Woocommerce Insecure Download Links

Hello @mkeranen how many digital products do you have? Who are you hosted with?

If you only have a few I’d go and change the http to https manually in the backend. Also depending on your host you can force http to https as well.

Hi Stef.

The site is configured to require https. The only issue is the download link in the order confirmation email is http. So when clients click on the link their browser blocks the download.

What do you mean “go and change the http to https manually in the backend”?

Hey there, @mkeranen! Thanks for contacting us. I’m happy to help you.

I tried replicating this on my website, the the link there is https.

Can you please go to WooCommerce > Settings > Products > Downloadable products and share a screenshot of what you see there?
I recommend using https://snipboard.io. You can share the direct link to the image as a response to this topic.

Furthermore, I’d like to understand your site properly. Please share with us the necessary information below for us to investigate the issue further:

System Status Report which you can find via WooCommerce > Status > Get system report > Copy for support.
Fatal error logs (if any) under WooCommerce > Status > Logs. Then you can use the selector to search for Fatal Errors.
You could copy and paste your reply here or paste it via https://gist.github.com/ and send the link here.

Looking forward to your reply.

Have a wonderful day!

Hello @mkeranen that may be the case, but that doesn’t necessarily mean the digital product urls are set to HTTPS. Often times I see users added an HTTP and never realize this. So it’s best to go in the backend and take a screenshot just to ensure you do in fact have all HTTPS

Hi @mkeranen

I’m just chiming in to add some more information to what @carolm29 and @serafinnyc already shared.

To ensure we are on the same page, did you upload the file on your site or use an external link?

In WooCommerce, the protocol of the download links should follow the protocol of your site. If your site is configured to use https, then the download links should also be https.

However, if this is not happening, it could be due to a configuration issue. Here’s how you can check and correct this:

1. Navigate to WooCommerce > Settings > General.
2. Check the “WordPress Address (URL)”” and “Site Address (URL)”. Both should be https.
3. If they are not, change them to https, then click “Save Changes”.

If the issue persists, there may be an issue with how your server handles SSL. I would recommend reaching out to your hosting provider for assistance with this.

Alternatively, you can also use a plugin like Really Simple SSL or SSL Insecure Content Fixer to fix any SSL related issue. And don’t forget to clear your site and browser cache.

I hope this helps! Please let us know how it goes or if you need further assistance.

I finally figured this out when I got an email from WordPress Core that had the links rewritten with http and a random subdomain as well. That told me this wasn’t just a WooCommerce issue. Turns out that SendGrid, the 3rd-Party SMTP service was rewriting all links in emails from the website for Link Tracking (which is enabled by default FYI) and they were using an insecure link (http) and a random sub-domain to do this. They were even rewriting WooCommerce Digital Download links to http. Chrome will not allow downloads from insecure links (http) so the link would take the customer to WooCommerce which would mark it as a download and then try to serve the digital download but Chrome would block the download. The client would be “charged” a download but would not receive any file.

Apparently there is a way to have secure rewritten links from SendGrid, but I just disabled Link Tracking altogether in my SendGrid account under Settings > Tracking > Link Tracking.

I hope this helps someone else that might be having this extremely hard to track down issue.

Hey @mkeranen – That’s a super valuable find and I’m glad to see you managed to get to the bottom of that! Thanks for keeping us posted!