Confused on SSL certs mixed bag

Garfield-vic · November 19, 2020, 6:16am

Hi there,

I am new at using Let's Encrypt and being 70 doesn't help much either.

I have signed up through Crazy Domains and successfully registered a certificate with Let's Encrypt for the following domains:

I am confused as the certificate only works if I type in the full domain name, for example:

If I either type in www.garfield-vic.org or just garfield-vic.org I get a Not Secure message showing.

Could someone be able to point me in the right direction to have all variations show up as Secure and how would I go about doing this.

Any help would be greatly appreciated.

John

Osiris · November 20, 2020, 2:30am

Your first and third site have a TLS certificate, but don't have a redirect from HTTP to HTTPS:

Your webserver needs to implement this redirect, otherwise the browser doesn't know it can and should load the HTTPS version. You could try

Your second site also has a TLS certificate, but on top of lacking the aformentioned redirect, it includes HTTP content: summary.gif is loaded through HTTP which should be HTTPS. If content is loaded through HTTP, most browsers nowadays mark the site as insecure, even if a valid certificate is present.

Garfield-vic · November 19, 2020, 9:30pm

Thanks so much for your help Osiris, I really appreciated it.

I have followed your suggestions, didn't really know what I what I was doing, but it worked. All my sites are now showing as Secured regardless of how I enter their names.

I ticked the redirect HTTP to HTTPS box in Hosting Settings in PLESK. I also changed the HTTP content for summary.gif to HTTPS.

Thanks again and cheers,
John