Just installed SSL certificate - Getting unsecured errors

[LukeH]

Hi

I have just enabled SSL on my shop after purchasing an SSL cert from my hosting company. I am getting warning about unsecured content and I have read through the forum that there are various fixes for various problems.

My web shop is http://www.pedalcentre.co.uk

I'm not really sure what is causing the warnings so could someone point me in the right direction? What can I use to debug the errors?

Thanks,

Luke.

[jhnstcks]

I think its your popup message box, try removig that module and see if it makes a difference.

[LukeH]

I think its your popup message box, try removig that module and see if it makes a difference.

Thanks for the reply.

I have just tried that and it makes no difference. I have changed it to only display on the 'Home' page now which is a HTTP page so it shouldn't matter.

Luke

[jhnstcks]

The popup code is still present it just doesnt display. Also you have unsecue data in the getintouch block, mainly because it is calling images from outside your sit4e and not on a secure https page.

[razaro]

In modules/messagejgrowl/messagejgrowl.tpl file replace all 4 appearances of

{$base_dir}

with

{$content_dir}

Also in Get in touch section there is Add this social widget don't know if it is module
but if it is go to Back Office >> Modules >> Positions click on edit icon and add exception
for order.php and authentication.php.

If you fix those two I thing you wouldn't get any more insecure content error message.

[LukeH]

The popup code is still present it just doesnt display. Also you have unsecue data in the getintouch block, mainly because it is calling images from outside your sit4e and not on a secure https page.

Any pointers on how I change the block so that it calls images from my site and is a secure https page?



@razaro - I have made the changes to messagejgrowl.tpl as suggested by you.

Thanks for the help everyone.

Luke.

[LukeH]

I'm not sure if this would make any difference but I have noticed that the Categories block links and Manufacturers block links still appear as HTTP when on a HTTPS page - Would this be causing the errors also?

Luke.

[razaro]

There is still error connected to this code

script src="http://s7.addthis.com/js/250/addthis_widget.js#username=lukehurst

Try to remove this first and then see if there are any more errors.
I don't get error from manufacturers and categories.

[jhnstcks]

Only called images cause unsecure errors, links to other pages wont, unless of course there is unsecure data on those pages.

A good way of finding the unsecure data is by searching the source code of the page, for src="http: as this should look like src="https:

[LukeH]

Thanks razaro & jhnstcks for your help.

I think I'm getting close now but I'm still getting warnings in IE for unsecured content. Firefox has a red exclamation mark on the padlock logo also.

I've add exceptions for my 'Get in touch' block which is actually the 'Add stuff module' on contact-form, order and authentication pages.

I have also inspected the source code on one of the https pages (contact-form) and I only fins src="https

Luke.

[jhnstcks]

You seem to have some random code at the end of the delivery module.

[LukeH]

You seem to have some random code at the end of the delivery module.

?? - are you referring to this code; ../cms.php?id_cms=1

The delivery module is a modified 'Add stuff' module that links to a cms page.

[jhnstcks]

No this one:
It wont display correctly becase of the script but you should be able to find it

script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=lukehurst">[removed] ] 

[LukeH]

There is still error connected to this code

script src="http://s7.addthis.com/js/250/addthis_widget.js#username=lukehurst

Try to remove this first and then see if there are any more errors.
I don't get error from manufacturers and categories.

Right... I have just installed Google Chrome browser which seems to have an excellent debug feature called 'Console' view. Navigating around my site reveals an error with the code above.

I have tried disabling the module but the error still appears on every single page. I'm not sure how to remove it but I'll keep plugging away at it.

Luke.

[LukeH]

No this one:
It wont display correctly becase of the script but you should be able to find it

script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=lukehurst">[removed] ] 

Sorry I posted my reply just before I noticed you had posted the same thing. I'll investigate.

[LukeH]

It would appear that the Addthis code is present on every single page on my shop and is the cause of the SSL error. I'm not sure where the source of the script is or how I modify/remove it.

[removed][removed]
</body></html>

[LukeH]

The problem would appear to be fixed now. Here is what I did;

1. Changed the URL for AddThis button in my 'Get in touch' block from HTTP to HTTPS.

2. Used Google Chrome to track bugs by right-clicking webpage and selecting 'inspect element' followed by 'Console'

3. I found that there was a rouge script reference within my Delivery block that was referencing AddThis. I probably created this by mistake when I duplicated my 'Get in touch' block to create the delivery block.

The rouge code was spotted by jhnstcks but I misunderstood and assumed he was referring to my 'Get in touch' block that contains the AddThis link.

I still need to check the remainder of my secure pages for errors but for now the warnings appear to have gone.

Thanks for everyone's help.

Luke.