SSL certification active but website still not secure

My domain is: zain.de

I activated Let’s Encrypt SSL protection with my hosting provider ALL-INKL.COM a few days ago.

When entering “www.zain.de” in any browser (safari, explorer, firefox, chrome…), it still says the website is not secure, despite the fact that on ALL-INKL-COM it reads that SSL protection is activated.

Can you help why “zain.de” it is still not secure?

Many thanks,
Philipp

1 Like

There are four possible connections to your site:

  1. http://zain.de/
  2. http://www.zain.de/
  3. https://zain.de/
  4. https://www.zain.de/

The first two are not secure and should be accepted and then redirected to the HTTPS sites.
The last two can operate independently or you can have one redirect to the other (if you prefer to use the WWW or NOT).

All four are working, the first is already redirecting to the second:

curl -Iki http://zain.de/
HTTP/1.1 301 Moved Permanently
Date: Wed, 15 Apr 2020 22:04:18 GMT
Server: Apache
X-Redirect-By: WordPress
Location: http://www.zain.de/

The second does NOT redirect:

curl -Iki http://www.zain.de/
HTTP/1.1 200 OK
Date: Wed, 15 Apr 2020 22:04:40 GMT
Server: Apache
Link: <http://www.zain.de/wp-json/>; rel="https://api.w.org/", <http://www.zain.de/>; rel=shortlink
Upgrade: h2,h2c
Connection: Upgrade
Vary: Accept-Encoding,User-Agent
Accept-Ranges: none
Content-Type: text/html; charset=UTF-8

The third redirects:

curl -Iki https://zain.de/
HTTP/2 301
date: Wed, 15 Apr 2020 22:09:23 GMT
server: Apache
x-redirect-by: WordPress
location: https://www.zain.de/

And the fourth works as expected:

curl -Iki https://www.zain.de/
HTTP/2 200
date: Wed, 15 Apr 2020 22:10:56 GMT
server: Apache
link: <https://www.zain.de/wp-json/>; rel="https://api.w.org/", <https://www.zain.de/>; rel=shortlink
vary: Accept-Encoding,User-Agent
accept-ranges: none
content-type: text/html; charset=UTF-8

That said, one may still see an “insecure” message if the content is “mixed” [HTTP forced links on an HTTPS site].
I don’t see that in your case: https://www.whynopadlock.com/results/ee4830c9-5486-4d25-9eff-06ec84191570

Soo…….
Please explain (or show a picture of) where/how the “website still not secure”.

1 Like

In review, the only thing I can find possible is that he is not adding https to the URL.
http://zain.de/ & http://www.zain.de/ will not be encrypted and may show that message.
But https://zain.de/ and https://www.zain.de/ will work fine.
All that is needed is a way to redirect the HTTP connections to the HTTPS web site(s).

1 Like

Hi, many thanks for your response and guidance on this topic. You are right that when I add “https” then I’m directed to a secure page. But when people google and click on the website or enter www.zain.de, they still get directed to our page stating “connection not secure” in the browser. You certainly noticed that I’m totally inexperienced in this, could you guide me how I can force that when entering www.zain.de or anyone clicks on a google search result gets directed to “https”?

Many thanks and kind regards, Philipp

1 Like

Hi Alex,

When a customer googles our salon and clicks on the search result he/she gets directed to www.zain.de and the browser still reads “connection not secure”. I don’t know how I can get a non-secure search result linked to a secure (https?) connection…

Hi @zainsalonhamburg

as @rg305 wrote: You need redirects. You have some - but not http -> https.

Read the url part of your domain check - https://check-your-website.server-daten.de/?q=zain.de#url-checks

The #comments part has some informations about adding redirects http -> https.

2 Likes

Hi Juergen,

thanks a lot – now it works !!!

Have a great week-end.

Kind regards, Philipp

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.