1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

SSL site loading fonts from insecure sources invalidating SSL

Discussion in 'HTML & Website Design' started by ZackP, Aug 25, 2016.

  1. #1
    Wordpress/Woocommerce site we have is https but we can't get green padlock since it is showing errors. Run test on whynopadlock.com and it listed things like:

    Insecure URL:http://fonts.googleapis.com/css?family=Open+Sans%3A400%2C300%2C600%2C700%2C800&ver=4.6

    Insecure URL:http://fonts.gstatic.com/s/opensans/v13/MTP_ySUJH_bn48VBG8sNSonF5uFdDttMLvmWuJdhhgs.ttf

    Insecure URL:http://download.skype.com/share/skypebuttons/buttons/chat_blue_white_164x52.png

    Why would site even look to load off site fonts in the first place?
     
    ZackP, Aug 25, 2016 IP
  2. Puntocom81

    Puntocom81 Banned

    Messages:
    80
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    35
    #2
    If the license allows it I'd serve the fonts directly from the site.

    By the way your SSL configuration is not good, you can check it at ssllabs.com. Take a look at the LibreSSL project - an OpenSSL replacement with tons of trashy code removed.
     
    Puntocom81, Aug 25, 2016 IP
  3. ZackP

    ZackP Greenhorn

    Messages:
    55
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    18
    #3
    "If the license allows it I'd serve the fonts directly from the site."

    Of course, that is what we want. We were surprised to see that WordPress is referencing to outside for fonts. How to achieve self serving fonts?

    Second line I don't understand. SSL is valid and purchased from reputable provider, GeoSSL or something. It is probably not setup right.
     
    ZackP, Aug 25, 2016 IP
  4. Puntocom81

    Puntocom81 Banned

    Messages:
    80
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    35
    #4
    What is wrong is your web server configuration, not the certificate. What server are you using?

    To serve the fonts directly you need to get the font file and convert it to several formats. Then put @font-face at the very first of your screen.css. I'm testing this code, not sure if it's totally correct but it works here (I learned it from Cutcodedown):
    
    @font-face {
      font-family: 'exo_2extra_bold';
      src: url('fonts/Exo2-ExtraBold-webfont.eot');
      src: url('fonts/Exo2-ExtraBold-webfont.eot?#iefix') format('embedded-opentype'),
      url('fonts/Exo2-ExtraBold-webfont.woff') format('woff'),
      url('fonts/Exo2-ExtraBold-webfont.ttf') format('truetype'),
      url('fonts/Exo2-ExtraBold-webfont.svg#exo_2extra_bold') format('svg');
      font-weight: normal;
      font-style: normal;
    }
    
    h1 {
      font:bold 250%/140% 'exo_2extra_bold',arial,helvetica,sans-serif;
      float:left;
      position:relative;
      font-weight:800;
      font-style:normal;
      display:inline; /* prevent oddball IE margin doubling */
    }
    
    Code (markup):
     
    Last edited: Aug 25, 2016
    Puntocom81, Aug 25, 2016 IP
  5. ZackP

    ZackP Greenhorn

    Messages:
    55
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    18
    #5
    Server is Linux, control panel is C Panel. As for fonts script I wouldn't know where to see or change something like that. It comes as a complete surprise to me that site creation software (WP in this case) would look for fonts elsewhere. I don't need anything fancy or strange, Arial is fine for everything.
     
    ZackP, Aug 25, 2016 IP
  6. kk5st

    kk5st Prominent Member

    Messages:
    3,497
    Likes Received:
    376
    Best Answers:
    29
    Trophy Points:
    335
    #6
    Because one or more of theme or plugins is requesting it, for example it may be Woo Commerce. Look at your links in the head element for the URLs mentioned in your error report. Delete them. Unfortunately, they will probably be re-attached with each upgrade.

    cheers,

    gary
     
    kk5st, Aug 25, 2016 IP
  7. ZackP

    ZackP Greenhorn

    Messages:
    55
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    18
    #7
    To everybody who tried to help: I solved a problem.
    There are actually plug-ins that remove Google fonts. Tried two, but it didn't work out.
    So i looked at all installed plig-ins and There was a plug-in called Ultimate with all kinds of icons, fonts, boxes and what not. After deactivating that one I lost some icons but also SSL test showing green padlock and certificate works fine!
    I noticed that login into WP-Admin, every selection and action and actual site is very, very slow. I'll give it few hours, maybe it is something unrelated to what I was doing.
     
    ZackP, Aug 25, 2016 IP