Browser Warning -- Https

On my Sytist site, when one is directed to an https page during the checkout process, the browser warns "this website is not fully secure" blah blah blah. I thought it was the image I used for my header, so I changed its link to an https link -- but still getting the message.

I have looked around the pages, and cannot find what is causing the warning. The links in the footer are non-https links, could that be causing it?? If no, any ideas on what needs to be fixed to get my lovely padlock "secure site" browser approval??

Thank you very much!!!!

P.S. I get the same warning on the admin side, but I assume it is just images, and the admin side is secure to be handling sensitive info, right??

Editing with one more thought....I just switched from PhotoCart to Sytist. Could this be something with the SSL installation?? Should this be an issue handled by my host from whom I purchased the SSL (and they installed it)??

Edited Sat Aug 01, 15 2:18 PM by Annie Duncan

Are you using google fonts? If you are make sure your refer to them with https and not http. Any reference to http: anything could cause this issue.

Does the page display anyway. I didn't see a link so I couldn't test

Edited by

It's your call to favicon. At least that is what is on the opening page. Plus your logo causes error (file not found: header_logo_small.png) on when screen is re-sized

Edited Sat Aug 01, 15 8:04 PM by Bill Wells

Okay, but it isn't "my call" to the favicon, I am using built-in features of the software. I did add a Google font, but pretty sure I am not using it. Again, I used the built-in feature for this, I am not writing my own code. I did place the full link to the header file, thinking that would fix it.....but it didn't. I have no problem doing my own php and css editing on WP sites, but I am not going to go messing around with software which needs this level of security.

So, a restated question.... How do I use built-in features of this software, which is advertised to sell online, without getting browser security warnings?? I am sure there is a simple answer.

Edited by

One more thing I just thought of..... I created the Sytist site in a temporary directory, until it was ready to go. I hadn't thought of checking the browser https icon until AFTER I moved it to the root today. Could moving it have caused issues linking correctly to https elements?

Edited by

I deleted ALL Google fonts, and cannot find a way to NOT have a favicon within the options. Still having security warnings.

Edited Sun Aug 02, 15 9:57 AM by Annie Duncan

It appears to be coming from the favicon. If you send me an email I can send you a file to upload to fix it.

Edited by

Hi Tim! Just sent you an email. Thank you very much!!

Edited by

I'm having the same issue.... hopefully it's just the Favicon as well.... Tim, what is the fix?

Edited by

I'm having the same "this website is not fully secure" problem on my site, but can't figure out what's triggering the warning message!

Any thoughts on what's causing it here??
https://www.paulmanoian.com/clients/

Edited by

Paul M... for me, it was the FAVICON. I think Tim's last update addresses the issue.... I had to remove my favicon for a short time, but since the update, it seems to be fine on the public side. NOT the admin side - which is fine.... the public side though is okay.

Edited by

I tried removing the favicon and the problem was still there

Edited by

I used a couple of tools to track down the source of the problem and I'm definitely sure it's not the favicon causing the problem.

Here are the results I'm getting from whynopadlock.com when I scan https://www.paulmanoian.com/clients/:
Insecure URL: http://www.paulmanoian.com/
Found in: https://www.paulmanoian.com/clients/
Insecure URL: http://www.paulmanoian.com/photography/
Found in: https://www.paulmanoian.com/clients/

However, I can find any reference in the page source code to pulling elements from the 2 insecure URLs above.

Interestingly, there doesn't appear to be a mixed content warning with any of the sytist admin pages. The problem only seems to be with the client-facing pages.

Tim, what could be causing this?

Edited by

Your page makes calls to the following

http://www.paulmanoian.com/photography/
http://www.paulmanoian.com

Look at meta data and system setup files as well as calls to facebook.

Both resolve to /photography/ directory as home page

Edited Fri Sep 18, 15 8:02 PM by Bill Wells

I can't find anything in the page source code pulling assets from the 2 links and there isn't a reference to the 2 links in the meta data. Also, I tried removing everything related to Facebook. I'm absolutely stumped.

Edited by

Look at your logo and your menu links.

Edited by

I temporarily removed the header/logo and footer content and the problem was still there.

The console is Chrome says this:
Mixed Content: The page at 'https://www.paulmanoian.com/clients/index.php?view=checkout' was loaded over HTTPS, but requested an insecure image 'http://www.paulmanoian.com/photography/'. This content should also be served over HTTPS.

I understand what that means. However, I absolutely cannot find a reference to it in the page source. 'http://www.paulmanoian.com/photography/' is not an image. Something embedded must be referencing it.

Edited Sat Sep 19, 15 7:00 AM by Paul M

Paul is your certificate a "wild card" meaning it covers www prefix and non-www prefix, sorry for being basic, you obviously know your way around, but just checking.

Your cert is issued to paulmanoian.com but your site resolves to www.paulmanoian.com.

Edited by

Yes. It allows for both paulmanoian.com and www.paulmanoian.com.

I can see the lock icon while the page is first loading, but it pops up with the warning right before the page completes.

I'm perplexed because the warning says "http://www.paulmanoian.com" and "http://www.paulmanoian.com/photography" is insecure content that tried to load. But aren't any src="..." references to them in the page source.

Edited by

That is strange but I think I know what it is. I am emailing you a file to upload to see if it fixes this.

Edited by

Hi Tim.

I'm going to resurrect this topic, as I too am having the exact same problem, and I need you to assist me in trying to fix it (seeing that I'm trying to add a proper photocart).

regards,

Tom Fenn

www.fennphotography.co.uk

Edited by

Where are you seeing that? If it is on your admin home page, then maybe you aren't using a link that uses httpS

Edited by

Hi, I'm getting the mixed content warning message too. I can't seem to find whats causing it? My url is https://lindahewellphotography.com.au/clientarea/

Thank you
Linda

Edited by

I think it has something to do with the way you were forcing httpS in the .htacess file. I was looking into it but your server's firewall has blocked me for some reason.

Log into your Sytist admin and click Settings in the main menu.

Underneath the left menu click edit .htaccess file.

In that filer under the line:
RewriteEngine On

ADD THIS:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.lindahewellphotography.com.au/$1 [R,L]

And save.

Edited by

Hi Tim, unfortunately that did not work. What else can I try?

Edited by

You should contact your hosting company about it. I didn't see any mixed content in the source code and it could be the way the SSL is installed.

Edited by

Hi Tim, if you go to my main site https://lindahewellphotography.com.au you'll see that SSL has been configured properly. Sytist is installed in a sub folder of the primary domain. How does it work for the main site but not Sytist?

Edited by

I didn't see anything in the source code, but did see in the network console it is a wrong URL for the background of your theme and instead of it just doing a 404, it is trying to redirect which is causing it. I don't know why though the background graphic has the wrong URL.

In your Sytist admin go to Design -> Edit My Theme. Click Background in the left menu then click Manage Background and then click the clear link to remove it. Save and then check it. You can try to reselect another background graphic and see if the new one works if you want a background graphic.

Edited by

Hi Tim,

Thank you, that fixed it. Phew!

Kind Regards,
Linda

Edited by