SSL/TLS Disabled
Hey all,
I'm still new to cpanel. Recently I'm trying to resolve some issues related to my site as it appears unsafe for users to access.
I'm trying to find the root cause for this and would need some help.
When I check my certificate, this note appears here:
You don"t have a dedicated IP address. Browsers that were released before 2013 may not support SNI. Because of this, users may see false security warnings when they visit your SSL-secured websites.
How can I resolve this issue?
Also under my WordPress Toolkit, my SSL/TLS appear disabled? How can I enable it?
Also, I found here it mentions my SSL certificate has already been installed successfully. I'm confused...
I know the "fix security" status might need some updating, but see below. I can't check the other boxes and select "secure" to proceed. Is it that I need to make additional purchase in order to proceed? Or do I have other ways to enable my website's security check? Pls help out and thanks.
-
Hi @yixuan_loh, Dedicated IP addresses are no longer required for the installation of an SSL certificate. To check the SSL status of your website, you can go to sslchecker.com or whynopadlock.com. Does your hosting provider provide free Comodo or Lets Encrypt certificates for their customers' websites? You can ask them if their servers use the cPanel AutoSSL functionality and then the certificates are automatically provisioned by their server for your websites. You can open a ticket with your host and ask them to check the certificate provisioning process for you. If they don't provide free certificates, you can purchase them from your host or another provider, if your host allow for certicates from other providers to be installed on their servers. Once an SSL certificate has been installed, there is still a bit of work to do. Once you've verified it has been installed, you will have to redirect your website to the HTTPS version of your website and change all of the links to HTTPS so the padlock icon appears in the browser's address bar when someone browses to your website. Remember to also set the preferred domain in the Google Search Console. Hope that helps! 0 -
Hi @yixuan_loh, Dedicated IP addresses are no longer required for the installation of an SSL certificate. To check the SSL status of your website, you can go to sslchecker.com or whynopadlock.com. Does your hosting provider provide free Comodo or Lets Encrypt certificates for their customers' websites? You can ask them if their servers use the cPanel AutoSSL functionality and then the certificates are automatically provisioned by their server for your websites. You can open a ticket with your host and ask them to check the certificate provisioning process for you. If they don't provide free certificates, you can purchase them from your host or another provider, if your host allow for certicates from other providers to be installed on their servers. Once an SSL certificate has been installed, there is still a bit of work to do. Once you've verified it has been installed, you will have to redirect your website to the HTTPS version of your website and change all of the links to HTTPS so the padlock icon appears in the browser's address bar when someone browses to your website. Remember to also set the preferred domain in the Google Search Console. Hope that helps!
Hey thanks for getting back to me. It appears under my "SSL/TLS Status" panel, the log shows my domain are already verified by AutoSSL. I also just checked my site using the website you recommended: I'm still fairly new to this. I thought cpanel is my hosting provider? Sorry if this sounds amatuer, truth be told, I'm actually helping out my boss to update his website. The site was developed by someone else in the past and now I'm stuck at fixing the SSL issue. Is there other potential areas I could look into? Again, appreciate your help on this :)0 -
Okay @ZenHostingTravis I think I found the issue. Could it be this one: Any advise on how I can resolve the issue? 0 -
All links on your side should be using an https connection. If you are using WordPress, which it appears you are from that screenshot, you may want to look for a WordPress plugin that directs traffic to an https connection. If you are linking to that specific file in some other area of your site outside WordPress, just change that link in the site code to use https and that will resolve that error. 0 -
Okay @ZenHostingTravis I think I found the issue. Could it be this one: Any advise on how I can resolve the issue?
First, right click and save as on that image as its displayed in a browser.... Go to the page that image is on in WP... Edit the image, and delete it... Add the image you "right clicked and saved as" back into the same location. Update the page, and your issue should be resolved!0 -
First, right click and save as on that image as its displayed in a browser.... Go to the page that image is on in WP... Edit the image, and delete it... Add the image you "right clicked and saved as" back into the same location. Update the page, and your issue should be resolved!
Hey apparently, I installed a plugin to help me resolve the issue. Now when I ran my site through whynopadlock, my site passes everything. But it still appears as dangerous now when I try to visit the site. Is there anything I should check out as well...0 -
Hey apparently, I installed a plugin to help me resolve the issue. Now when I ran my site through whynopadlock, my site passes everything. But it still appears as dangerous now when I try to visit the site. Is there anything I should check out as well...
If it was me... I'd remove that plugin and fix each image, one at a time. I don't like to use plugins unless absolutely necessary. You can use the developer options in Chrome (Lighthouse) to figure out what files are not secure. It's actually pretty easy.0 -
Hey apparently, I installed a plugin to help me resolve the issue. Now when I ran my site through whynopadlock, my site passes everything. But it still appears as dangerous now when I try to visit the site. Is there anything I should check out as well...
Glad to hear the link was helpful. Re being dangerous, could you please provide us with a screenshot, like you did earlier?0 -
Glad to hear the link was helpful. Re being dangerous, could you please provide us with a screenshot, like you did earlier?
Thanks for replying. Here's a snapshot when I'm visiting the site. Notice my https is being cancelled out. I'm not sure why. Also this is shown when I click on the dangerous icon:0 -
Putting it here cause this might be some error source as well. I tried to update my plugin just now and this error message appears: How can I try to resolve this? 0 -
Thanks for providing a screenshot. This issue is unrelated to the issue with HTTPS. Your website has been infected with malware. Once it has been cleaned, you can resubmit the website to Google to have it removed from the Dangerous list. The best thing to do is to roll back to a clean backup, if you have one. Website cleanup can be difficult but companies like Wordfence do offer a cleanup service for 200 USD, which is standard. 0 -
Thanks for providing a screenshot. This issue is unrelated to the issue with HTTPS. Your website has been infected with malware. Once it has been cleaned, you can resubmit the website to Google to have it removed from the Dangerous list. The best thing to do is to roll back to a clean backup, if you have one. Website cleanup can be difficult but companies like Wordfence do offer a cleanup service for 200 USD, which is standard.
Hey thanks again for the reply! I just notice my site has Wordfence as you mentioned. And it prompt me to download a file in order to get more secure: This is the file I downloaded and then Wordfence proceed to run itself. See below: The first one "Web Application Firewall" increased from 11% to 55%. So I guess it worked in certain ways right? I can't proceed to up the % as I need to buy the premium features But the site still appears as dangerous. So how do I proceed next? You mentioned resubmitting the site to Google. How do I do that? Edit: I also did a scan via Wordfence and deleted some deleteable files.0 -
As has been mentioned, the deceptive site warning would be a different issue from the https problems earlier. I've had excellent luck with this plugin in the past: Google Transparency Report 0
Please sign in to leave a comment.
Comments
13 comments