In Chrome browser - your connect to this site is not fully secure


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):linux 3.10.0-962.3.2.lve1.5.24.8.el7.x86_64

My hosting provider, if applicable, is:hostpapa

I can login to a root shell on my machine (yes or no, or I don’t know):no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel 76.0.20

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


What was the rest of the error message?

It looks like there’s some mixed content – JavaScript files loaded over HTTP instead of HTTPS. (It would also be a problem if other things like CSS or images were mixed.)

Chrome’s developer tools can help show what’s going on.

It might be that all you need to do to fix it is change the site URL in WordPress’s configuration to use https.


The message I see in chrome. - "Your connection to this site is not fully
Attackers might be able to see the images you’re
looking at on this site and trick you by modifying
them. Learn more


Hi @dylan

use Ctrl + Shift + I, that opens the console. There you see a different error message.

greensock.js?ver=1.19.0:19 Mixed Content: 
The page at '' was loaded over HTTPS, 
but requested an insecure image 
This content should also be served over HTTPS.

The check result @mnordhoff had posted (from whynopadlock)

shows the same problem.

An image with an insecure url of “” was loaded via the javascript file: on line 18. The insecure URL may not be directly contained in the script file and may exist elsewhere.
You may need to contact your web hosting provider for assistance. This URL will need to be updated to use a secure URL for your padlock to return.

But: This Javascript file doesn’t have the wrong url. Wrong urls are in two CSS files ( ), the JavaScript loads the content.

The css files are loaded via https. But they have a lot of url definitions:

background: url("")

This is mixed content.

First file:


I removed most of the links in the second sample, the list is too long.

So there are more then two links you should change

http -> https

if there is a https version.


Not sure how to locate those two file. Any suggestions


These are the two files:

Both have a lot of url(http://…) definitions, that’s mixed content.

PS: Use to recheck your domain.

There you see all the definitions in these two files you should change.

The first file has three font definitions loaded via http.

The second has 16 image http links

1 Like

Thanks Juergen it worked

1 Like

I see, you have rechecked your domain with the updated tool

Chrome is now happy, that’s good. But the Chrome-check is incomplete. FireFox shows the error loading a font:

Laden von gemischten aktiven Inhalten "" wurde blockiert.[Weitere Informationen] greensock.js:19:20323
Laden von gemischten aktiven Inhalten "" wurde blockiert.[Weitere Informationen] greensock.js:19:20323 

But the error message is wrong, same as Chrome. greensock.js is the JavaScript that loads the file. But the file isn’t defined in that JavaScript, instead in that CSS-file.|

So check your file

and change there these three font-links http -> https.

Then recheck your domain, then the mixed content warning

Mixed content - content loaded via http

should be removed.

closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.