No padlock on move to https

Hi all

Have just enabled an ssl cert on my website hosted by 1&1. The browser says https but there is no padlock.

1&1 say that some of my images are not redirecting from http to https and that is causing the problem. I have run the website thru “whynopadlock” and they confirm this issue plus a couple of other things.

Website is
I’m using RW8 and Mojave 10.14.3

I have several hundred images on the website and they are all warehoused on my server (in a subdomain) and each image URL is set in RapidWeaver pointing to the image in that subdomain. The URL for all the images is an http address. 1&1 say this doesn’t matter because there is a redirect. If I try and change the image URL address in RW to https then this image is not found (ie appears as a blank with a ? symbol).

Despite having hundreds on images on the website (all warehoused in the same subdomain folder) only about 15 images have been singled out as a problem. This is very puzzling… surely either all the images would be a problem or none at all?

The SSL cert does support both domains and subdomains

Also WhyNoPadlock also says that I’m not forcing the redirect however I do have a redirect code in my .htaccess file as follows:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteRule ^(.*)$$1 [R=301,L]

Is this correct to force a redirect?

Any help much appreciated please as 1&1 now say it a web developer problem!

Screen shots of WhyNoPadlock test attached
Thanks, Debbie

Looking at the URL to the page you gave above there are only about 15 or so images referenced on that page. WhyNoPadlock only checks one page at a time. The mixed content warnings you are getting (from WhyNoPadlock) are “soft” warnings and should be fixed but shouldn’t stop you from implementing the SSL.
Only active mixed content (things that change a page like Javascript or CSS) will "break a site.

I would check the other pages before working on the redirects.

The redirect isn’t working, there are literally thousands of ways to right redirects so I can give you one that works for any site (no changes needed):

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Just make sure you have the .htaccess file in the correct location.

As for the Warehoused images being on a separate subdomain, if you want to fix them you will need to get a certificate(these should be free nowadays) for that subdomain copy/move them to the main domain. You would still have to "change the references to them in the RW project.


thanks doug…

aaaah… so the reason it has only identified those images as a problem is because it has only checked that one page… thank you

on the code for the redirect… where do i put my website URL
could you give me the code with my website url entered in the correct place please
(sorry, I’m not experienced enough in this to know where to put it)

1&1 told me the SSL cert covers both the domain and subdomain so i don’t think i need to get a separate cert for the subdomain
I’m not sure why the images are in a subdomain in the first place but if it is covered by the cert I’ve been given and the redirect is working (hopefully it will now work with your suggested code) then surely the images should not be a problem?


It may be covered…but the link to them still must be a https//

With the code I gave you, you don’t need to put a URL in. It will take any non-https request and redirect it to an https request. You can basically use it un-touched on any site.

I just checked it seems to work with one caution.

on your page now:

if I change the HTTP to HTTPS

I get:


however, if I remove the WWW from the image and change the HTTP to HTTPS I get the image and a padlock:

So when you start change image names to HTTPS remove the WWW.


Thanks so much Doug… I will try this over the weekend and let you know how I get on… your help is much appreciated. Debbie

1 Like

Doug - it took me ages to update the URL to all my images as you suggested - and I also used your code to force the redirect - and it has worked (all the pages now have a padlock) and I’m so grateful for your help - A massive thank you!

My .htaccess file also has quite a few redirects from when I changed the structure and page names on my website… see attached screenshot - do I need to change the redirect code to https or can I leave them as they are and let the force redirect code handle that?

Thank you again, Debbie

Technically, you don’t have to change them. The rule Doug provided will change those links when the redirect happens. Personally, though, I would change them. The less you rely on rule to re-write the url the better.

1 Like

I would change them. As Don said it doesn’t “have” to change. But if folks still use the old URL’s then no point in making the HTTP request gets redirected multiple times. If you have a lot of them, you might find it easier to use a good plain text editor. Something that would do a “Find and Replace”,

Something like TextWrangler (it’s been sunsetted but still works and is still on the app store) and simple to use.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.