SSL beause of new Google Advices, but no padlock

[TheSonic]

Hi,

to be honest, i just run non-commercial websites not using sensitive datas, just userlogins, so i never cared about SSL. Now, google warns users on http:// sites and i moved some of my sites to https:// to play around. Everything is fine, but i found some situations/sites, i don't get that green padlock.... I configured IPS like discribed here: 

I use "Full https://" and the imageproxy, but Chrome shows me an "i", no green padlock. Clicking on the i is useless, because it don't provides detailed informations. I tried https://www.whynopadlock.com for e.g. https://www.adminarena.de and got :

 

Looking good so far, but why i don't get that green padlock (i got it on a few sites, on some not). Does anybody know a service that can test sites and report, whats wrong? Or can some one telling me, whats wrong on the above site 

Thanks for every reply, i am little bit lost here 

 

[jcdesign]

I´m also using Let´s Encrypt with no problem at all with all of my sites.

Have you edited global_config php file with the right url address? from http to https.

[TheSonic]

Yes, i edited the config-file and it's "looking good" and it also preforms the test on this "Padlock-Testsite" just fine.
Some sites work, some not... all IPS4, all on the same server / apache. I removed the SSLv3 from apache - that was the only advise, https://www.whynopadlock.com/ gave me - now everything is "green" on their site - but not yet in Chrome.

I think, there are some inseure requests, but i don't know how to find them out (and wonder, why https://www.whynopadlock.com/ don't reports them to me ?? ) 

[Nathan Explosion]

As in another topic...it's most likely 'mixed content' which means something on your site is being served from a site that doesn't serve via https.

The image proxy isn't retroactive, so if you enable it NOW then something linked 10 seconds ago will still serve from its actual url and not from the image proxy url.

If you want a full answer as to why your site is considered 'insecure' then you need to post the url for the site so people can see what it is.

[TheSonic]

Hi @Nathan Explosion

i found https://www.jitbit.com/sslcheck/ and they gave some referenes to an old domain of mine... Perhaps i have to replae some links, still checking whats wrong  

You find the domain i mentinoed in the first post - in the text and the results of WhyNoPadlock... It's https://www.adminarena.de

Thank you

[AlexWebsites]

In Google chrome look at the domain info (where the lock would be) and find what's making it unsecure, it's usually an element on the page being served from http instead of https.

I just moved 4 sites to https this week. make sure you:

• edit global_config.php
• user htaccess redirect from http to https
• update sites like cloudflare (if using it) and any other storage, cdn, etc
• update google and bing webmaster tools, bing do a change of address, and google start a new property and update your sitemap urls
• update tapatalk or other plugins if using them and they have domain paths
• update any login handlers and connections to your site
• update analytics if needed.

[TheSonic]

So, i got it. I fixed all errors reported by https://www.jitbit.com/sslcheck/ - for now i decided to correct everything in the database (using HeidiSQL in my case), not just by httaccess.... https://www.jitbit.com/sslcheck/ is happy now, also all browsers.... And my database is now up2date

Thank you @AlexWebsites, this is a very helpful post... After fixing AdminArena (a small site) i will start fixing some older and bigger ones.... You posted some very helpful steps  
(BTW: clicking on the "i" (there the lock should be) gives me no helpful informations.... )

[AlexWebsites]

Thanks, do you have developer tools installed in Chrome? I was able to see a few images and ad codes this way, not being served securely which is why I mentioned it.

Thats a good tip about looking in the database.