Not secure connection


#1

I today tried to use Let’s Encrypt Client with --standalone and it generated me the cert for my server.
Why does it say that the connection not secure? it show me this icon on google chrome link

This is part of my apache ssl conf:
SSLCertificateFile /etc/letsencrypt/live/srv.sniperjum.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/srv.sniperjum.com/privkey.pem SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH


#2

If you click on the icon in Chrome, you should see more information… Unfortunately, my crystal ball was damaged recently, so I can’t see what error you’re getting.

BTW: your site srv.sniperjum.com isn’t reachable from my end… Is it up?


#3

It wasn’t up for me either … it is now though.

You are loading the graphic ( http ://sniperjum.com/images/logo.png ) over http hence not showing as fully secure


#4

@Osiris
Yes it was down but now it up(My browser is in hebrew so I can screenshot but u can see it urself https://srv.sniperjum.com)

@serverco
so the reason for it is cause I loading stuff from http?


#5

Correct. You need to load everything via https.


#6

If you open the Chrome console, you’ll see an error message

This is also known as the mixed content warning. You cannot load a resource or execute a script file loaded from HTTP in a page served via HTTPS.

To fix the issue, simply use relative paths from the root. Change

<img src="http://sniperjum.com/images/logo.png"

to

<img src="/images/logo.png"

You can also simply change it to https, but it’s easier to omit the protocol and leave the browser resolve the URI from the request.


#7

Yes: “Mixed Content: The page at ‘https://srv.sniperjum.com/’ was loaded over HTTPS, but requested an insecure image ‘http://sniperjum.com/images/logo.png’. This content should also be served over HTTPS.” (From the Console)

But I’m sure your Hebrew Chrome information would have told you approx. the same :wink:


#8

ok thanks, didnt know that.