My site shows up as not secure

That goes into the htaccess file. In RapidWeaver 8 in publishing settings, at the bottom is an edit htaccess button( I think that’s what it’s called not at a Mac now).
You can also use any ftp client to upload it to the root level of the site. It has to be PLAIN text, and called .htaccess .

Fix the mixed content first. Especially if it’s active content or it can break the site. Once you’re using https all active content has to be https.