Site insecure inspite of installing cert

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.autoplay.in

I ran this command:Tested out in whynopadlock

It produced this output:https://www.whynopadlock.com/results/51eeb537-c07c-4fac-a55e-009125dc2ffb
The SSL certificate tests failed. Please be sure that you can connect to your site over SSL and try again.
You have no mixed content.

Tried webconssole as posted in other threads. I dont find any http content from my site

Tricky part is, when you open the site, the lock icon comes in for fraction of second, then get the Not secure icon

My web server is (include version):bitnami wordpress 5.3.0

The operating system my web server runs on is (include version):ubuntu 16.04

My hosting provider, if applicable, is:aws

I can login to a root shell on my machine (yes or no, or I don’t know):i can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.27.0

Screen Shot 2020-01-06 at 3.50.21 PM
Screen Shot 2020-01-06 at 3.50.21 PM2256×590 122 KB

1 Like
2

I would guess that your choice of a EC P-384 key for your certificate is something that Why Not Padlock’s SSL software does not support.

I ran the same test against https://ecc384.badssl.com/ and it produced the same result.

It is a very uncommon choice and you are bound to run into compatibility issues with clients/browsers. Support for P-256 is way, way better.

2 Likes
3

All my ECC certificates are P-384. It is NOT an uncommon choice and is perfectly accepted in many browsers. Chrome supports it at least since version 27. Firefox at least since 10.0.12. IE 8 on Win7 supports it (not XP). Opera 15 supports it. Safari 5 on iOS and Mac OS X supports it. Android supports it since Android 4 (!). source.

Furthermore, there's not really anything wrong with the TLS configuration according to SSLLabs.

However, that said, most sites operate dual certificates: an ECC as wel as a RSA certificate. This to insure the best compatibility, even though ECC (and P-384) should be widely supported.

1 Like
4

Hi @mitha_b

that's a known limitation of whynopadlock.

I use P-384 certificates, more then one year. Checked with whynopadlock, the same error. Sent a mail -> no answer.

2 Likes
5

Hi @_az

Now , what am i supposed to do to to get the lock icon ?
As this reflects as my site is not secure

Thanks
Madhumitha

6

Hi @Osiris

Can you let me know, what should i do to enable both ECC and RSA certificate ?

Thanks in Advance
Madhumitha

1 Like
7

Thanks @JuergenAuer

Surprising fact is, i get the lock icon as soon as we key in the site, and after 1or 2 sec the lock icon changes to not secure site
Anything done to remove this will be of great help

Thanks
Madhumitha

1 Like
8

Checking your domain you have mixed content - https://check-your-website.server-daten.de/?q=autoplay.in#html-content

Some images linked with an ip address. Your certificate doesn't have an ip address -> it's impossible to load these images.

Sample:

https://18.211.195.141/wp-content/uploads/2020/01/Screenshot-74.png

PS: Check your WordPress if there is a general option to change the ip link to a domain link. May be it's the result of such a wrong configuration. Works with http, but not with https.

2 Likes
9

Check the settings tab in your Wordpress. The site address may be set to http not https. WordPress often will redirect you.

2 Likes
10

Yeah, what you said (Didn’t see it B4 I posted, sorry)

11

No Problem. Thanks for your more detailed answer. I don't use WordPress.

12

Thanks @JuergenAuer (for the new site to check whole lot of contents related to site, indeed its helpful! ) and @TheEggman

Did the changes , and its working!
Getting the lock sign! Kudos to you guys!
Struggling for the whole day, and got to know its working now! Relaxed and relived !

Thanks
Madhumitha

3 Likes
13

Yep, now the Html-part is green. Grade C -> no mixed Content problem.

And if you test the site with whynopadlock, you will see the same problem - EC 384 -> whynopadlock doesn't understand it.

1 Like
14

I'm not familiar with Bitnami, so sorry, no clue.

1 Like
15

Yes you are right, still failing with whynoPadlock.
Thanks again for helping out!

1 Like
16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.