Site in question is HERE.
A user browsing via IE encountered a security warning. I subsequently ran the URL through an SSL checker, results of which you can see HERE.
According to the SSL checker, the site is passing a security certificate issued by GoDaddy, and the site’s URL isn’t listed, so the certificate presents as name mismatch, which triggers the security warning in IE.
I contacted GoDaddy, and they told me that I do not have an SSL certificate on my domain, and that the certificate being passed as a mismatch is a generic, server-based certificate that GoDaddy puts on all of its servers. They said the problem must be in my site code, which is beyond the scope of their support.
I built the site using a Genesis child theme. I didn’t do anything involving HTTPS in my code. I can not figure out what is causing this SSL problem. Hoping perhaps someone here can shed some light for me.
Have you purchased a secure certificate for your domain name?
You can’t just take your domain name, stick https:// in front of it, and expect it to work securely. That’s just not the way it works.
You will have to purchase or somehow obtain a secure certificate for your domain name, and have it installed. This might be possible through a control panel if you are using one, but otherwise might have to be done by a server administrator (someone with root access to the server).
Perhaps I wasn’t clear: I’m not “just sticking” https in front of anything; I’m not expecting anything to work securely. I’m not using https. I haven’t purchased a secure certificate because I don’t have a need for it. But for some unknown reason, the site is passing a generic, GoDaddy-based, server-level security certificate (according to GoDaddy) that doesn’t match my domain … and I have no idea why. According to GoDaddy, it’s something in my code … but I didn’t do anything in the code that requires a secure connection. I’ve been building websites for 15 years, and WordPress sites for 10 of those … and I’ve never seen anything like this before.
The only way you get this error is if you put https:// in front of your domain name. Where is that being done at? Are you linking to an https:// link on your site? Why?
The certificate that you are seeing is probably a good certificate. It’s just not valid for your domain name.
Did you click on the links I included in the original post?
I’ll explain it again: If you visit the site in an Internet Explorer browser, it throws a security warning.
Based on this, I then ran the site’s URL through an SSL checker … which revealed the security certificate with the name mismatch, which is what triggered the IE error.
Again, none of the URLs on the site use https. They are all just http.
I’ve just tried it in IE11 on Win10 and it’s working fine. Are you able to replicate the problem yourself or is it just one user that’s reported it? If it’s one user I would ask them which version of IE they’re using, which version of Windows and ideally for a screenshot. If you can replicate it yourself, let us know exactly what the error message is.
I think the result of the SSL checker is a red herring. The check will look up the IP address behind your domain which is likely to be shared amongst many others. As GoDaddy say, that’s not relevant to your domain, so unless users are explicitly typing in “https://anchortent.com/” or clicking on a link that uses https, there should be no problem.
martbean:
The user who reported the issue (who, unfortunately, also is the client) is on Windows 10, IE11. He sent me this screen capture:
I subsequently visited the site using Windows 7 / IE11 and received this message:
Subsequent visits do not produce this message unless you reset security settings to defaults in the browser tools.
Mittineague:
External calls to https URLs require non-https sites to present an SSL certificate? That’s news to me. Every WordPress site I’ve ever built has various, external, https links in the source code (Google Analytics, for example), and never before have I encountered this issue.
Again, none of the URLs for anchortent.com pages begin with https.
I don’t use Internet Explorer or Windows, so perhaps someone with more experience will have more information (i.e. I have no idea what SmartScreen Filter is).
But this looks to me more like your website has been listed as a potential phishing site or that it has been listed to be hosting malware. Although I’m not seeing where it is listed it any site blacklists (but again, I have no clue what SmartScreen Filter is).
I don’t think this has anything to do with SSL or accessing your site with https.
Hmmm, Privacy Badger reported stats.g.doubleclick.net as a potential tracker.
Seeing as none of the “protectors” give much info on how they are concluding that there is a potential problem. maybe the best way to identify the cause is to put up a test page and systematically check - remove one - clear cache - check - replace, remove another - clear cache - check - rinse repeat.
A tedious pain in the ■■■ but it should eventually pin it down
If it is the GoDaddy cert, a test page with practically no content should still give the warning, so that would be the first I would do before trying the systematic removal of external links.
