SSL certificate confusion

  • Hello,

    I recently found my blog site (built using WordPress) displaying “Not secure” to visitors. After discussing with my host, we decided that a new SSL certificate was needed.

    After successfully generating the certificate, the helpful host completed the installation and verified the successful install using one of the SSL checkers.

    However, the site continued to display “Not secure,” and it led me to think it the certificate may not have matched the WordPress configuration.

    Within the WordPress database, the options table configurations are as follows:

    siteurl: https://www.mydomain.com/wordpress
    home: https://www.mydomain.com

    However, the certificate was generated for mydomain.com instead of https://www.mydomain.com. When visitors type https://www.mydomain.com, they were brought to mydomain.com, so I thought the “www” was not needed.

    Should I have created the SSL certificate for https://www.mydomain.com instead of mydomain.com? Would that fix the issue of my WordPress blog site showing “Not secure”?

    Thank you!

Viewing 5 replies - 1 through 5 (of 5 total)

  • Almost all CAs can secure both WWW and non-WWW variations with a single certificate. Certificates issued for example.com will almost invariably work for www.example.com (though the reverse is not often the case), as the latter is often in the SAN field of the certificate.

    You’re more likely to be experiencing a mixed-content problem… but it’s impossible to be sure without testing the domain in question.

    So if you need a definitive answer to your question and a resolution to your issue, please provide your actual domain so we can take a look and help you.

    Standing by.

    @wpadminvic

    Please update your URLs from
    home: https://www.mydomain.com to https://www.mydomain.com
    siteurl: https://www.mydomain.com to https://www.mydomain.com

    Or add these 2 lines in you .htaccess file

    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    before # BEGIN WordPress

    Or use Really simple SSL plugin to set redirection

    Thread Starter wpadminvic

    (@wpadminvic)

    Thank you both!

    WordPress admin page’s “Settings > General Settings” WordPress Address (URL) and Site Address (URL) are greyed out to prevent editing, so I updated the _options table in the database to change siteurl and home to use https://

    However, upon reloading the WordPress admin page, it would still show https:// in the greyed out setting. There are some posts that states wp-config.php can overwrite the setting, but I don’t see any overwrites in that file.

    Does WordPress need to be refreshed, or is there another overwrite somewhere in the file structure that points to https:// that overwrites the database records?

    WordPress admin page’s “Settings > General Settings” WordPress Address (URL) and Site Address (URL) are greyed out to prevent editing,

    You probably have the URLs defined in your wp-config.php file OR in your active theme’s functions.php file.

    Thread Starter wpadminvic

    (@wpadminvic)

    Both the php files checked out – no hard-coded urls.

    However, while scrutinizing the DB, I noticed that all the posts and uploaded images have GUID of HTTP instead of HTTPS.

    Also, the blog allows visitors to write to the author, and all the messages have a source_url that is HTTP: in the database. These contacts can be deleted in bulk, and most of them are spam anywawys.

    Could this be keeping the URL setting greyed out, because of the dependencies with hard-coded paths?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘SSL certificate confusion’ is closed to new replies.