Dealing with HTTPS issues and pesky mixed content problems

Oil the lock

Editor’s Note: This article on common HTTPS issues was originally published on September 2, 2014. It was updated on July 31, 2018.

With Google® using SSL as a ranking signal and Chrome throwing not secure warnings for HTTP websites, correctly completing an HTTP to HTTPS migration is increasingly important. Webmasters need to mitigate HTTPS issues and they need to validate their SSL certificate is properly installed and their website is correctly configured for HTTPS.

All too often webmasters believe they only need to update the website URL to HTTPS. Unfortunately, that is only part of a more complex conversion process.

Implementing an SSL certificate and converting to HTTPS doesn’t have to be scary or overly challenging. It just needs to be executed with a checklist and audited to make sure everything was properly migrated and configured for HTTPS. HTTPS issues will pop up and they need to be addressed quickly.

Common HTTPS issues

HTTPS conversions can go off track if done too quickly. Common HTTPS issues include the following elements:

SSL certificate issues

  • Expired SSL certificates
  • SSL certificate domain name does not match domain utilized in the website implementation

Website implementation issues

  • Missed URLs when converting to HTTPS
  • The HTTPS website still utilizes and points to HTTP elements (images, scripts, iFrames, etc.)
  • Failure to redirect or canonical link from HTTP URLs to HTTPS URLs
  • Internal links on an HTTPS page leads to an HTTP page
  • Incorrect URLs in the sitemap.xml (HTTP URLs for an HTTPS website)
  • The home page does not use HTTPS encryption

If you’ve implemented an SSL certificate, but you’re not quite sure about the health of your HTTPS configuration, you can run a website audit through SEMrush. This audit report will crawl your entire website and locate many of the common issues noted above. Another tool that can be of use is Google’s Lighthouse. This Chrome extension will provide great insights on HTTPS usage, but also provide additional details on SEO, accessibility, and performance.

Managing mixed content issues

One of the most common HTTPS issues is that many Web pages are mixed content pages, containing both HTTPS and HTTP elements. Script, link and even some CSS elements may refer to other URLs, some of which might not be secured with HTTPS. This can be the case even if the main page is secured.

Having a page with mixed content can lead to security holes as well as browser errors that reduce the confidence a website visitor has in a page. It can also create a lot of confusion for search engines.

If you have HTTPS issues with mixed content page and want to bring it up to snuff, there are a few things you can do:

  • If the content is being served off your own domain and the HTTPS version of the content exists, you can change the links from http:// to https:// and that should do the trick.
  • If the content is on another site, you can try to access it with HTTPS. If that doesn’t work, it might be possible to contact the other site and request the content be made available over HTTPS.

Also, if you elect to go all HTTPS, you’ll likely want to redirect HTTP so visitors won’t receive errors. Check out Redirect Your Site Using the Site Redirects Manager for instructions on how to do that.

Learn about the four types of SSL certificates available.

Wildcard SSL Certificate
Extended Validation SSL Certificate
SAN SSL Certificate
Organization Validation SSL Certificate


Also published on Medium.

Image by: AZAdam via Compfight cc

Christopher Carfi
A veteran of both startups and the enterprise, Chris has a deep track record in developing customer community and evangelist programs for brands such as Adobe, H&R Block and Aruba Networks while holding executive positions at Ant’s Eye View and Edelman Digital, and he was co-founder and CEO at Cerado. He currently lives in the Bay Area with his family.