Have just enabled an ssl cert on my website hosted by 1&1. The browser says https but there is no padlock.
1&1 say that some of my images are not redirecting from http to https and that is causing the problem. I have run the website thru “whynopadlock” and they confirm this issue plus a couple of other things.
I have several hundred images on the website and they are all warehoused on my server (in a subdomain) and each image URL is set in RapidWeaver pointing to the image in that subdomain. The URL for all the images is an http address. 1&1 say this doesn’t matter because there is a redirect. If I try and change the image URL address in RW to https then this image is not found (ie appears as a blank with a ? symbol).
Despite having hundreds on images on the website (all warehoused in the same subdomain folder) only about 15 images have been singled out as a problem. This is very puzzling… surely either all the images would be a problem or none at all?
The SSL cert does support both domains and subdomains
Also WhyNoPadlock also says that I’m not forcing the redirect however I do have a redirect code in my .htaccess file as follows:
Looking at the URL to the page you gave above there are only about 15 or so images referenced on that page. WhyNoPadlock only checks one page at a time. The mixed content warnings you are getting (from WhyNoPadlock) are “soft” warnings and should be fixed but shouldn’t stop you from implementing the SSL.
Only active mixed content (things that change a page like Javascript or CSS) will "break a site.
I would check the other pages before working on the redirects.
The redirect isn’t working, there are literally thousands of ways to right redirects so I can give you one that works for any site (no changes needed):
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Just make sure you have the .htaccess file in the correct location.
As for the Warehoused images being on a separate subdomain, if you want to fix them you will need to get a certificate(these should be free nowadays) for that subdomain copy/move them to the main domain. You would still have to "change the references to them in the RW project.
aaaah… so the reason it has only identified those images as a problem is because it has only checked that one page… thank you
on the code for the redirect… where do i put my website URL
could you give me the code with my website url entered in the correct place please
(sorry, I’m not experienced enough in this to know where to put it)
1&1 told me the SSL cert covers both the domain and subdomain so i don’t think i need to get a separate cert for the subdomain
I’m not sure why the images are in a subdomain in the first place but if it is covered by the cert I’ve been given and the redirect is working (hopefully it will now work with your suggested code) then surely the images should not be a problem?
With the code I gave you, you don’t need to put a URL in. It will take any non-https request and redirect it to an https request. You can basically use it un-touched on any site.
Doug - it took me ages to update the URL to all my images as you suggested - and I also used your code to force the redirect - and it has worked (all the pages now have a padlock) and I’m so grateful for your help - A massive thank you!
My .htaccess file also has quite a few redirects from when I changed the structure and page names on my website… see attached screenshot - do I need to change the redirect code to https or can I leave them as they are and let the force redirect code handle that?
Technically, you don’t have to change them. The rule Doug provided will change those links when the redirect happens. Personally, though, I would change them. The less you rely on rule to re-write the url the better.
I would change them. As Don said it doesn’t “have” to change. But if folks still use the old URL’s then no point in making the HTTP request gets redirected multiple times. If you have a lot of them, you might find it easier to use a good plain text editor. Something that would do a “Find and Replace”,
Something like TextWrangler (it’s been sunsetted but still works and is still on the app store) and simple to use.
