Plugin Author
AITpro
(@aitpro)
Most likely caused by trying to load the image from an HTTP URL/link on an HTTPS page. Typically that would result in a standard Browser error something like “the page is loading unsecure blah…do you want to proceed blah…”
Check your BPS Security Log and post a log entry that has to do with the header image file. Also view the Source Code of your website page to check the URL/link of the header image file. Most Browsers allow you to right mouse click and click on View Source or some command name similar to that to view the Source Code of website pages.
Plugin Author
AITpro
(@aitpro)
Also this SSL code is better.
http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233
# WP REWRITE LOOP START
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_PORT} ^80
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^index\.php$ - [L]
Thank you for your suggestions!
Strange. When I enter the page the first time, I have to accept the certificate. And the page loads without the header image (also https in source code). When I open the image directly, I have to accept the certificate again and since then the image appears on the page.
Is this some kind of certification problem?
—
Btw. the page is https://stephanmonecke.de/
Plugin Author
AITpro
(@aitpro)
“I have to accept the certificate”
Do you mean you are seeing a warning or error saying something about secure and unsecure content?
It sounds like the image is coming from an unsecure location HTTP and your page is HTTPS.
Plugin Author
AITpro
(@aitpro)
Oh i didn’t see your link. This means your SSL certificate is not valid or is not setup correctly. Contact your Host so they can assist you with setting up your SSL Certificate.
The site’s security certificate is not trusted!
You attempted to reach stephanmonecke.de, but the server presented a certificate issued by an entity that is not trusted by your computer’s operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
Plugin Author
AITpro
(@aitpro)
When i click on the SSL lock icon and look at the details of the SSL Certificate it is generic Parallels Panel info and does not contain your domain name. In order for an SSL Certificate to be valid it MUST contain your domain name.
Plugin Author
AITpro
(@aitpro)
I checked your site again. Now you have an issue with a self-signed SSL certificate – translation you did not buy an SSL Certificate from one of the known/established SSL Certificate providers: Verisign, Go Daddy, etc.
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.
http://www.sslshopper.com/ssl-checker.html#hostname=https://stephanmonecke.de/
Plugin Author
AITpro
(@aitpro)
I checked your site again and see that you do not have a valid SSL Certificate. I believe that problem is that you do not have a valid SSL Certificate. In order to use SSL and for it to work correctly you would need to have a valid SSL Certificate. Resolving this thread.
Hey,
I’m sorry for the late response but it has been a busy week…
Thank you for your response but that is not the problem. I know it is a self-signed certificate – I don’t want to spend money for that – but the problem is strangely just related to the header image.
I think it must be something with the domains…
To reproduce the problem, do the following (do it in chromium: other than firefox, it shows an empty image frame):
- Go to stephanmonecke.de
- Accept the certificate –> page is being displayed except for the header image.
- Open just the header image in a separate tab
- accept the certificate AGAIN
- then the full page is being shown properly
The problem is that I have to manually accept the certificate again in order to display the page properly. I can do that easily but not users who have no idea of software and I couldnt get it to work on a mobile device.
I don’t know whether this is related to it but I noticed that the
add html-link pop-up window has no buttons which is uncomfortable…
Thanks in advance for any help!
%% =========
P.s.: I just noticed that the image is stored at:
https://stephanmonecke.de/wp-content/uploads/2012/08/copy-cropped-cropped-bg.jpg
But when you open it over the page the link is with www:
https://www.stephanmonecke.de/wp-content/uploads/2012/08/copy-cropped-cropped-bg.jpg
Then you have to accept the certificate and are being redirected to:
https://stephanmonecke.de/wp-content/uploads/2012/08/copy-cropped-cropped-bg.jpg
\Γ³.Γ/
Plugin Author
AITpro
(@aitpro)
Accept the certificate –> page is being displayed except for the header image.
I am not willing to do that step and probably most other people will not do that either. If this is a personal site and you do not care about getting website visitors/visitor traffic then this is ok, but if you actually want visitor traffic then probably most people will leave your site when they see the warning and will not accept the certificate.
For the non-www to www issue. I am not sure if you need to implicitly use www in the domain name or can use alternates or wildcards in the domain name, but maybe that has something to do with the issue: http://webmasters.stackexchange.com/questions/32601/self-signed-ssl-certificate-with-a-wild-card-works-for-sub-domain-fails-for-t
Are you using non-www to www .htaccess rewriting code?
http://forum.ait-pro.com/forums/topic/wordpress-ssl-htaccess-code-rewrite-ssl-rewritecond-server_port/#post-7233
Plugin Author
AITpro
(@aitpro)
Also are your WordPress General Settings correct?
Settings >>> General
WordPress Address (URL) should be a www URL
Site Address (URL) should be a www URL
Hey, thank you for the response!
I am not willing to do that step
No problem!
I once messed around with the htaccess file but I cant find that code-snipped in it.
The General Settings are set without www. When I add the www-prefix the site is not available anymore and I have to change it back in the db entries manually.
%% ===========
If this is a personal site and you do not care about getting website visitors/visitor traffic then this is ok, but if you actually want visitor traffic then probably most people will leave your site when they see the warning and will not accept the certificate.
You are probably right but this is a personal page primely for people who know me. I am not willing to spend any money for a certificate (exaggerated: for nothing) and with the only free source I found, I would have to renew it every month. On that base I stick to a self-signed one.
Plugin Author
AITpro
(@aitpro)
I once messed around with the htaccess file but I cant find that code-snipped in it.
The link I posted has the new SSL .htaccess rewrite code and instructions on how to add the new SSL .htaccess rewrite code.
The General Settings are set without www. When I add the www-prefix the site is not available anymore and I have to change it back in the db entries manually.
Then that is a problem. You should be able to switch from non-www to www and vice versa in WordPress General Settings without any problems. Once you make that change your site will not be viewable temporarily and you will need to close your Browser, reopen your Browser and clear your Browser Cache. Then make sure you are using the www URL to your site and not the non-www URL. You want to check that the non-www URL is redirecting correctly to the www URL. If it is not then that is another reason to use the SSL rewrite .htaccess code AND you may need to add a rewrite for non-www to www too.
http://forum.ait-pro.com/forums/topic/htaccess-redirect-www-to-non-www-htaccess-redirect-non-www-to-www/#post-1723
# Rewrite non-www to www for HTTP/non-SSL
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R,L]
RewriteRule ^index\.php$ - [L]
# WP REWRITE LOOP START
# Rewrite non-www to www for HTTPS/SSL
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_PORT} ^80
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
# line below is commented out / not in use
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteRule ^index\.php$ - [L]
