Hi, I have come across a weird issue.
I have uploaded SSL certificates onto my server, configured them and enabled in Magento admin panel. The backend works perfectly, the HTTPS adress is there and the lock is displayed.
However in the frontend it does not. The HTTPS works, but there is no lock, and when clicking on the information icon I get message “Your connection is not fully secure” but there is a certificate there and you can see it’s identical to the one in the backend (which is a good thing right? since I only got one certificate for the domain).
Here is a screenshot of my Web settings in admin panel:
Question is, why does it not show the lock but instead it shows “Your connection is not fully secure”.
I ran into something similar a few years ago… SSL was set up perfectly. But for some reason I was getting the same error as yourself.
Well, it turned out that I had some assets on the Frontend were hardcoded to load via “http://” instead of “https://”.
If you’re using Chrome, you can check what assets are being loaded over “http://” then amend your code.
So, open Inspect Element (F12) in Chrome and under Elements do Ctrl+F for “http://”.
Alternatively, click Security and I think it’ll give you a list of rogue files there too.
I don’t have any example to show you I’m afraid.
So there are a few "http://’ links, those are links from the template as well as few links I myself put on the front page before I installed ssl. Other than that all the links are “https://” including the ones like “base url” and such. So are those link causing that problem? Because the security tab show this:
Resources - mixed content
This page includes HTTP resources.
Reload the page to record requests for HTTP resources.
And that the only “error” thing there.
Exactly. You need to dig out the “http://” references and either delete the prefix or replace with “https://”. This will fix the issue.
I think it’s considered bad practice to prefix a
src URL with “http://” because it causes more issues than not. So you either “force” an SSL connection with:
Or let the web browser decide by not adding any prefix (this is what I do because it’s interchangeable and therefore compatible whether viewing in SSL or none-SSL):
That’s the problem, so I got it fixed. Thanks a lot