I have just installed a SSL certificate on my site that has concrete5 installed. I tried changing the canonical URL in the dashboard, just the SSL part to the https version of my site, and when I tried changing both it created a redirect loop so I had to undo it. The mixed content warning seems to be coming from the photos that I have on the site, Google Chrome informs me in the console that the photos and thumbnails are not using the https version, so it doesn't load them unless you specifically ask for it.
I fixed it! What I did, if anyone runs into the same problem, is I changed the Canonical URL settings in the dashboard to have the Canonical URL be the https version, the Canonical SSL URL be the https one, and have the redirect to canonical URL unchecked and it seems to be working now.
Related
We have recently installed an SSL certificate to our fairly old version of Drupal. The front end of it works well, however, we are now unable to log in to the admin area. We put this problem on our servers who claims the website now goes into a continuous redirect look, causing the site to crash. here is what they said.
"I have taken a further look at this and we can see some pages have specific rules in place that are forcing them to use HTTP this is then causing an issue with the redirect to HTTPS, this is essentially creating a loop as the Site goes to the HTTP which gets redirected to HTTPS, which the page then redirects back to HTTP and so on. You will need to review the content of the site and to remove the redirect(s) to HTTP for any pages that have this, alternatively, we can remove the redirect to HTTPS (However this defeats the purpose of having the SSL Certificate then). Please let me know if you would like me to remove the HTTPS redirect."
The same problem can be found here at stack overflow. However, the answer is very vague considering it's a change to the .htaccess file.
Any thoughts?
put this line at the en of settings.php
$conf['https'] = TRUE;
URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js
I am using tarruda datetimepicker for my project, it works all good until I move to https. Tarruda datetimepicker link is http. I get warning
Mixed Content: The page at 'https://mywebsite.com' was loaded over HTTPS, but requested an insecure stylesheet 'http://tarruda.github.io/bootstrap-datetimepicker/assets/css/bootstrap-datetimepicker.min.css'. This request has been blocked; the content must be served over HTTPS.
What can I do to fix this?
Host the file locally or change the link to use https -- https://tarruda.github.io/bootstrap-datetimepicker/assets/css/bootstrap-datetimepicker.min.css. I'd prefer hosting the file locally over the link as it is not a CDN and the owner can choose to discontinue the Github page, essentially killing your link.
I have wordpress multisite version 3.5 and woocommerce 2.0.2 with wildcard certificate.
I need to know if it is possible to force ssl on checkout page using wildcard ssl.
When I force ssl on the checkout page of the main site it works ok..
But when I do it on a subdomain with mapping plugin, I lose all the css of the checkout page and chrome display a certificate error.
Do I need a multi-domain certificate?
Can I have them working together?
What is the best way to go about this?
I will need SSL on checkout pages of each blog.
I need to know if it is possible to force ssl on checkout page using wildcard ssl
You can use the Wordpress HTTPS plugin to force SSL on the relevant pages.
I lose all the css of the checkout page and chrome display a certificate error.
You may need to create rewrites so that your assets are being served from the https subdomain: see this question for an example of it being done with subdirectory mapping.
The web-site has ssl certificate.
Any http page is redirected to the same, but https page (if not https) by .htaccess.
Everything works fine, but 404.shtml gets a security warning "This webpage contains content that will not be delivered using a secure HTTPS connection..." in IE. The same behavior is in any other browser.
How to exclude that error?
404.shtml web-page was created using web-hosting control panel wizard. The file 404.shtml was created automatically.
Most likely the automatically generated file includes links, images or other resources fetched via http. If you can change them to https links, you should avoid the problem. There's afaik no other way to make the browser not warn about this, at least in a cross browser way.