That guide is supposedly not supported anymore because Hostinger now offers SSL for a fee, but I followed the instructions exactly to install the LetsEncrypt SSL.
I encountered many errors throughout the process, mainly in the Putty program, but managed to get to the end and got the Certificate and Private Key, and entered it in.
However, my website is still not fully secured. It is not https by default, and when I add in https, it works, but says “Your connection to this site is not fully secured.”
Since I know nothing about hosting, SSL, and those operating system terms, can someone assist me to figure out what went wrong with my SSL installation? Should I redo it with some other method?
Your website suffers from a mixed content problem, which occurs when you include some HTTP resources (such as images, scripts, or stylesheets) inside of an HTTPS page. You can diagnose this using your web browser’s developer tools, or an online scanner such as
Fixing this requires changing the links in your site content to secure versions of these resources, or, if the links are automatically generated by a content management tool, updating that tool’s defaults or settings so that it generates HTTPS links instead of HTTP links.
Hi schoen.
Thank you for your help. Since I have no experience in this, what is the easiest way of fixing this problem? Is there a way I can just force https on everything? How would I do that with letsencrypt? Does it have to be done in my hosting provider’s options or from my wordpress website?
Thanks for the reply. I changed my site url to https on my wordpress settings, and now everything seems to be working. When I go on my site, it says it’s secured now.
I still keep getting a Soft Failure (Mixed content) saying I have an image without https, but I removed all traces of that image from my wordpress and even deleted it through FTP, but it still shows that. Can I ignore that or is that picture hidden in my code somewhere?
Also is force https required? Whynopadlock says I don’t have it.
A2a.You must have missed one; or it is imbedded in included content.
A2b. If you ignore it, everyone that visits the site will get the same “insecure” (mixed-content) message. Are you OK with that?
A3.Forcing HTTPS means even if you accept HTTP connections, they will require the user to reconnect via HTTPS. This is a preferred “standard” - make everyone use your HTTPS site.
@JuergenAuer Thank you for letting me know the www didn’t work. I looked at that guide I followed and realized what I did wrong. One of the commands involved “yourdomain.com:www.yourdomain.com” and I (being a complete newbie) put the same link in for both fields (without the www).
I just went through the process again (was much easier and faster after I did it once before), and I think everything is good now.