My website still showing Not Secure


#1

Please fill out the fields below so we can help you better.

My domain is: estoreproj.xyz

I ran this command: Lets Encrypt on Plesk

It produced this output: Lets Encrypt Certificate successfully installed on estoreproj.xyz

My operating system is (include version):Windows 8.1 64 bit

My web server is (include version): Not Sure

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): I Don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Plesk

Hi,

My website is hosted by Plesk.I ran Let’s Encrypt Application on plesk,and entered my mail and hit the submit button.
After few seconds got a message on top saying Let’s Encrypt Certificate Installed On estoreproj.xyz.

I went to hosting settings and changes the Use SSl to Let’s Encrypt SSL.

But my website shows Not Secure even after installing SSL.Am i doing something wrong?Please let me know.


#2

The certificate is properly installed: https://dev.ssllabs.com/ssltest/analyze.html?d=estoreproj.xyz&hideResults=on (although it’s lacking on some security issues…)

The page itself doesn’t do anything on my mobile phone, but can it be it loads data from a non-secure location?


#3

Hi @melwin,

Your Let’s Encrypt certificate is OK, the problem with your site is the mixed content. When you set a site to use SSL, all the contents, urls to load js, images, etc. should have https links instead of http.

For example, your site try to load this content:

http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
http://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.2/modernizr.js
http://fonts.googleapis.com/css?family=Londrina+Solid|Coda+Caption:800|Open+Sans
http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
http://fonts.gstatic.com/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2

You should modify the links to use https instead of http.

Cheers,
sahsanu


#4

Maybe restart your web server? I know that when I renewed my cert, I had to restart NGINX for it to be detected correctly.


#5

further to this you can use this site to identify insecure content

https://www.whynopadlock.com/


#6

Have tried it? WhyNoPadLock says everything is OK…


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.