Setting up an SSL certificate on your site doesn’t mean it will be used by default. It’ll only work if your users type https:// or click a link that uses the protocol.

If you’re using WordPress, you can use a plugin to redirect users over to the secure version of the page they’re trying to visit. Or you can avoid adding the extra plugin and set it up manually in your .htaccess file, letting the server handle it. The code to set up the redirect is fairly straight forward and I use it all the time:

# Makes rewrite available
RewriteEngine On

# Looks for port 80 requests, non-SSL
RewriteCond %{SERVER_PORT} 80

# Redirect the user to the same URL, but with the https protocol
RewriteRule ^(.*)$$1 [R=301,L]

Change the domain name to your own, and in most cases it’s ready to go.