Part of the web site is not secure after certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: foodalchemist.cf
I ran this command: followed instructions to install
It produced this output:
My web server is (include version): apache2
The operating system my web server runs on is (include version): ubuntu
My hosting provider, if applicable, is: aws
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi Friends, I have just followed the instructions and applied certificate. Immediately after that half of my web page became unavailable. especially pictures and css.

Can someone please help how to revert everything back or solve it?

Thanks

Hi @senanito85,

You probably have a mixed-content problem due to hard-coded HTTP resource links on your site. You can diagnose this with a scanner like https://whynopadlock.com/, or with your web browser’s developer tools.

Yes, right at the top of your page, you have, for example

        </script>
        <link href="http://54.218.79.52/includes/assets/css/style.css" rel="stylesheet" type="text/css" media="all" />
        <link href='http://fonts.googleapis.com/css?family=Pacifico' rel='stylesheet' type='text/css'>
        <link href="http://54.218.79.52/includes/assets/css/animate.css" rel="stylesheet" type="text/css" />
         <!--- <script type="text/javascript" src="http://54.218.79.52/includes/assets/js/active.js"></script> -->
        <script type="text/javascript" src="http://54.218.79.52/includes/assets/js/jquery.min.js"></script>
        <!---strat-slider---->
        <link rel="stylesheet" type="text/css" href="http://54.218.79.52/includes/assets/css/style2.css" />
        <script type="text/javascript" src="http://54.218.79.52/includes/assets/js/modernizr.custom.28468.js"></script>
        <!---//strat-slider---->
        <!-- FancyBox -->
        <!-- CSS -->
        <link rel="stylesheet" href="http://54.218.79.52/includes/assets/css/jquery.fancybox-buttons.css">
        <link rel="stylesheet" href="http://54.218.79.52/includes/assets/css/jquery.fancybox-thumbs.css">
        <link rel="stylesheet" href="http://54.218.79.52/includes/assets/css/jquery.fancybox.css">
        <!-- FancyBox -->

All of these links should either use HTTPS or no protocol scheme at all, and they should use your domain name instead of your IP address.

For example, instead of

http://54.218.79.52/includes/assets/css/style.css

you could simply reference

/includes/assets/css/style.css

That would cause the browser to load it from the same web server, using the same protocol (in this case, also via HTTPS).

Any of the first few results at

https://duckduckgo.com/?q=mixed+content

should also be helpful in understanding and fixing the problem.

Thank You so much Schoen! This is really helpful!

Hi @senanito85

you have created an incomplete certificate.

You have two dns entries - non-www and www. But your certificate ( https://check-your-website.server-daten.de/?q=foodalchemist.cf )

CN=foodalchemist.cf
	04.04.2019
	03.07.2019
expires in 90 days	foodalchemist.cf - 1 entry

has only one domain name.

Result: Your non-www has the correct certificate (and mixed content), but your www version throws a warning:

So create one certificate with two domain names and use that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.