Site Not Secure - SSL Issue?

Hi
I set up a new site but am having some trouble getting going. I am not a techie person.
The url has the preface “Not Secure”.
On the ssl admin page it says the url is “Trusted”
I am not sure what I should next.
Cheers
Paul

Hey!

First thing, your site is hosted in Flywheel?

Primarily this alert come from websites using the HTTP protocol, since browsers now alert the user if the site is not using HTTPS, which is the secure protocol.

You say that “preface” appears in Local development or the Live site?
This doesn’t make much difference in the local development, but in the live site means that the users that access your website will receive that alert.
Can you provide more information about what is happening?

Thanks for your response and questions.
My site isn’t hosted by Flywheel.
I think I lack some very basic knowledge of how all of this works. Can you humour me by answering some background questions:
once I have downloaded Local to my PC am I still using a web host? which web host am I using? (the one that hosts my site?) or am I using the application on a server controlled by Flywheel?
if Local is not online then s true I don’t need a SSL?

RE my SSL issue:

the url says “Not Secure pmtest/” where ‘pmtest’ is the name of the site domain. This is displayed when I view the site from the Local Overview page. Is that my ‘live site’?

Apologies for what I am sure are really dumb questions.

Hey @PGM

Welcome to the community! Yeah, getting started with WebDev can be pretty overwhelming – let’s see how we can help!

Local by Flywheel allows you to develop WordPress sites on your Local machine – ie your laptop. This means that all of the files and the database are running on your machine. There are pros and cons to this:

Pros:

  • You don’t have to share a idea or site with the world before it’s ready to be shared
  • You can try different changes to things (new plugins, custom coding, etc) without worrying about breaking a live site
  • Since creating and destroying sites in Local is pretty easy, it’s great for trying out new ideas, or creating “save points” where you can say “I like this but…” and then clone the site to a second Local site to try something different.
  • Since this is on your Local machine, you don’t have to pay for hosting the site

Cons:

  • Since the site is only on your Local machine, it’s hard to share it reliably with the world

To your main questions about SSL – this stands for Secure Socket Layer, and is the underlying thing that allows a browser to connect to a site over HTTPS.

When you see that message of “Not Secure” – that’s basically your browser saying “hey, I can’t confirm that this site is who it says it is.”

There are other reasons that it may be marked as “Not Secure” – the most likely one is that the main site is secure, but the page is requesting “insecure assets”. This basically means that things like images or stylesheets are being requested over HTTP while the main site is being requested over HTTPS.

To your specific questions:

You likely still have a webhost or “hosting company” that has the “live” site available to the internet. You will also have a site that is on your Local machine. We often encourage you to have your local url end with .local so that it’s easy to determine which one is live and which one is local.

It depends on the URL in the browser. Be sure to pay attention so that you don’t accidentally delete something from the live site!

You don’t really need SSL unless you are trying to debug things related to HTTPS. That being said, Local makes it fairly easy to trust the certificate and get the site running over HTTPS.

I would start by opening the developer tools fo the browser console and see if there are any errors. If there are, that will should point you in the right direction in terms of what needs to be done to fix things.

You can open the developer tools within Chrome by going to “View > Developer > Developer Tools” and then selecting the “Console” tab. If you like you can take a screenshot of what you see and we can take a closer look to see if we have any recommendations!

Let us know if you have any other questions!

– ben

1 Like

Ben - that is super helpful.
here is a screen shot of the console; - I hope it comes through

here is a screenshot of the Local Overview page:


here is a screenshot of the SSL page

Do you think I need to make any fixes or am I good to go?

I really appreciate your help.

P

1 Like

@PGM – I think you are good to go!

Can you try going to the site directly over HTTPS: https://confio15wer.local

Sometimes you need to manually enter in the https:// to explicitly tell the browser what to do.

Since there is content loading at http://confio15wer.local (note that it’s regular http and not https like above) and Local has the certificate as being “trusted” – I would assume that you can access the site with both of those protocols (http and https)

There also isn’t any errors in the browser console (though there might be when viewing the site over HTTPS).

If you are able to access the Local site over HTTPS and everything looks good, then all you would need to do is update the URLS within the database to use https.

As it is right now, the browser is set up to securely connect to the Local site, but all of the links in the DB are probably using the regular http protocol.

You can use a plugin like this one: https://wordpress.org/plugins/search-and-replace/ to search for http://confio15wer.local and replace it with https://confio15wer.local so that the links in the DB are updated to use the correct protocol. Just login to the WP admin, install the plugin and search and replace those urls!

