Seems like SSL is successfullly installed. Still getting Connection Not Secured


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://www.profile-accessories.com/

I ran this command: do not have access

It produced this output: none

My web server is (include version): not sure

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: rackspace

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): plesk

I’m trying to renew my SSL certificate on profile-accessories.com (as the auto-renewal does not seem to be working)

Althought Plesk is telling me I’ve successfully installed the new certificate, visiting the website tells me my connection is not secure.

I’ve also tested my site with whynopadlock.com and it seems I have no mixed content, but I do get this error:

Force HTTPS

X Your webserver is not forcing the use of SSL.
You may want to add a redirect to ensure a secure connection is used. More Info

(under more info)
Forcing the use of HTTPS:// on your site will ensure that visitors to your site are always using https://profile-accessories.com and aren’t able to access an insecure http://profile-accessories.com URL. This is recommended since if a visitor does access your site as http://profile-accessories.com everything will be marked as “Not Secure”.

Below code is for forcing HTTPs on an Apache webserver. If you are using another webserver such as lighttpd, nginx, etc you will need to contact your web hosting provider for assistance.

Add the following code to the .htaccess file in your webhosting account:

RewriteCond %{HTTP_HOST} profile-accessories.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://profile-accessories.com/$1 [R,L]

Once this change is made your site will no longer be accessible on the insecure “http://profile-accessories.com” URLs and all visitors will be redirected to “https://profile-accessories.com” instead.

If I add an .htaccess file to my server with a redirect, I get this error under mixed content:

The Mixed content tests failed. Please be sure that you can connect to your site over SSL and try again.
Error Returned: net::ERR_TOO_MANY_REDIRECTS at https://profile-accessories.com/


#2

Hi @gregorino

now you have a loop: https://profile-accessories.com/ -> https://profile-accessories.com/ … endless.

So you have too many redirects. First step: Remove these three rows:

Then create a new certificate via plesk with two names:

profile-accessories.com and www.profile-accessories.com

So https works with both domain names.


#3

@JuergenAuer, as in the other thread, this redirect only applies if the user accessed the resource via HTTP, so I don’t think it should create a loop by itself!


#4

Thanks.

But then must be other definitions, which creates a loop. Testing

https://www.profile-accessories.com/ (accepting the wrong certificate) creates a redirect to https://profile-accessories.com/ and there again a loop.


#5

Yes, I guess that must be caused by a redirection defined in another file.


#6

I’ve found a setting in Plesk that lets me apply a certificate to both profile-accessories.com and www.profile-accessories.com at once. This did not seem to fix the issue though. Now instead of saying my connection is not secure my browser says:

This page isn’t working
profile-accessories.com redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

I’ve removed the .htaccess redirect that @JuergenAuer mentioned. I’ve also tried clearing my cache and deleting cookies. Did not seem to fix the issue. Any other ideas?


#7

Now you have fixed your redirect.

https://profile-accessoires.com/ is now redirected to https://www.profile-accessoires.com/

There the certificate is wrong.

But you have created already two correct certificates (created today).

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:www.profile-accessories.com&lu=cert_search

So perhaps there is an option so plesk can use one of them

PS: Where was the redirect loop defined?


#8

I had placed an .htaccess file in the wrong folder which was causing an infinite loop, glad that problem was fixed easily.

Unfortunately, as for the two certificates. There is a place I can see all the certificates set up on a website, I can only see 1 though. I have deleted and re-created many certificates today. Is it possible the google report is outdated and shows a certificate I had deleted an hour ago?


#9

Thanks. Good to know.

Google shows the result of the Certificate Transparency Log (CT). Every certificate which is signed from a public Certificate Authority is there logged. The Log is read only. So revoking or deleting a certificate doesn’t change this log.

PS: There is a limit - 5 certificates with the same names in 7 days. So you shouldn’t create too much certificates. There is a test system. But I don’t know if plesk allows to use that.


#10

Thank you, I will stop creating new certificates. As far as I know plesk does not allow for testing.

Any other insights on what to do? I am at a loss. I have opened a ticket with my hosting provider but they often take up to a week to get back to me…


#11

There is again something wrong. I accepted the wrong certificate - and there was a loop again.

Now https://www.profile-accessories.com/ -> https://profile-accessories.com/ -> https://www.profile-accessories.com/

I don’t know how plesk handles that inside. But perhaps there are some configuration files you are able to edit.


#12

Hmm. Ok thank you for the insight. I will do some more research while waiting to hear back from my hosting provider


#13

So it seems I’ve successfully removed the loop :smiley: just by messing around in the settings in Plesk. I had it set to force users to use profile-accessories.com instead of www.profile-accessories.com. This seems to have fixed the issue.

Now for my other issue. Plesk is telling me my certificate is set up correctly. If I check on whynopadlock.com it also says my certificate is set up correctly. But I still am getting the “connection not private” error if I try to go to my page. I can now click through to the website, and access the website (although I see the not secure icon in the address bar)


#14

You’re using the wrong certificate, which is only for profile-accessories.com and not for both www.profile-accessories.com and profile-accessories.com.

Of the seven certificates you’ve issued, two (which you’re not using) cover both names, while five (one of which you’re using) cover only one name:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:profile-accessories.com&lu=cert_search


#15

Thanks! I was able to fix the issue with this information. Thanks both of you!!


#16

Now your certificate is correct:

And there is no loop. Your CommonName is profile-accessories.com, but there are two alternate names:

DNS-Name: profile-accessories.com
DNS-Name: www.profile-accessories.com

Now it’s ok.

First I saw a warning. But that was because I had added an exception.


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.