Time taken for site to go 'secure'?


#1

Please fill out the fields below so we can help you better.

My domain is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk


I’ve installed a certificate via the let’s encrypt extension in Plesk. I’ve actually done this 4 times actually - I can see on the lets encrypt checker that the certificates have been issued.

I’m using Wordpress - I’ve changed the configuration to use https

But the site is still not showing as secure when I access the homepage - I’m not sure what the problem is.

However, if I try login then the login page does show up as ‘secure’.

Why are some pages secure and some pages not? Even both are being accessed through https?
When I check the URLs of the images it appears that they may still be served over http (not https) and I’m wondering if this is the source of the problem.

Any advice?

Particularly if its just me being impatient - who son will your site switch to ‘secure’ after you have installed a Let’s Encrypt SSL certificate?


#2

I don’t understand the question. Actually, I’m not sure it is a question :stuck_out_tongue:

The TLS certificate is properly installed on your site: https://dev.ssllabs.com/ssltest/analyze.html?d=ln-gpfed.org.uk&hideResults=on&latest

The reason you’re not seeing a green padlock icon is because the site is loading insecure items on the webpage:

You can check your site on: https://www.whynopadlock.com/


#3

Thanks - not sure how you managed to answer that before I finished writing my post!

But thanks - I think it is the images - do you know how I switch to serving secure images? I appreciate this may no longer be the correct forum for this question!


#4

You included the essential bit of information before the edit :wink:

Depends on how your site is build. Does it use a content management system like WordPress? How is the theme implemented? Are the protocols (http or https) for the images hardcoded into the HTML or theme of the website?

If you look at the code of your web-page, many links (URLs) are already up to speed with HTTPS:

(Not specifying http or https will force that URL to take the same protocol as the “main page”, HTTPS in this case, so that’s fine.)

<link rel="alternate" type="application/rss+xml" title="Lancashire North GP Federation &raquo; Feed" href="https://ln-gpfed.org.uk/feed/" />

(Already HTTPS specified, fine too.)

<link rel="shortcut icon" href="http://ln-gpfed.org.uk/wp-content/uploads/2017/02/logo-no-writing.png" />

http://! Not good!

Looking at that, the site seems to be a WordPress site. In the “General Settings” page of your WordPress admin, there are a few options you can specify (in my WordPress at least :stuck_out_tongue:):

  • WordPress Address (URL)
  • Site Address (URL)

Those should start with https://.

I can’t seem to find any other HTTPS option in my admin, so you should check those out first :slight_smile:


#5

Well, now I’ve asked a proper question - do you have any thoughts how I force my wordpress installations to serve images over https?


#6

Solved.

I installed a Wordpress plugin called ‘Really Simple SSL’. Installed, activated and corrected all images within 30 seconds.

Hope someone else finds the info useful!


#7

Ah great. I just edited my previous post, but that’s probably superfluous now. I’m guessing the plugin also changed the settings I mentioned :slight_smile:


#8

Yes and thank you for your time. It really is appreciated!


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.