Why don't I have a padlock?

hqautopartsdev · June 21, 2020, 8:48am

My domain is: hqautoparts.ca

I ran this command: https://www.whynopadlock.com/results/60ea11d8-9413-47dd-aa71-6595572f1f78

It produced this output: SSL Connection - Pass

My web server is (include version): Wordpress Version 5.4.2

The operating system my web server runs on is (include version): Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Osiris · June 21, 2020, 8:53am

In Chromium, I do have a padlock. But I also see some errors:


(index):207 GET https://52.73.146.180/wp-content/uploads/2017/08/speedometer-free-img.png net::ERR_CERT_COMMON_NAME_INVALID
(index):215 GET https://52.73.146.180/wp-content/uploads/2017/08/alloy-wheel-free-img.png net::ERR_CERT_COMMON_NAME_INVALID
(index):223 GET https://52.73.146.180/wp-content/uploads/2017/08/air-conditioning-free-img.png net::ERR_CERT_COMMON_NAME_INVALID
(index):251 GET https://52.73.146.180/wp-content/uploads/2017/08/mechanic-free-img.png net::ERR_CERT_COMMON_NAME_INVALID
(index):259 GET https://52.73.146.180/wp-content/uploads/2017/08/wallet-free-img.png net::ERR_CERT_COMMON_NAME_INVALID
(index):488 GET https://52.73.146.180/wp-content/uploads/2020/06/photo-1587293852726-70cdb56c2866.jpg net::ERR_CERT_COMMON_NAME_INVALID

You’re using URI’s with IP addresses in stead of the hostname. Could be a WordPress configuration setting.

JuergenAuer · June 21, 2020, 9:18am

Hi @hqautopartsdev

what’s your browser?

As @Osiris wrote, you have some images with

https://52.73.146.180/wp-content/uploads/2017/08/air-conditioning-free-img.png

Result: The certificate is invalid, so Chrome blocks loading these images. There are 5 images via https + ip addresses (see https://check-your-website.server-daten.de/?q=hqautoparts.ca#html-content-block-1-img ).

That’s not a mixed content problem (loading images via http), that’s blocked content problem (image not loaded -> broken main page):

See

2020-06-21.hqautoparts.ca

hqautopartsdev · June 21, 2020, 9:30am

@JuergenAuer am using chrome Version 83.0.4103.106 (Official Build) (64-bit)
as well. I fixed the image errors but I am still getting the no padlock (Info)

Osiris · June 21, 2020, 10:20am

Not all of them:

(index):488 GET https://52.73.146.180/wp-content/uploads/2020/06/photo-1587293852726-70cdb56c2866.jpg net::ERR_CERT_COMMON_NAME_INVALID

You can check this for yourself in the Developer Console.

JuergenAuer · June 21, 2020, 10:51am

I can't see that error.

Share a screenshot.

PS: The whynopadlock - info

You currently have TLSv1 enabled.

isn't mixed content. That's a problem of your server configuration, not of your html code.

Osiris · June 21, 2020, 11:19am

But also from WhyNoPadlock:

This warning won't break your padlock

So not sure how this is relevant.

hqautopartsdev · June 21, 2020, 5:29pm

@JuergenAuer this is what it looks like for me. Cleared cookies and cache. Latest version of chrome

@Osiris where do you see that error my console doesn’t show that and I couldn’t find the IP when I grepped my files.

Rip · June 21, 2020, 5:42pm

@hqautopartsdev
@Osiris has a sharp eye. It is not in your files. You are using wordpress. It is in your database.

Rip

Rip · June 21, 2020, 6:06pm

It is in the css cached from a plugin.

{background-image: url(https://52.73.146.180/wp-content/uploads/2020/06/photo-1587293852726-70cdb56c2866.jpg}

Rip

JuergenAuer · June 21, 2020, 6:11pm

That's not your main page, that's /about/.

Checking that page - the same problem - https://check-your-website.server-daten.de/?q=hqautoparts.ca/about/#html-content

https://52.73.146.180/wp-content/uploads/2020/01/car-repair-engine.jpg

Looks like you have a lot of wrong resources with ip addresses.

And tons of errors in the Google console.

GET https://hqautoparts.ca/wp-content/plugins/ultimate-member/assets/css/um-old-default.css?ver=2.1.6 net::ERR_CONNECTION_REFUSED
(index):66 GET https://hqautoparts.ca/wp-includes/js/imagesloaded.min.js?ver=5.4.2 net::ERR_CONNECTION_REFUSED
(index):63 GET https://hqautoparts.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=7.10.4 net::ERR_CONNECTION_REFUSED
(index):67 GET https://hqautoparts.ca/wp-content/plugins/ultimate-member/assets/js/um-gdpr.min.js?ver=2.1.6 net::ERR_CONNECTION_TIMED_OUT
(index):65 GET https://hqautoparts.ca/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 net::ERR_CONNECTION_TIMED_OUT
(index):64 GET https://hqautoparts.ca/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp net::ERR_CONNECTION_TIMED_OUT
(index):565 GET https://52.73.146.180/wp-content/uploads/2020/01/car-repair-engine.jpg net::ERR_CERT_COMMON_NAME_INVALID

Plus not defined jQuery etc. May be jQuery loads some http resources, that's your mixed content I don't see.

system · July 21, 2020, 6:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.