Forums

SSL not secure

Permalink
I have installed SSL on my site and while the site comes up with the SSL cert, it shows it being insecure, says there may things like images that are not secure. I have checked the source code and cannot find anything that shouldn't be there, but clearly something is preventing it. You can view the site athttp://frameworksfl.com.

I have slected Pretty URLs and the following in my .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>

Also, Canonical Urls =http://frameworksfl.com and Separate SSL URL =http://frameworksfl.com

Any guidance is very appreciated.
edsaxmoore
 
Mnkras replied on at Permalink Reply
Mnkras
Try removing the extra whitespace in your theme header so the doctype is the first line.
edsaxmoore replied on at Permalink Reply
edsaxmoore
I've tried everything to move the doctype up, but cannot find the culprit. I've looked at the index.php in the root, the config.php in concrete, the full.php, header.php in the theme. So far, nothing. Any ideas?
ConcreteOwl replied on at Permalink Reply
ConcreteOwl
In your theme header you probably have this
<?php defined('C5_EXECUTE') or die(_("Access Denied.")); ?>
<!DOCTYPE html>

change it to this
<?php defined('C5_EXECUTE') or die(_("Access Denied.")); ?><!DOCTYPE html>

(all on the same line)
Mnkras replied on at Permalink Reply
Mnkras
Try removing the extra whitespace in your theme header so the doctype is the first line.
mesuva replied on at Permalink Reply
mesuva
Sometimes when you switch over to https, you also need to clear concrete5's cache. Perhaps turn that completely off for a bit and see if that helps.

I normally enforce https through an htaccess change only, I'll add in the two lines here:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>
noogen replied on at Permalink Reply
I see the bad URL is at: /packages/equinox/themes/equinox/css//

It seem to be referenced all over your main.css and maybe other as: background-image: url('/packages/equinox/themes/equinox/css//')

This is causing all kind of confusion with redirects. Looks like you're also using nginx base on your server response so I don't know if those apache config will work unless you're doing nginx->apache proxy. This is my guess: https -> http proxy and the redirects are result of apache doing http redirect.

Check your equinox theme config for background-image. Make sure it's a good image or don't set one.
dennismoore replied on at Permalink Reply
I had the same issue using the equinox theme. There is a mixed content error when applying https because of this line in packages\equinox\themes\equinox\elements\head.php

<link href='http://fonts.googleapis.com/css?family=Raleway:400,600' rel='stylesheet' type='text/css'>


to fix copy this file to application\themes\equinox\elements\head.php and change the line to:

<link href='//fonts.googleapis.com/css?family=Raleway:400,600' rel='stylesheet' type='text/css'>
edsaxmoore replied on at Permalink Reply
edsaxmoore
Thank you!
stewblack23 replied on at Permalink Reply
stewblack23
The problem you are having is common when you use SSL for the first time. You have URL's that are using http but need to be updated to https or use the relative path to the file.

I ran your site through http://www.whynopadlock.com. That will help you fix the mix content url issues you are having.

Here is the results of your website after being scanned by whynopadlock.com.
https://www.whynopadlock.com/results/f19e4fea-942d-4028-99ae-b40f0bd...

Hope this helps.
edsaxmoore replied on at Permalink Reply
edsaxmoore
That is a great tool. Thank you for sharing!