WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[resolved] https doesn't work on google chrome (33 posts)

  1. wheedle
    Member
    Posted 2 years ago #

    for some reason only in google chrome the wp https doesn't work. What can i do to fix this?

  2. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey wheedle,

    You'll have to be a lot more descriptive than that. What issues are you having?

    Thanks,
    Mike

  3. Aahan Krish
    Member
    Posted 2 years ago #

    Hey Mike, it's me again.

    wheedle is both right and wrong. Here's what I've noticed on all browsers.

    (1) If the ssl certificate is issued by a certified CA authority (you know there are many like Comodo, Go Daddy, Verisign, Thwate etc), then WordPress HTTPS plugin successfully redirects according to the settings in the options page. This because the browser doesn't have any issues with the SSL certificate of the website.

    (2) Some people (like me) use a self-signed SSL as we only need SSL to access WP-ADMIN and not for public use. In this case, the browser doesn't trust our SSL certificate, and the user will have to manually add our certificate to the trusted list maintained by the browser. (easier in firefox, but tougher in Chrome). Only after doing so, does the browser allow redirection from HTTPS to HTTP.

    But this fails the purpose of the plugin for us. We do not want the users to see an error message that our website is not safe/trusted (like this - http://bit.ly/ncGsSE - looks awefully frightening for newbies in Chrome, and they'll probably close the tab in no time) when they visit via HTTPS link, but that is what is happening despite using this plugin.

    So, I see only three solutions here:
    - plugin should enable server-side redirection. This issue is probably because the plugin uses wordpress redirection.
    - or we pay a few hundred bucks a year to get an SSL certificate from a highly qualified CA authority.
    - or maybe there's another way that you might know.

    I could be wrong though. But this is how I believe it is.

    thanks.

  4. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey Aahan,

    Sadly, that's not possible. You can not use a self-signed certificate and stop that error from showing up; otherwise, ever hacker would do that. Don't you think? The certificate check is built-in to browsers (for good reason) and can not be prevented.

    Also, the redirects are server-side. That would be really silly if they weren't.

    You can use a PositiveSSL Certificate from Comodo for $49 a year, which is the one I use on my server to test the plugin with. http://www.positivessl.com/

    Thanks,
    Mike

  5. Aahan Krish
    Member
    Posted 2 years ago #

    Okay, thanks for your suggestion Mike. I am looking at both Comodo and Godaddy at the moment.

    cheers.

  6. wheedle
    Member
    Posted 2 years ago #

    I purchased my SSL certificate from Bluehost, my hosting site. Is this not a qualified authority for these?

  7. Aahan Krish
    Member
    Posted 2 years ago #

    @wheedle : Bluehost probably resells SSL certs (if I am not wrong). Anyway, it should be okay with that.

    Just confirm one thing. Are you using the development version of wordpress HTTPS? (I think I had similar problems with redirection. Developmental version fixes it.)

    You can download it here: http://downloads.wordpress.org/plugin/wordpress-https.zip

  8. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    He still hasn't told us what he's having problems with. He wouldn't be having redirection problems in only one browser.

  9. Aahan Krish
    Member
    Posted 2 years ago #

    @Mike: Right.
    @wheedle: You'd better explain what's actually not working. Did you even read Mike's reply to your question?

    You'll have to be a lot more descriptive than that. What issues are you having?

  10. wheedle
    Member
    Posted 2 years ago #

    just so it's clear, I really appreciate your help... sorry if I'm coming across short. Just have a lot on my plate and not really understanding why I can't completely get the site to be secure.

    @mike I guess what I meant to say was... Is Bluehost not a certified CA authority? I bought my SSL certificate from them, because they are my hosting site, and one of the larger ones as far as I knew. And if possible I'd like to not have to purchase another certificate from someone else.

    @aahan: thanks for the link to the development version. I tried to install it and my site wouldn't load up after that... saying something about relooping? So for now I switched back to the first version I was using.

    So right now I'm still at the point where all browsers I have checked on besides Google chrome give me https. Google seems to be the only that doesn't give me the secure https

    I hope this is a little mroe clear.. I am quite new to this, so if not please forgive my ignorance, I'm learning.

  11. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey wheedle,

    If you paid for your certificate, it should be valid.

    What exactly is happening when you hit your site over HTTPS? From what you're saying, it sounds like you're running into partially encrypted errors. If so, follow my instructions on the FAQ for identifying what's causing the error. It should be possible to fix or remove whatever is causing issues.

    Thanks,
    Mike

  12. Aahan Krish
    Member
    Posted 2 years ago #

    Check what Mike suggested first...

    And then, it would also be a good try to disable all plugins. If it works as it should, then enable each plugin, one by one, to find out the culprit.

  13. wheedle
    Member
    Posted 2 years ago #

    @mike @aahan thanks for being patient with me and all the help... I'll try that and let you know how it goes.

  14. wheedle
    Member
    Posted 2 years ago #

    Sorry I just realized I didn't answer your question... When i check out my site on google chrome it crosses our the https in red

  15. Aahan Krish
    Member
    Posted 2 years ago #

    @wheedle hehe! It's nothing to worry about actually. It's just that some of the files are being loaded via HTTP.

    Check these options in WordPress HTTPS (SSL) plugin that you are already using and it should be fixed.

