Troubleshooting SSL related errors and warnings

Updated on 14-June-2017 at 11:18 AM

Business Catalyst End of life announcement - find out more details.

Mixed content errors

The "Mixed content errors" are by far the most common types of errors you are likely to encounter. Now that your website is using HTTPS all the assets it loads have to be delivered securely as well. This includes scripts, stylesheet files, images and so on.

If you notice the https icon is showing a warning (the actual icon might differ depending on the browser and browser version) you will need to take a closer look for errors. Here is how the warning looks like on a couple of browsers:

In the example below we will use Google Chrome to figure out which are the resources generating the warnings:

  1. Right click anywhere in the webpage and select "Inspect":
  2. After the Developer Tools console opens up, the assets that were not loaded securely will be shown here:
  3. Once you have identified the assets that were loaded insecurely you need to go into the page, template, layout or wherever these assets are linked from and change their URL to use the correct protocol - HTTPS instead of HTTP

For externally linked assets you will need to make sure that those assets can be accessed via HTTPS. Simply put, for a page to correctly load via HTTPS all assets (internal or external) must be loaded securely. If at least one item is loaded via HTTP or using an invalid HTTPS certificate, your page will display the "Insecure" warning.

Cross origin errors

If you are using AJAX to dynamically load elements in your website from other pages you also need to make sure you are using the same domain. This was the case before HTTPS was introduced but now that you are changing your website's protocol to HTTPS (http://www.bcrb.tk to https://www.bcrb.tk) you will need to make sure the AJAX calls are still working properly.

On my test page http://www.bcrb.tk/map I am trying to load from the /blog page the first content using AJAX.  Here is what happens:

  1. When using the HTTP URL everything works porperly, I get no errors and the blog post loads fine:
  2. As soon as we switch to HTTPS however the blog post no longer loads (even though the "Secure" badge is still green):
    Fixing these types of errors involves either making sure the AJAX call uses a relative link like /blog or alternatively if you really have to, use the exact same URL as the page it is executed on. The latter however comes with a few downsides for example the script will run fine on https://www.bcrb.tk but it will not run on any other URLs of this site, secure or not.

iFrames

Same as regular assets iFrames need to be loaded using HTTPS. Attempting to load an insecure iframe into a HTTPS page will result in the frame not loading and a Mixed Content error:

SEO related

Right after enabling the Always show https in the address bar option below, Business Catalyst will set up 301 redirects from your HTTP URLs over to HTTPS ones. This will ensure the SEO ranking is carried over. You will however most likely notice a dip in the rankings for a short period of time.

We highly recommend going through the Transfer, move, or migrate your site documentation on the Google support site to ensure a smooth transition to HTTPs.