Let's Encrypt + scripts from unathenticated sources

wordpress

#1

I requested a Let’s Encrypt certificate for the domain of my organization’s WordPress site this morning and it was addressed and installed in record time. But when I test the https URL (in Chrome) this afternoon, The page loads unstyled, with a note saying in “this page is trying to load scripts from unauthenticated sources.”

My next step was going to be to force https (DreamHost guide) but I don’t want to do that until solving this display issue.

Ever-hated by Google PageSpeed, I know Google Analytics and AddThis share buttons are called from off-site and not all of them use https addresses. But those also should not be affecting our main display and functionality, right?

http://m.addthisedge.com/…-4e7226ca76b2ae71/_ate.track.config_resp (60 seconds)
http://s7.addthis.com/js/300/addthis_widget.js (10 minutes)
https://www.google-analytics.com/plugins/ua/linkid.js (60 minutes)
http://www.google-analytics.com/analytics.js (2 hours)
http://www.google-analytics.com/ga.js (2 hours)
https://www.google-analytics.com/analytics.js (2 hours)

I’ve since gathered that this switch should not be made site-wide right away and that it will take a lot of individual mopping up of any links that are protocol-specific. But I’d like to know if there is any process for this on the server-side before we proceed. Thanks for any and all guidance.


#2

You should be safe to change to change those URLs to HTTPS. I tested them (just in a browser window) and they all loaded. Depending on your website, you should be able to update those links by doing a search/replace in the database, in a text editor, or using the command line tool ‘sed’.

Maybe someone else can chime in with other options.


#3

What Justin said, plus have a look at WP-CLI since it has a very handy search-replace capability:

Full documentation https://developer.wordpress.org/cli/commands/search-replace/

and an example of how to use it: https://helgeklein.com/blog/2015/01/switching-wordpress-site-http-https/


#4

That page mentions:

[code]Navigate to your WordPress directory (you need to use your own path, of course):

cd /var/www/helgeklein.com/public_html/[/code]

A Dreamhost path will look a little different from this, or at least it does for me (no “public_html”). For a regular (non-DreamPress) account, should I be running the search/replace at this level:

home/userName/example.com/

…or someplace else?


#5

did you intall wordpress at the root level of your domain, or in a folder?

that is the correct dreamhost directory structure… add a leading / tho.

/home/userName/example.com/


#6

Thanks for the quick follow-up.

Wordpress is installed at the root level of the domain, so that, for example, wp-config lives here:
/home/userName/example.com/wp-config.php

So it sounds like this is the correct path for the search/replace:
/home/userName/example.com/