Tagging @MikeHales into the thread.
2 yrs and still no resolve. Browsers are publicly calling you out now!
Thanks for the post, just been checking on this today funnily enough. Which browser were you using?
It does not matter what browser is used, it's a security vulnerability of the vodafone.co.nz main page (that now happen to become more obvious thanks to modern browsers).
totally agree with @zerkms. All modern browsers now displays this information
but for the record, I was using FireFox. Chrome displays the same thing on address bar when you try to enter password.
You already have the valid SSL certs for vodafone.co.nz and www.vodafone.co.nz and all you need to do is add a https redirection and it will take care of browsers publicly calling you out.