Jump to content

SSL beause of new Google Advices, but no padlock

Recommended Posts


to be honest, i just run non-commercial websites not using sensitive datas, just userlogins, so i never cared about SSL. Now, google warns users on http:// sites and i moved some of my sites to https:// to play around. Everything is fine, but i found some situations/sites, i don't get that green padlock.... I configured IPS like discribed here: 

I use "Full https://" and the imageproxy, but Chrome shows me an "i", no green padlock. Clicking on the i is useless, because it don't provides detailed informations. I tried https://www.whynopadlock.com for e.g. https://www.adminarena.de and got :


Looking good so far, but why i don't get that green padlock (i got it on a few sites, on some not). Does anybody know a service that can test sites and report, whats wrong? Or can some one telling me, whats wrong on the above site :)

Thanks for every reply, i am little bit lost here :cry:


Link to comment
Share on other sites

Yes, i edited the config-file and it's "looking good" and it also preforms the test on this "Padlock-Testsite" just fine.
Some sites work, some not... all IPS4, all on the same server / apache. I removed the SSLv3 from apache - that was the only advise, https://www.whynopadlock.com/ gave me - now everything is "green" on their site - but not yet in Chrome.

I think, there are some inseure requests, but i don't know how to find them out (and wonder, why https://www.whynopadlock.com/ don't reports them to me ?? ) 

Link to comment
Share on other sites

As in another topic...it's most likely 'mixed content' which means something on your site is being served from a site that doesn't serve via https.

The image proxy isn't retroactive, so if you enable it NOW then something linked 10 seconds ago will still serve from its actual url and not from the image proxy url.

If you want a full answer as to why your site is considered 'insecure' then you need to post the url for the site so people can see what it is.

Link to comment
Share on other sites

In Google chrome look at the domain info (where the lock would be) and find what's making it unsecure, it's usually an element on the page being served from http instead of https.

I just moved 4 sites to https this week. make sure you:

  • edit global_config.php
  • user htaccess redirect from http to https
  • update sites like cloudflare (if using it) and any other storage, cdn, etc
  • update google and bing webmaster tools, bing do a change of address, and google start a new property and update your sitemap urls
  • update tapatalk or other plugins if using them and they have domain paths
  • update any login handlers and connections to your site
  • update analytics if needed.
Link to comment
Share on other sites

So, i got it. I fixed all errors reported by https://www.jitbit.com/sslcheck/ - for now i decided to correct everything in the database (using HeidiSQL in my case), not just by httaccess.... https://www.jitbit.com/sslcheck/ is happy now, also all browsers.... And my database is now up2date :)

Thank you @AlexWebsites, this is a very helpful post... After fixing AdminArena (a small site) i will start fixing some older and bigger ones.... You posted some very helpful steps :) :thumbsup:
(BTW: clicking on the "i" (there the lock should be) gives me no helpful informations.... )

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...