0

I have a domain (let's call it Domain1 or https://img.{domain_name_1}.com) where I stored images for serving a wordpress staging website, which is currently hosted on a different server. For the latter I have only an IP public address (so not a real FQDN at the moment), let's call it Domain2 or https://99.999.999.999. On this server I installed a self-signed SSL certificate, just to encrypt the credential I use for phpMyAdmin and wordpress admin area. Meanwhile, Domain1 is SSL secured by Let's encrypt. I can access Domain1 by http or https indifferently, because I have a redirection from http to https. Now, I pointed all my database records about images of the wordpress staging website to the Domain1. When I visit the Domain2 at the page https://99.999.999.999/postcat-postname/, all contents are visible except for images. The Google Chrome Console tool displays:

Mixed Content: The page at '...' was loaded over HTTPS, but requested an insecure image 'http://...'. This request has been blocked; the content must be served over HTTPS.

It is strange and I cannot understand that error because:

  • the Domain1 which serves images for the staging area has been secured;
  • the wp_post of wordpress database for any image shows the link to the pictures with htpps.

This is a picture of the state: Domain1: it serves pictures for Domain2, SSL secured via Let's encrypt Domain2: the wordpress staging website. Self-signed SSL. Media file records in the MySql DB linked to https address of Domain1.

Super Kai - Kazuya Ito
  • 22,221
  • 10
  • 124
  • 129
R99Photography
  • 71
  • 1
  • 2
  • 10

1 Answers1

0

The redirect you are using on the image domain is only resolved when the request is sent to the server. If you are linking to an HTTP protocol in the main site the browser will block the request before sending it and therefore your HTTP to HTTPS redirect will not happen. Make sure the src has HTTPS in the protocol and that should fix the issue. You can either update the links directly in the DB or you can use a plugin that will allow you to track your assets.

Here are a couple:

You may also want to check out this post that talks about shared certificates in your situation.

Matthew R.
  • 4,332
  • 1
  • 24
  • 39
  • Probably I didn’t understand you, but: in my MySql DB of wordpress, all media files records of ‘wp_posts’ table have already ‘https’ and in the page source code I see ‘https’ as well pointing to the server where the images currently are. The redirect is to the server, I cannot understand your sentence. – R99Photography Mar 28 '18 at 21:55
  • Ohh interesting. When you inspect the page in Chrome, can you look at the “security” panel and see the specific images that are failing? Is there any information there that might help? – Matthew R. Mar 28 '18 at 21:59