TheSonic Posted January 27, 2017 Posted January 27, 2017 Hi, to be honest, i just run non-commercial websites not using sensitive datas, just userlogins, so i never cared about SSL. Now, google warns users on http:// sites and i moved some of my sites to https:// to play around. Everything is fine, but i found some situations/sites, i don't get that green padlock.... I configured IPS like discribed here: I use "Full https://" and the imageproxy, but Chrome shows me an "i", no green padlock. Clicking on the i is useless, because it don't provides detailed informations. I tried https://www.whynopadlock.com for e.g. https://www.adminarena.de and got : Looking good so far, but why i don't get that green padlock (i got it on a few sites, on some not). Does anybody know a service that can test sites and report, whats wrong? Or can some one telling me, whats wrong on the above site Thanks for every reply, i am little bit lost here
jcdesign Posted January 27, 2017 Posted January 27, 2017 I´m also using Let´s Encrypt with no problem at all with all of my sites. Have you edited global_config php file with the right url address? from http to https.
TheSonic Posted January 27, 2017 Author Posted January 27, 2017 Yes, i edited the config-file and it's "looking good" and it also preforms the test on this "Padlock-Testsite" just fine. Some sites work, some not... all IPS4, all on the same server / apache. I removed the SSLv3 from apache - that was the only advise, https://www.whynopadlock.com/ gave me - now everything is "green" on their site - but not yet in Chrome. I think, there are some inseure requests, but i don't know how to find them out (and wonder, why https://www.whynopadlock.com/ don't reports them to me ?? )
Nathan Explosion Posted January 27, 2017 Posted January 27, 2017 As in another topic...it's most likely 'mixed content' which means something on your site is being served from a site that doesn't serve via https. The image proxy isn't retroactive, so if you enable it NOW then something linked 10 seconds ago will still serve from its actual url and not from the image proxy url. If you want a full answer as to why your site is considered 'insecure' then you need to post the url for the site so people can see what it is.
TheSonic Posted January 27, 2017 Author Posted January 27, 2017 Hi @Nathan Explosion i found https://www.jitbit.com/sslcheck/ and they gave some referenes to an old domain of mine... Perhaps i have to replae some links, still checking whats wrong You find the domain i mentinoed in the first post - in the text and the results of WhyNoPadlock... It's https://www.adminarena.de Thank you
AlexWebsites Posted January 27, 2017 Posted January 27, 2017 In Google chrome look at the domain info (where the lock would be) and find what's making it unsecure, it's usually an element on the page being served from http instead of https. I just moved 4 sites to https this week. make sure you: edit global_config.php user htaccess redirect from http to https update sites like cloudflare (if using it) and any other storage, cdn, etc update google and bing webmaster tools, bing do a change of address, and google start a new property and update your sitemap urls update tapatalk or other plugins if using them and they have domain paths update any login handlers and connections to your site update analytics if needed.
TheSonic Posted January 27, 2017 Author Posted January 27, 2017 So, i got it. I fixed all errors reported by https://www.jitbit.com/sslcheck/ - for now i decided to correct everything in the database (using HeidiSQL in my case), not just by httaccess.... https://www.jitbit.com/sslcheck/ is happy now, also all browsers.... And my database is now up2date Thank you @AlexWebsites, this is a very helpful post... After fixing AdminArena (a small site) i will start fixing some older and bigger ones.... You posted some very helpful steps (BTW: clicking on the "i" (there the lock should be) gives me no helpful informations.... )
AlexWebsites Posted January 27, 2017 Posted January 27, 2017 Thanks, do you have developer tools installed in Chrome? I was able to see a few images and ad codes this way, not being served securely which is why I mentioned it. Thats a good tip about looking in the database.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.