Hope that makes sense, and let me know if you have any questions!

– Ben

Hi Ben
Thanks again. I followed your suggestion - I copy and pasted https://confio15wer.local but got this error message:

I did some Google research and it seems I net to set up my own certificate etc - which all seem pretty complicated for a non techie like me.
Basically, so long as my local environment is secure I don’t think I need to worry about this. I can turn my mind to this when I am ready to transfer to a live site. Does this sound sensible to you?
Thanks
Paul

Hi Ben

I was wondering if you had a chance to see my reply - copied here:

Thanks again. I followed your suggestion - I copy and pasted https://confio15wer.local but got this error message:



image.png1920x1080 181 KB

I did some Google research and it seems I net to set up my own certificate etc - which all seem pretty complicated for a non techie like me.

Basically, so long as my local environment is secure I don’t think I need to worry about this. I can turn my mind to this when I am ready to transfer to a live site. Does this sound sensible to you?

Thanks

Paul

Hey @PGM – Sorry to keep you waiting!

Yeah, for your Local machine it’s not too important to have SSL/HTTPS setup unless you are troubleshooting something related to those features, so I would focus on building the site and deploying it for now.

It is a little odd that you are getting that error in the browser even though Local indicates that the cert is trusted. I’ll fire up my Windows machine and see if I can replicate things.

For my own curiosity – what browser and version are you using in that screenshot?

– Ben

Hi Ben

I am using Chrome Version 72.0.3626.109

Paul

I am having the same issue as @PGM . My site says “trusted” in Local but “Connection not private” in Google Chrome.

I am indeed trying to debug things related to SSL / https, so it’s important to get this working. Chrome says the certificate is not valid.

Did you guys figure out a way to fix this?

Thanks!

Hey guys

One of the things that people forget to do when setting up a WordPress site on the Local App is this:

After you’ve set the site certificate in Local to “Trusted” then you need to log in to your WordPress Dashboard, and go in to your settings under General and change the WordPress Address (URL) and Site Address (URL) http to https. It should look like this (domain purposely blurred out due to client confidentiality):

After you do that, and hit save at the bottom, you’ll be logged out of the site. Just log back in and then it should work much better overall.

I kept forgetting this, and I kept getting security errors when I’d try to work in the site. It’s always a good idea to go through all the settings on the local setup to ensure everything is set properly before working on the site.

My 2cents,

~ Tracy

This is happening to be with 5.10.3 + Big Sur + Apple Silicon. Local says it is trusted, but Google Chrome is saying it’s not secure and shows the ‘your connection is not private’ splash page regularly.

After doing some digging around this, we discovered that BigSur doesn’t let Local automatically trust SSL certificates. They should still be registered with the system, but you’ll need to manually search for and trust each Local site’s certificate as outlined in this help doc:

https://localwp.com/help-docs/ssl/managing-a-local-sites-ssl-certificate-in-macos/

We’re exploring alternative ways of making this easier, but in the meantime, you’ll need to work through the steps outlined in the help doc.

Thanks, this worked. I tried this before, but didn’t realize there are two entries for the certificate in my Keychain Manager for some reason… so Chrome must have seen the un-trusted one.

1 Like

Hi - yes that worked, thanks. But I still find that, when I close and reopen flywheel:

  1. TRUSTED has changed back to TRUST (so I have to trust again)
  2. Clicking on OPEN SITE takes me to the http:// version so I have to manually change the url to https:// every time I launch.

Not terribly inconvenient but it makes me doubt Local (or Flywheel) a bit.

Do you find you have to do 1) and 2) each time?

UPDATE:
Now I find that when I click ADMIN it takes me to the https:// admin page BUT One-click Admin isn’t working. OPEN SITE still takes me to http:// page.

Flaky!

I haven’t had the issue where “TRUSTED” turns back to “TRUST” at all. And the second problem - that only happens for me when the site isn’t “TRUSTED” And once you change the settings to “https://” you might want to try stopping the site, then starting it up again. Also sometimes browsers remember the HTTP instead of the HTTPS - even if you clicked “Open Site” or the “ADMIN” button… so you might have to manually add that in the browser link up top. Once you’ve done that a few times, it should stick unless something isn’t set right in your settings altogether.

I don’t usually use the one-click Admin launch stuff - it doesn’t work for me. I stick with starting up the site and then clicking the ADMIN or the OPEN SITE buttons.

OK thanks, I’ll stick with it and maybe it’ll all come right in the end! :slight_smile:

Working link:

https://localwp.com/help-docs/ssl/managing-local-sites-ssl-certificate-in-macos/

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.