Clean Site, but No SSL

  • This really does make me think ‘is it really worth it?’ when it comes to messing about with SSL on a WordPress site, and I’m convinced that whoever comes up with a way to just install a plugin and press ‘GO’ will rule the world!

    Anyway, just got a clean install of WordPress that I wanted to install SSL on. Found a nice offer at GoDaddy for a certificate at £3.99 but Godaddy themselves blew that out of the water by saying in reality, that would be £130 for the year as I’d need one for my subdomains too – hmmm, typical Godaddy.

    Having been stung previously with SSL that was a pain in the ass, I decided to try out Cloudflare, but that in itself has proved to be nightmarish.

    So – I got the website, an account on Cloudflare with a flexible SSL certificate, a plugin called ‘Cloudflare Flexible SSL’, another one called ‘SSL Insecure Content Fixer’, and I did the page rules thing on Cloudflare with the wildcard marks and set all pages to be served over https.

    So why aren’t my pages showing up now as https?

    Any SSL gurus that think SSL is easy are welcome to reply!

Viewing 5 replies - 1 through 5 (of 5 total)

  • Did you update your sites URL to be https:// instead of https://?

    That can be done through the admin area, but can leave out any hard-coded links for things like images in your posts, so it may not work fully. The “easy” way to change it is using a search-and-replace plugin, or something like this script.

    Thread Starter steveraven

    (@steveraven)

    I’ve tried updating both the main url and the WordPress url to https, but I just get a semi white screen of death – either immediately following the main url, or after a while following the WordPress url.

    All of these reporters say to leave the url’s alone, which I find is the best way.

    G’day steveraven,

    If you have Cloudflare’s Flexible SSL, then your site is probably not detecting when it’s being loaded on HTTPS. See here, and then change the HTTPS detection setting on SSL Insecure Content Fixer:

    https://ssl.webaware.net.au/https-detection/

    Also, you probably don’t need the Cloudflare Flexible SSL plugin if you’re using SSL Insecure Content Fixer.

    If you’re still having problems, consider opening a support ticket with me:

    https://www.ads-software.com/support/plugin/ssl-insecure-content-fixer

    cheers,
    Ross

    Thread Starter steveraven

    (@steveraven)

    Well we have a little progress – deactivated Flexible Secure Content and the ‘https’ lock started showing!

    But now, theres a message on the website regarding insecure content – should I be using a ‘search and replace’ plugin to resolve this?

    Thread Starter steveraven

    (@steveraven)

    I jumped the gun a little and added the ‘search/replace’ plugin, but it keeps on saying there’s a Form that needs altering –

    Mixed Content: The page at 'https://www.thisisnottingham.org/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'https://www.thisisnottingham.org/'. This endpoint should be made available over a secure connection.

    – which is apparently in line 137 of something or other.

    How would I change this to https?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Clean Site, but No SSL’ is closed to new replies.