SSL HTTPS://

  • Unknown's avatar
    richardqandrews · Member ·

    I generated a system report which has a message saying that my site is not secure :
    Secure connection (HTTPS): Your store is not using HTTPS. Learn more about HTTPS and SSL Certificates. But it is https://. Where should I look to correct this message ?

  • Unknown's avatar
    timethief · Member ·

    What is the exact URL starting with http:// of the site you referring to please?
    This is wordpress.COM support. We cannot answer any questions posted here accurately until we have the relevant URL and have confirmed hosting.
    We provide support only for wordpress.COM hosted sites. Our support docs do not apply to
    (1) local installs of wordpress.ORG software on your own server or
    (2) wordpress.ORG software installs on paid hosting, and we do not provide support for them at wordpress.COM. That support is found at http://wordpress.ORG/support/
    (3) sites linked to wordpress.COM accounts with the Jetpack plugin so they display on the My Sites wordpress.com account page. That support is found at http://jetpack.com/support/

    WordPress.COM and WordPress.ORG are completely separate and have different username accounts, logins, support docs and support forums, run different theme versions of themes with the same names, and many people get confused about the two. Read the differences here http://en.support.wordpress.com/com-vs-org/

    The wordpress.ORG support forums are at http://wordpress.org/support. The wordpress.ORG login link is here https://login.wordpress.org/ If you do not have an account yet then click Create an account https://login.wordpress.org/register/ and if you have lost an account password click Lost password? https://login.wordpress.org/lostpassword/

  • Unknown's avatar
    davidjohnrace · Member ·

    The SSL certificate for this website is not trusted

    An internet browser will state that a website certificate is untrusted if that certificate has not been signed by a trusted Certificate Authority. In order for a browser to accept a certificate, it must be able to link it to a ‘trusted root certificate’.

    I think it’s like a SSL Certificate Name ‘Mismatch’ error

    The ‘certificate name mismatch’ error occurs when the domain listed on the SSL certificate presented by the server does not match the domain that the browser is connected to. For a HTTPS session to commence, the domain on the certificate must exactly match the domain in the browser address bar.

    There are a few reasons that this could happen:

    • The website/host was accessed using an internal hostname or an IP address, but the certificate was issued only to the public Fully Qualified Domain Name (e.g. http://www.domain.com). Accessing the host using an internal name or IP might well get you to the same website, but if the certificate only contains the FQDN it may cause a mismatch error.
    • The certificate was issued to domain.com, but http://www.domain.com was typed into the browser (‘www’ is actually a sub-domain of domain.com). This error can still occur but is becoming less common because most major CAs, including Comodo, issue single domain certificates that cover both domain.com and http://www.domain.com. However, if you encounter this error, it is still worth considering this as a potential cause. Incidentally, the use of a wildcard certificate will also prevent this problem as any and all sub-domains of domain.com will be covered automatically.
    • The name mismatch error can also occur when multiple websites are hosted on the same IP address. This is often the case in many shared hosting environments. Under a normal HTTP connection, the browser will tell the server which domain it wishes to connect in what is known as the host header. However, when a HTTPS connection is made, the SSL handshake means the browser requests a certificate from the server before it presents the host header. As a result, the server does not have the information required to decide which certificate to send and will often present the wrong certificate. If there is only one website and one certificate on an IP, then this shouldn’t be a problem. However, if there are multiple websites on the same IP, the server may provide a certificate for the wrong domain. This issue can be averted by the use of a Multi-Domain Certificate, which allows website owners to add all websites and hostnames to the Subject Alternative Name (SAN) field of the certificate.
  • supernovia · Staff ·

    Hi @richardqandrews, normally your host will take care of any SSL errors you’re having, but I don’t think we’re your host — I don’t see a site on your account.

    Can you send a link to the affected site, or if it isn’t hosted here with us, can you get in touch with your hosting provider?

  • The topic ‘SSL HTTPS://’ is closed to new replies.