SSL not showing on my website tbox.solutions

accetrix · March 4, 2021, 10:54am

I installed SSL on my wordpress website tbox.solutions But it is still showing not secure. I even installed the certificate on my server and changed the name servers. I have enabled Full (Strict) in SSL. Please guide

Why Wait
Don’t wait for an answer, find it fast! Search for #CommunityTip error:
Example: #CommunityTip 521

Test Before You Post
Unsure of the issue? Test before posting using the Cloudflare Diagnostic Center: Diagnostic Center | Check SSL and Test Website Security | Cloudflare

soldier_21 · March 4, 2021, 11:07am

Whats the domain?

accetrix · March 4, 2021, 11:19am

tbox.solutions

soldier_21 · March 4, 2021, 12:09pm

It’s showing as secure for me in Google Chrome

M4rt1n · March 4, 2021, 12:48pm

The SSL on your Domain itself works. So your Website for me uses SSL correct, but ALL static ressources are links which begins with:
http://
As you use Wordpress please change your Settings from:

http://www.tbox.solutions
to
https://www.tbox.solutions
This will rewrite your static links in your DOM and SSL will work properly.

What I see:

ssl is valid
ssl works
no static ressources getting loaded due to CORS-Policy

accetrix · March 4, 2021, 12:46pm

I uninstalled the certificates from my server which allowed Full Protection and switched to flexible than it worked.

But how can I still get HTTPS with Full protection?

M4rt1n · March 4, 2021, 1:13pm

Dont do that please … its the worst you can do in Web.
Instead of “going back” better try to fix the main problem so you can use encryption.

Let me explain Flexible to you:
Data get send half way encrypted but half way unencrypted … so its useless.
In my opinion people should get sued for using it! And CloudFlare for providing it and not telling/stating anyone what SSL-Mode this Site is using, so Browsers could warn users not to type in sensible infosmations at sites which run with SSL-Mode Flexible! But its not possible and completely intransparent for users… so your CC infos may already be used somewhere else.

So many WordPress sites use Flexible and do sell things. Now when it comes to selling things you always transfer sensible informations and CreditCard Infos … well these infos half way are getting send in PLAIN TEXT. It is again all GDPRs, specially the german one which is pretty strict.
But these are just my two cents…

So how to solve this problem?

implement your SSL on your origin again
turn on SSL-Mode “Full”
(now you are where you have been)
now go into your WordPress Backend and MAKE A FULL BACKUP!
3.1 you can also do this from your Server, but please all Data + DB!
install the plugin “Better Search Replace” (LINK)
go to the plugin. Search the string http:// and replace it with https://
make sure to untick “testrun” as otherwise your changes are not written to the DB. (dont worry you have a Backup)
run i! It will replace all HTTP with HTTPS. That you want as you need ALL links in HTTPS.
test your site.

BONUS: once you tested everything any everything is working fine, and you do use a valid SSL Cert please up your SSL Mode to “Full strict”

be happy you contribute to more security in better dataprotection in web

Hint:
thats how it would look for me

system · March 7, 2021, 1:05pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.