The CN on the certificate is for bitsofthepast.com, not www.bitsofthepast.com. To have both, you typically need a SAN cert that lists out all the Subject Alternative Names (like www).
A sad way to quickly fix this is to not redirect your Top Level Domain to www. Or, redirect www to your TLD. Or just procure the cert with the right CN to begin with.
And yes, certs just "verify" that who you are connecting to is who they say they are. Little green URL bars, and other fancy icons are typically granted/generated based upon one's ability to pass certain security measures related only to the SSL connection itself... do you get an A+ from Qualsys/SSL Labs, for example because you aren't using SSLv3, TLS1.0 with a beast exploit, SHA1, blah blah.
Btw, you pass just fine on the CVE lists:
Heartbleed (CVE-2014-0160) not vulnerable (OK), timed out
CCS (CVE-2014-0224) not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 6/9 ciphers)
DROWN (2016-0800, CVE-2016-0703) not vulnerable on this port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked. See below for any DH ciphers + bit size
BEAST (CVE-2011-3389) TLS1: DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA
AES128-SHA DHE-RSA-AES128-SHA AES256-SHA
DHE-RSA-AES256-SHA CAMELLIA128-SHA DHE-RSA-CAMELLIA128-SHA
CAMELLIA256-SHA DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-DES-CBC3-SHA
VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
And yes, there is a push to remove the "free" providers as it were, be it because of a security concern or what not. Some folks might be upset if a trusted free SSL provider granted me a cert for www.atariage.com. So there are some concerns at the moment in some circles about who to trust for validation of said certs.
But I digress.