SSL not showing on my website tbox.solutions

I installed SSL on my wordpress website tbox.solutions But it is still showing not secure. I even installed the certificate on my server and changed the name servers. I have enabled Full (Strict) in SSL. Please guide

Why Wait
Don’t wait for an answer, find it fast! Search for #CommunityTip error:
Example: #CommunityTip 521

Test Before You Post
Unsure of the issue? Test before posting using the Cloudflare Diagnostic Center: Diagnostic Center | Check SSL and Test Website Security | Cloudflare

Whats the domain?

tbox.solutions

It’s showing as secure for me in Google Chrome

The SSL on your Domain itself works. So your Website for me uses SSL correct, but ALL static ressources are links which begins with:
http://
As you use Wordpress please change your Settings from:

http://www.tbox.solutions
to
https://www.tbox.solutions
This will rewrite your static links in your DOM and SSL will work properly.

What I see:

  • ssl is valid
  • ssl works
  • no static ressources getting loaded due to CORS-Policy

I uninstalled the certificates from my server which allowed Full Protection and switched to flexible than it worked.

But how can I still get HTTPS with Full protection?

Dont do that please … its the worst you can do in Web.
Instead of “going back” better try to fix the main problem so you can use encryption.

Let me explain Flexible to you:
Data get send half way encrypted but half way unencrypted … so its useless.
In my opinion people should get sued for using it! And CloudFlare for providing it and not telling/stating anyone what SSL-Mode this Site is using, so Browsers could warn users not to type in sensible infosmations at sites which run with SSL-Mode Flexible! But its not possible and completely intransparent for users… so your CC infos may already be used somewhere else.

So many WordPress sites use Flexible and do sell things. Now when it comes to selling things you always transfer sensible informations and CreditCard Infos … well these infos half way are getting send in PLAIN TEXT. It is again all GDPRs, specially the german one which is pretty strict.
But these are just my two cents…

So how to solve this problem?

  1. implement your SSL on your origin again
  2. turn on SSL-Mode “Full”
    (now you are where you have been)
  3. now go into your WordPress Backend and MAKE A FULL BACKUP!
    3.1 you can also do this from your Server, but please all Data + DB!
  4. install the plugin “Better Search Replace” (LINK)
  5. go to the plugin. Search the string http:// and replace it with https://
  6. make sure to untick “testrun” as otherwise your changes are not written to the DB. (dont worry you have a Backup)
  7. run i! It will replace all HTTP with HTTPS. That you want as you need ALL links in HTTPS.
  8. test your site.

BONUS: once you tested everything any everything is working fine, and you do use a valid SSL Cert please up your SSL Mode to “Full strict”

  1. be happy you contribute to more security in better dataprotection in web :slight_smile:

Hint:
thats how it would look for me

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.