server certificate.
- Secure Connection: The connection to the site should be encrypted and authenticated using a strong protocol, a strong key exchange, and a strong cipher.
- Secure Resources: All resources on the page should be served securely.
Your website probably meets the first two conditions but not the third one. Your website has HTTP resources (mixed content). So, you have to change those HTTP resources to HTTPS.
To fix the issue, please visit https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-contentand follow each step.
But if you are using WordPress, then you can easily find a plugin that converts resources from HTTP to HTTPS