Installed SSL certificate, works for 3 seconds and then goes back to 'Not Secure'

ajaxwammes · June 24, 2020, 1:10pm

Hi!
I recently made a site that shows the worldwide travel restrictions due to the COVID situation (covidtravel.world). Today I installed a Let’s Encrypt SSL certificate on the website, what went pretty well. However it’s not working like it should. When I go to the website, it shows the site is secure for about 3 seconds, then when the site is fully loaded it suddenly goes back to ‘Not Secure’.

When I ran my site through the SSL checker (sslshopper.com) everything came back green. I also have an SSL that makes all requests redirect to secure HTTPS access.

I am using a Ubuntu 18.04 server, which I run through an AWS EC2 instance.

I read a bunch of other posts about people who have similar problems, but this one seems different, at it does show secure before the site/interactive travel map is fully loaded.

tl;dr: When the SSL works for 3 seconds, but when the site is fully loaded, it shows ‘Not Secure’, what could this indicate.

My domain is:
covidtravel.world

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
AWS EC2

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

Osiris · June 24, 2020, 1:19pm

I’m on my mobile phone now, so can’t check 100 %, but I think your OpenStreetMap is causing mixed content troubles. Is it loaded through HTTP in stead of HTTPS?

JuergenAuer · June 24, 2020, 1:20pm

Hi @ajaxwammes

there are two different problems:

That doesn't work because your http doesn't work - https://check-your-website.server-daten.de/?q=covidtravel.world

http -> Timeouts, so the redirect isn't visible.

The status isn't "not secure", it's simple mixed content.

http://a.tile.openstreetmap.org/0/0/0.png

is http.

ajaxwammes · June 24, 2020, 1:31pm

Juergen shared with me the OpenStreetMap is actually loaded through http. Although it should be possible to load the OpenStreetMap through https, right?

ajaxwammes · June 24, 2020, 1:46pm

I see. I never knew the HTTP is not working. To solve this, should I take a look into my Domain Name System service (AWS Route53)? Or somewhere else?

And in case I can get HTTP to work, will it change anything? As you mentioned that the openstreetmap is in HTTP?

Cheers!

Osiris · June 24, 2020, 2:42pm

That has nothing to do with DNS, but with access to port 80 (possibly firewall blocking that) and your webserver which should be listening on port 80.

Yes, I'm 99.99999999 % sure that's possible.

It would change the lack of redirect problem, but not your disappearance of the lock icon: that's due to OpenstreetMaps being loaded through HTTP

ajaxwammes · June 24, 2020, 7:57pm

Makes sense! Thanks for clarifying this, it all got a lot clearer. I am going to see if I can sort this out, thanks!

system · July 24, 2020, 7:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Valid SSL but web-browser marking it as not secure Help	18	923	June 25, 2020
SSL certificate issued but not working Server	6	760	January 16, 2019
SSL not working on COVID-19 statement page Help	4	613	April 17, 2020
Https not working! Help	4	1350	May 6, 2017
Very often problems with website access Help	5	885	April 21, 2017

Installed SSL certificate, works for 3 seconds and then goes back to 'Not Secure'

Related topics