Mixed Content errors, .httpaccess files

Hi, I’m getting the “not secure” site at the top of my URL and Whynopadlock is showing a slew of errors, and I don’t know how to fix them.

The site is just a simple placeholder homepage with a few .png files, using Blocks.

I changed my theme from Blocksbox5 (which is old) to Blanktheme, and the errors tripled. The site is incredibly bloated.

The SSL connection passed except for Force HTTPS. I tried both of these codes in “Edit .htaccess File”:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.(.)$ [NC]
RewriteRule ^(.)$ https://%1%{REQUEST_URI} [R=301,QSA,NC,L]

RewriteEngine On
RewriteCond %{HTTP_HOST} nameofthesite.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.nameofthesite.com/$1 [R,L]

Neither of those are forcing the https site.

Rapidweaver 8’s FTP has been nonfunctional for me to begin with, using old settings from old RW versions, and trying the variables. I can’t even get a test sign in to work. Exporting to a local folder works, and I can use Cyberduck or my hosts WebFTP.

This is all getting into areas I used Rapidweaver to avoid.

Whynopadlock finds the following errors:

Mixed Content - Errors

Hard Failure
A style-sheet with an insecure url of “http://nameofthesite.com/rw_common/themes/blanktheme/consolidated-0.css” was loaded on line: 16 of https://www.nameofthesite.com/.
This URL will need to be updated to use a secure URL for your padlock to return.

Hard Failure
A script with an insecure url of “http://nameofthesite.com/rw_common/plugins/Blocks/fixbox.js” was loaded on line: 41 of https://www.nameofthesite.com/.
This URL will need to be updated to use a secure URL for your padlock to return.

Hard Failure
A script with an insecure url of “http://nameofthesite.com/rw_common/themes/blanktheme/javascript.js” was loaded on line: 218 of https://www.nameofthesite.com/.
This URL will need to be updated to use a secure URL for your padlock to return.

Hard Failure
A script with an insecure url of “http://nameofthesite.com/rw_common/themes/blanktheme/scripts/jquery-3.3.1.min.js” was loaded on line: 219 of https://www.nameofthesite.com/.
This URL will need to be updated to use a secure URL for your padlock to return.

Hard Failure
A script with an insecure url of “http://nameofthesite.com/rw_common/themes/blanktheme/scripts/scripts.min.js” was loaded on line: 220 of https://www.nameofthesite.com/.
This URL will need to be updated to use a secure URL for your padlock to return.

Hard Failure
A script with an insecure url of “http://nameofthesite.com/rw_common/themes/blanktheme/custom.js” was loaded on line: 221 of https://www.nameofthesite.com/.
This URL will need to be updated to use a secure URL for your padlock to return.

Soft Failure
An image with an insecure url of “http://nameofthesite.com/rw_common/themes/blanktheme/images/blank.gif” was loaded on line: 38 of https://www.nameofthesite.com/.
This URL will need to be updated to use a secure URL for your padlock to return.

Form Failure
A form with the action of “http://www.jotform.com/submit.php” exists in the source code of the tested page.
This form needs to be updated to use “https://www.jotform.com/submit.php” or another secure URL for your padlock to return.

I can delete the form. That’s about the only thing I can fix here.

If the Blocks plugin and the Themes are giving errors, I don’t have the first clue what can be fixed.

What can I do here?

In the Settings in RW you have to enter the URL of your website. Make sure it is beginning with https:// and then use the republish all files command to make sure all files are replaced.

For the publishing:
Delete all publishing info. Make a new entry and enter all info manually again. Then try again.

Thanks for the troubleshooting suggestions…

I’m not sure why, but all the hard errors magically went away aside from the form.

Https still isn’t being forced. I can’t tell if Rapidweaver is creating the file based on the code I added.

I’ve been deleting the folders and starting fresh because RW was creating duplicate files when saving locally. Built in FTP still isn’t working.

Without seeing the actual htaccess file(not edited to remove the URL) it hard to say for sure. Looking at what you posted above, it seems like you have two different htaccess files that you have combined?

The reason I say that is you have RewriteEngine On on two lines. That only needs to be turned on once.

This code will force all HTTP request to https without any changes(No URL needed):

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Some things to keep in mind

• .htaccess file only works on Apache webserver (and only if allowed)
• htaccess directives MUST be Plain text so if you are copy and pasting from another app or the web take care to make sure they are plain text
• Make sure you have fixed all mixed content errors before implementing the redirects (active mixed content will Break an existing working site)
• you can test the htaccess file redirects before implementing them with the handy tester by made with love.
• when redirecting with 301’s, they are permanent and cacheable, so make sure they work before making them 301’s. Change the r=301 to r=302 until you have tested them thoroughly.

That’s just the 2 different versions of the code I found in archived posts here, and tried separately. Going to give your version a shot now. Really appreciate it.

I have been copying and pasting, so the plain text might be the culprit.

Can’t thank you enough.

Are you trying to remove www or force www?

I’m trying to Force HTTPS.

Whynopadlock is giving me the “Your webserver is not forcing the use of SSL.You may want to add a redirect to ensure a secure connection is used” error.

The code you gave me, along with the test site you suggested look like they’re going to do the trick.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.