    1. Internal HTTPS Elements - - should be checked (tick the box)
    2. External HTTPS Elements - - should be checked
    3. Bypass External Check - - should be UNchecked
    4. Disable Automatic HTTPS - - should be UNchecked
    5. Force SSL Exclusively - - should be UNchecked as well

    Do that will enable HTTPS (SSL) encryption for your entire website, and should remove that crossed HTTPS mark in the browser address bar.

    @Mike correct me if I am wrong.

  16. wheedle
    Member
    Posted 2 years ago #

    @aahan: tried that and still showing the https crossed out in red

  17. wheedle
    Member
    Posted 2 years ago #

    @mike: do I need to go through the steps of changing my URL?

  18. Aahan Krish
    Member
    Posted 2 years ago #

    @wheedle : Do you use some sort of caching system? Did you try clearing your browser cache? (That's where Chrome can be tricky sometimes... but I don't know, if in this case, it can be).

    Otherwise, only Mike can you help you.

  19. Mvied
    Member
    Plugin Author

    Posted 2 years ago #

    Hey wheedle,

    Actually, in Chrome, it will only show a little triangle if there are elements loading over HTTP, it won't cross it out entirely. Do you mind posting a link to the site so I can take a look? It's possible there's an error with your certificate. If you don't want to post it publicly, you can send the link to mike[at]mvied[dot]com.

    Thanks,
    Mike

  20. Aahan Krish
    Member
    Posted 2 years ago #

    Oh yes... Mike's right. Sorry about my wrong suggestion. I quit. :)

  21. wheedle
    Member
    Posted 2 years ago #

    @ aahan: LOL.. thanks for the help honestly. Even if it doesn't solve my problem, I'm just happy someone is actually trying to help me. Rather than sitting here banging my head on my desk solo.

    @ mike: http://www.wheedledeals.com

  22. Aahan Krish
    Member
    Posted 2 years ago #

    @Mike and @wheedle: If I am not wrong, Chrome shows a little triangle if the static files from your website are loading via HTTP. If the static files, or whatever are loading via HTTP via someone else's website (anyone other than yours) it is considered "not secure" and hence the red X mark.

    I came to this conclusion from reading the error (screenshot: http://img1.uploadscreenshot.com/images/orig/8/24118261074-orig.jpg)

    However this page includes other resources which are not secure. These resources can be viewed by others while in transit....

  23. Aahan Krish
    Member
    Posted 2 years ago #

    From the source of your website I see 43 HTTP:// links. Try fixing them, then it should work.

    And why are you using Wibiya? From a my personal point-of-view (visitor), I hate such obtrusion in a page. Something popping out or overlaying is not cool my friend. Just what I think, you need not heed to it. ;)

  24. wheedle
    Member
    Posted 2 years ago #

    @aahan: I'm really new to this.. so can you help me with direction to the 43 http links? How do I find that information? And what do I need to do to fix them?

    as far as wibiya... my site was geared for foreign students that needed some translation etc... so i was using that for those purposes... but I agree with you and have been thinking of removing it.

  25. Aahan Krish
    Member
    Posted 2 years ago #

    1. In chrome go to https://www.wheedledeals.com and when's loaded completely, right-click anywhere on the page and select "View page source" or directly Ctrl+U (or cmd+U).

    Now that is the real face of your website. I don't understand why such a small page has that much code. Anyway, now Ctrl+F and that opens a search box at the top-right corner of the browser. Type http:// and use the arrows to find the http:// links in the page. Try to fix them all by editing the wordpress files or the way you added them.

    That's the way to do it.

    2. It's been an year since I started blogging (bit.ly/cCHRgU), and I've learnt a lot as to how a blog or website should be kept - - UNOBTRUSIVE at all times.

    As for the translation thing, I am sure there are better ways of doing it. Google is your friend.

  26. Aahan Krish
    Member
    Posted 2 years ago #

    Hey, actually dealso.me domain (as in Dealsome!) is available, did you know? Sorry Mike, I am free today, and am messing up with your support.

    :)

  27. wheedle
    Member
    Posted 2 years ago #

    now that i can see all the http:// links.. how do I fix those? LOL... sorrry really new to this game. They all seem to be links to other pages. If those pages aren't secure does that mean mine can't be also?

    what is the .me originally for? I was wondering why a site i just saw had the .me now realizing it completed a word. Learn something new everyday.

  28. Aahan Krish
    Member
    Posted 2 years ago #

    .me has probably been created for personal websites (I own aahan.me). Anyway, Dealso.me is a domain hack for Dealsome - - like awesome. (Did you know Delicious, a social bookmarking site? it went by del.icio.us for some time, now it's delicious.com).

    Anyway, coming to the point, you are asking me how to fix those? Seriously? I mean, who created that website, not you? If it's not you, then you should definitely contact that person.

    Because it involves editing wordpress files via FTP (if they were added manually into the template) or via WP-ADMIN if they were induced by some options. So, you should figure it out.

    If you want I can take a look, but if it involves lot of hours, then probably I can't help. (give out your email if you want me to take a look.)

  29. Aahan Krish
    Member
    Posted 2 years ago #

    And did you notice that Mike gave out his email? mike[at]mvied[dot]com
    Maybe he's available for a charge, check it with him.

  30. wheedle
    Member
    Posted 2 years ago #

    can you PM me at shawndjkidd@gmail.com so its not on the forum? I would love it if you could take a look and just let me know how much work it might take me. I completely understand if the job is big and it too much also.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic