No Clear Mixed Content and Still No Padlock?


#1

Hello,

I have been trying to get padlock onto my main site www.microstockilustrator.com. It continued to say mixed content based on certain images and now it is failing with the below error as per Whynopadlock website.

“The Mixed content tests failed. Please be sure that you can connect to your site over SSL and try again.
Error Returned: net::ERR_TOO_MANY_REDIRECTS at https://microstockillustrator.com

Here is the link:
https://www.whynopadlock.com/results/d2cd7824-9d8b-4c65-8c75-81056f977d5e

I have tried to disable all plugins and changing the home page to my blog posts and stuff but nothing has helped me so far. Any thoughts where I could find the issue? what else can I try?

The only error I can see in google console is the below one.

So, I have ran out of ideas and running out of days to get my site ready for new students. Who will want to come and purchase a course from an insecure website?

Any help or suggestions would be extremely appreciated.


#2

Right now, I’m getting an Invalid SSL certificate, which implies your server doesn’t have a valid certificate.

Based upon the too many redirects issue, I suspect you’re supposed to be using Flexible SSL from your Crypto settings at Cloudflare. Try Full (not the strict one) as well.

If you’re using Flexible and Wordpress, there’s a plugin that helps straighten all this out:


#3

I have the same problem. I have tried the full settings few minutes ago and it is still not working. Not sure how long I should wait before the change at cloudflare kicks in.

I have also checked the website (microstockillustrator.com) at another website and it says everything is fine. Below is the link
https://www.ssllabs.com/ssltest/analyze.html?d=microstockillustrator.com&latest


Cannot access my site ERR_TOO_MANY_REDIRECTS
#4

@sdayman awesome to see your reply. I was about to tag you as you have been very helpful elsewhere on this forum.

A little history of this site is that it is hosted with hostgator from whom I got a free SSL for a year. that expired last year. Not sure when but it may be the dates shown in the browser info (see below).

Few days ago, I got to know about cloudflare and i got their free ssl. I applied and it intially showed mixed content issue due to few images which I removed. Now I am stuck with this issue.

On MS Edge it doesnt talk about redirect issue but the fact that the SSL certificate is not valid.

image

So, my main question is could the previous SSL certificate be in conflict with the new ones and causing this redirects?


#5

Currently I am getting a 526 (Invalid SSL) which is caused by your origin.

On Full instead of Full (strict) Cloudflare will not validate the origin certificate and the error should disappear. It may take some time. You could also deactivate CloudFlare or SSL and wait a bit. Then re-enable.

The old certificate shouldn’t be a problem as long as it it no longer served by your origin.

SSL Labs is testing the CloudFlare certificate because they can’t check your origin.


#6

It is working now. I had raised a ticket with the hosting company for them to get this fixed if the issue has to do with their ssl. they initally said that they will have to install my 3rd party certificate (at a charge) but I argued that my other site hosted with them is working perfectly fine. So why an issue here? so they said one of their ‘admins’ will look into it.

This happened a good 2 hours ago and now when I check, i see the awesome, beautiful black padlock next to my site. what an awesome feeling it is… just like finding water in the desert after 3 days of search!

Thanks for your responses and thanks for cloudflare for their free ssl and for setting up this superb community.


#7

Here is an unsolved mystery.

While two other pcs and my mobile says that it is indeed secure (screenshot below)

From my Laptop, which is the one I use for work, it still says it is insecure. This is driving me nuts.

I have cleared browser history data, restarted my PC and the issue has not gone yet. I wonder what could be the issue? @sdayman @MarkMeyer you have any thoughts?

Could any of you check for me and tell me that you can see the padlock too? where do you think the fix might be? Why this issue on my laptop?


#8

There you go:

Chrome:

image

Firefox:

image

Konqueror:


#9

Thanks much Mark. You are awesome! :slight_smile:

Even whynopadlock is giving me green signal. So, I guess it would be wait till tomorrow to see if this solves itself by tomorrow (I hope it does)…and watch the pending list of movies for the day. Unless, there are suggestions for me to try out…

https://www.whynopadlock.com/results/34fcd4cf-e9d5-4dca-a58d-a6caef2a90b5


#10

My laptop still thinks that ,MicrostockIllustrator.com is untrustworthy. I have created a new account on the website and tested through that and the issue still remains. It is hard for me to work with this laptop when the browser keep screaming that it is insecure. Is there any way to check the underlying issue and then try to find a fix?

My all other sites on cloudflare is padlocked everywhere including my PC but why not this one? I have no clue.


#11

I always use Chrome browser to check site security. Dev Tools (from the bottom of the View menu) has a Security tab that’s great for tracking down insecure elements. Right now, your site looks good. Give Chrome Dev Tools a try on your laptop. Hopefully it will tell you exactly why you’re not getting the padlock.


#12

Thanks @sdayman

I have checked the security tab and I see that it is still showing that my website is on old certificate. Same is the case with newly installed firefox and MS edge.

How can a HTTP or HTTPS request/response change based on a PC? Have you or anyone here came across a situation like this? Have I reached a dead-end here?


#13

Have tries flushing the dns cache (ifpconfig /flushdns)?

Try also opening the command line and typing: nslookup microstockillustrator.com


#14

thanks. Flushing did not help much and the nslookup yielded some results which I could not make sense of.

I searched for the error text ERR_CERT_DATE_INVALID further and I landed here and here both of which talk about identifying and adding missing root certificates on my machine.

Haven’t yet found a way of doing it on my windows 10 machine. Still searching. If you have something useful around this or something else that I should try then let me know.


#15

It would help if you copy the results of the nslookup.

Well it could be Windows is missing some root certificates, but first we have to check it’s not DNS related.


#16

sure @matteo. Here it is…

image


#17

Alright, that works. Then the most probable cause is the root certificate…

Are you sure you are running the latest version of Windows?


#18

That just doesn’t look right (the Dev Tools Security certificate view. That doesn’t look like it came from Cloudflare, but rather your origin server. You wouldn’t happen to have your server listed in your laptop’s local Hosts file, would you?

In Dev Tools, can you switch to the Network tab. When you load your site, click on a resource and check the network headers. You should see some Cloudflare headers like below:


#19

Sorry for the delayed reply.

@matteo I have got this laptop for 2 years now and there have been several updates since then. I assume it is latest enough. have had another update which has gone in and made no difference.

Thanks @sdayman. Yes, there were few entries in the host file but were all pointing to different other websites and not to this one. So I thought it may not be an issue. I have removed all of them now.

I have had a look at the nextwork tab and to the headers and it doesnt yet say Cloudflare. Is it the root certificates that could be the problem? or something else?


#20

Seeing those headers you are not connecting to Cloudflare, that host IP is not part of Cloudflare’s network… Something on that computer hijacks that request!

It could be something in the hosts file (but you say it isn’t), something in chrome… Have you tried another browser? Try checking the extensions…