ssl https need some help (solved thanks to HeRetiK)

[Vibez1Tv]

i have some problems with http https :/

this is my website https://bitscasino.net   but it seems not to be safe when i browser it via chrome ?

i tried already

AddDefaultCharset UTF-8

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

DirectoryIndex index.php

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,QSA]
RewriteCond %{HTTP_HOST} ^bitscasino\.net$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bitscasino\.net$
RewriteRule ^/?$ "https\:\/\/bitscasino\.net\/" [R=301,L]

in .htacces but not working any suggestions how i can fix this please  ?

[Mountaingoat]

Do you have Apache or NGINX?

If you use Apache follow the instructions on this website:
http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

If you use NGINX follow the instructions here:
https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx

If you don't know which one you have go to a non existing page, it should tell you what you have.

[NeuroticFish]

If you don't know which one you have go to a non existing page, it should tell you what you have.

I've tried for OP a non existing page. It has shown "Proudly powered by LiteSpeed Web Server"
So I tried to seek for help with Google. I've searched for: force https site:litespeedtech.com
There are at least 2 links that could be of help:
https://www.litespeedtech.com/support/forum/threads/force-https-for-entire-domain.14495/
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:https-redirect

You have now the initial search query too in case the posted links didn't help.

[Vibez1Tv]

If you don't know which one you have go to a non existing page, it should tell you what you have.

I've tried for OP a non existing page. It has shown "Proudly powered by LiteSpeed Web Server"
So I tried to seek for help with Google. I've searched for: force https site:litespeedtech.com
There are at least 2 links that could be of help:
https://www.litespeedtech.com/support/forum/threads/force-https-for-entire-domain.14495/
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:https-redirect

You have now the initial search query too in case the posted links didn't help.

Thanks for the tip. noticed the litespeed before but ive forget to look at it. checking it now hope this will work

[HeRetiK]

Looking at the security warning and your HTML source the problem seems to lie not on your server, but on some of the elements that you are loading from external sites.

For example this image:
http://coinpot.win/assets/img/banners/728x90.gif

It's loaded via regular http, which causes your whole website to show up as potentially insecure. Now apparently coinpot.win doesn't support https, so you'll likely have to host the banner yourself.

There is also an iframe somewhere on your page that loads an external page via http. There might be even more, but I didn't fully look through it.

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:

//domain.com/path/to/resource.gif 

instead of

Code:

http://domain.com/path/to/resource.gif 

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.

[Vibez1Tv]

Looking at the security warning and your HTML source the problem seems to lie not on your server, but on some of the elements that you are loading from external sites.

For example this image:
http://coinpot.win/assets/img/banners/728x90.gif

It's loaded via regular http, which causes your whole website to show up as potentially insecure. Now apparently coinpot.win doesn't support https, so you'll likely have to host the banner yourself.

There is also an iframe somewhere on your page that loads an external page via http. There might be even more, but I didn't fully look through it.

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:

//domain.com/path/to/resource.gif 

instead of

Code:

http://domain.com/path/to/resource.gif 

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.

This was it! thanks allot fixed now i missed that one i placed direct in admin panel not in source code =)

[Vibez1Tv]

Looking at the security warning and your HTML source the problem seems to lie not on your server, but on some of the elements that you are loading from external sites.

For example this image:
http://coinpot.win/assets/img/banners/728x90.gif

It's loaded via regular http, which causes your whole website to show up as potentially insecure. Now apparently coinpot.win doesn't support https, so you'll likely have to host the banner yourself.

There is also an iframe somewhere on your page that loads an external page via http. There might be even more, but I didn't fully look through it.

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:

//domain.com/path/to/resource.gif 

instead of

Code:

http://domain.com/path/to/resource.gif 

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.

and for mixed content issue what im doing wrong there ? is that the same protocol ? leave your btc wallet will send you a tip when im home

[HeRetiK]

[...]

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:

//domain.com/path/to/resource.gif 

instead of

Code:

http://domain.com/path/to/resource.gif 

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.

and for mixed content issue what im doing wrong there ? is that the same protocol ? leave your btc wallet will send you a tip when im home

Unless one of the external sites you are referencing doesn't support https the above approach (ie. referring to source files with // instead of http:// ) should solve your mixed content issues. If you still come across a mixed content issue, double check your HTML source for http references.

Note: Links to external websites, for example a text link to http://www.google.com/ should be fine and not cause any errors.

Feel free to tip me BTC at: 14wcruSDsiwSyHSRoC4cAb4UqTAJdGSJ5V

Also feel free to PM me in case you have any further questions.

[Vibez1Tv]

[...]

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:

//domain.com/path/to/resource.gif 

instead of

Code:

http://domain.com/path/to/resource.gif 

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.

and for mixed content issue what im doing wrong there ? is that the same protocol ? leave your btc wallet will send you a tip when im home

Unless one of the external sites you are referencing doesn't support https the above approach (ie. referring to source files with // instead of http:// ) should solve your mixed content issues. If you still come across a mixed content issue, double check your HTML source for http references.

Note: Links to external websites, for example a text link to http://www.google.com/ should be fine and not cause any errors.

Feel free to tip me BTC at: 14wcruSDsiwSyHSRoC4cAb4UqTAJdGSJ5V

Also feel free to PM me in case you have any further questions.

Oke lets dig into the html and change all source to // without the https

tip earned will send it when im home im at work atm

[HeRetiK]

Oke lets dig into the html and change all source to // without the https

tip earned will send it when im home im at work atm

Appreciated, thank you

The https:// references should be fine (although there's no harm done in switching those to // as well). It's the http:// references (without the "s" at the end) that you want to look out for.


Also once you've done this I would advise you to redirect http requests to the https version of your site, as mentioned in this post:

[...]

If you use Apache follow the instructions on this website:
http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

[...]