Using GitHub pages built-in SSL, I have been serving a github pages site over https since it was announced. I set this up by following the tutorial GitHub provides. However, perhaps 25% of the time when I try to access the site, I get an SSL error that says the browser cannot find the certificate. Reloading the page one or more times resolves the issue for a while. The site use enforced HTTPS. Due to the intermittent nature of the issue, I have failed to determine the cause. I am unsure of what information I could provide to help diagnose the error.
Edit: the error is NET::ERR_CERT_COMMON_NAME_INVALID on chrome
Related
Gravatar is causing mixed content issue especially when a user is logged in. For logged out users, there is no issue. My site loses the green Security (SSL) padlock on the browser. For all the pages which logged in Users visit, there is Mixed content. The message on display by Chrome/Firefox usually
that the page was loaded over HTTPS, but requested an insecure image 'http://gravatar.com/avatar/b87daeb6292d165f7bd8db0dbb2e0a8b?s=400&d=identicon'. This content should also be served over HTTPS.
Is there any way to resolve this pls?
This does not happen with my blog. Check out the attached image for more information.
Yes, I faced this error two month back but I resolved it using cloudflare. I made the following two changes to load all the resources including image on https.
In Crypto Page of Cloudflare, changed the setting to always HTTPS and Automatic Redirect.
Made similar change in Cloudflare plugin active in WordPress.
You will find the detailed step by step tutorial on acheving this at below article
How to Fixed Mixed Content Error in WordPress?
I have configured my GoDaddy DNS through Cloudflare, pointing at Heroku's URLs (ivanteong.herokuapp.com) after adding www.ivanteong.com and ivanteong.com to custom domains of Heroku.
I have also added the CNAME for ivanteong.herokuapp.com to Cloudflare for its root and www, configured "Full" for the Crypto settings and enabled "Automatic HTTPS Rewrites". This is to make the site appear as HTTPS. I have also added Page Rules such that everything redirects to https://www.ivanteong.com.
However, I have been facing consistent issues with loading the pages on my website, in order of frequency:
1) When going to different pages on ivanteong.com, it will sometimes reach "There is nothing here yet" page on Heroku. Sometimes, it happens on the main site, other times it happens on the subpages. Visitors need to refresh the page multiple times before the actual page will load and the error page on Heroku is gone. This is bad for user experience as most of the time, users won't bother reloading as they will think the site is broken. I'm suspecting it has something to do with the rerouting of DNS or the DNS connection between Cloudflare and Heroku. I'm on the free tier on Heroku, wondering if that is the problem?
2) Sometimes, some of the assets such as the Javascript library or images will not load fully, and the site will appear without the images loaded or the UI scrambled, only resolved when I refreshed the page. It looks as if they load 80% of assets the first time and only finish loading everything after I reload the page. I'm wondering if it is something to do with forcing HTTPS encryption over all the assets?
I was also facing a similar problem. When I try to load(via https) https://example.com I was getting no app found error. I fixed it by adding multiple domains in heroku custom domain settings. I added both, domain with www subdomain and naked/root domain to heroku and now i get redirection to www.example.com but I don't get the no app error. I hope this might work for you as well.
URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js
I'm trying to build an hotspot with mikrotik to allow the internet to my clients! So, the problem starts when i'm trying to access sites with Https sercurity like facebook, before the user authenticates.
With normal http connection the hotspot works fine, but when i put https, i'm getting this error: error
Can someone please help me? I have read all the docs in the mikrotik forum, nothing worked!
it's good news that nothing worked because it's the purpose of HTTPS: ensure that the site you want is the site you get. Hotspot does exactly the reverse: you ask for a website and you get another one (hotspot landing page): error.
There is no workaround without installing your certificate on each client, which is not doable on a hotspot environment.
Hopefully, problem has been handled with CNAs (Captive Network Assistants) which detect hotspot presence and launch an automatic HTTP request before the user has time to launch its own browser and navigate to Facebook. Latest iOS/Android/Windows versions do that automatically.
after upgrading to Safari 9 I'm getting this error in the browser:
[Warning] [blocked] The page at https://localhost:8443/login was not allowed to run insecure content from http://localhost:8080/assets/static/script.js.
Anyone knows how to enable the running of insecure content on the new Safari?
According to the Apple support forums Safari does not allow you to disable the block on mixed content.
Though this is frustrating for usability in legitimate cases like yours, it seems to be part of their effort to force secure content serving / content serving best practices.
As a solution for you you can either upgrade the HTTP connection to HTTPS (which it seems you have done) or proxy your content through an HTTPS connection with an HTTPS-enabled service (or, in your case, port).
You can fix the HTTPS problem by using HTTPS locally with a self signed SSL certificate. Heroku has a great how-to article about generating one.
After setting up SSL on all of your development servers, you will still get an error loading the resource in Safari since an untrusted certificate is being used(self signed SSL certificates are not trusted by browsers by default because they cannot be verified with a trusted authority). To fix this, you can load the problematic URL in a new tab in Safari and the browser will prompt you to allow access. If you click "Show Certificate" in the prompt, there will be a checkbox in the certificate details view to "Always allow content from localhost". Checking this before allowing access will store the setting in Safari for the future. After allowing access just reload the page originally exhibiting a problem and you should be good to go.
This is a valid use case as a developer but please make sure you fully understand the security implications and risks you are adding to your system by making this change!
If like me you have
frontend on port1
backend on port2b
want to load script http://localhost:port1/app.js from http://localhost:port2/backendPage
I have found an easy workaround: simply redirect with http response all http://localhost:port2/localFrontend/*path to http://localhost:port1/*path from your backend server configuration.
Then you could load your script directly from http://localhost:port2/localFrontend/app.js instead of direct frontend url. (or you could configure a base url for all your resources)
This way, Safari will be able to load content from another domain/port without needing any https setup.
For me disabling the Website tracking i.e. uncheck the Prevent cross-site tracking worked.