yixuan_loh

Member
Jan 11, 2021
7
1
3
Penang
cPanel Access Level
Website Owner
Hey all,

I'm still new to cpanel. Recently I'm trying to resolve some issues related to my site as it appears unsafe for users to access.

I'm trying to find the root cause for this and would need some help.

When I check my certificate, this note appears here:

You don’t have a dedicated IP address. Browsers that were released before 2013 may not support SNI. Because of this, users may see false security warnings when they visit your SSL-secured websites.

How can I resolve this issue?

Also under my WordPress Toolkit, my SSL/TLS appear disabled? How can I enable it?


1610374637698.png

Also, I found here it mentions my SSL certificate has already been installed successfully. I'm confused...

1610375954653.png



I know the "fix security" status might need some updating, but see below. I can't check the other boxes and select "secure" to proceed. Is it that I need to make additional purchase in order to proceed? Or do I have other ways to enable my website's security check? Pls help out and thanks.


1610374719784.png
 
Last edited by a moderator:

ZenHostingTravis

Well-Known Member
PartnerNOC
May 22, 2020
207
68
28
Australia
cPanel Access Level
Root Administrator
Hi @yixuan_loh,

Dedicated IP addresses are no longer required for the installation of an SSL certificate.

To check the SSL status of your website, you can go to sslchecker.com or whynopadlock.com.

Does your hosting provider provide free Comodo or Lets Encrypt certificates for their customers' websites? You can ask them if their servers use the cPanel AutoSSL functionality and then the certificates are automatically provisioned by their server for your websites.

You can open a ticket with your host and ask them to check the certificate provisioning process for you.

If they don't provide free certificates, you can purchase them from your host or another provider, if your host allow for certicates from other providers to be installed on their servers.

Once an SSL certificate has been installed, there is still a bit of work to do. Once you've verified it has been installed, you will have to redirect your website to the HTTPS version of your website and change all of the links to HTTPS so the padlock icon appears in the browser's address bar when someone browses to your website. Remember to also set the preferred domain in the Google Search Console.

Hope that helps!
 

yixuan_loh

Member
Jan 11, 2021
7
1
3
Penang
cPanel Access Level
Website Owner
Hi @yixuan_loh,

Dedicated IP addresses are no longer required for the installation of an SSL certificate.

To check the SSL status of your website, you can go to sslchecker.com or whynopadlock.com.

Does your hosting provider provide free Comodo or Lets Encrypt certificates for their customers' websites? You can ask them if their servers use the cPanel AutoSSL functionality and then the certificates are automatically provisioned by their server for your websites.

You can open a ticket with your host and ask them to check the certificate provisioning process for you.

If they don't provide free certificates, you can purchase them from your host or another provider, if your host allow for certicates from other providers to be installed on their servers.

Once an SSL certificate has been installed, there is still a bit of work to do. Once you've verified it has been installed, you will have to redirect your website to the HTTPS version of your website and change all of the links to HTTPS so the padlock icon appears in the browser's address bar when someone browses to your website. Remember to also set the preferred domain in the Google Search Console.

Hope that helps!
Hey thanks for getting back to me. It appears under my "SSL/TLS Status" panel, the log shows my domain are already verified by AutoSSL.

1610380633024.png


I also just checked my site using the website you recommended:
1610380915793.png

I'm still fairly new to this. I thought cpanel is my hosting provider? Sorry if this sounds amatuer, truth be told, I'm actually helping out my boss to update his website. The site was developed by someone else in the past and now I'm stuck at fixing the SSL issue.

Is there other potential areas I could look into? Again, appreciate your help on this :)
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
3,074
387
243
cPanel Access Level
Root Administrator
All links on your side should be using an https connection. If you are using WordPress, which it appears you are from that screenshot, you may want to look for a WordPress plugin that directs traffic to an https connection.

If you are linking to that specific file in some other area of your site outside WordPress, just change that link in the site code to use https and that will resolve that error.
 

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
Okay @ZenHostingTravis I think I found the issue. Could it be this one:

View attachment 69865


Any advise on how I can resolve the issue?
First, right click and save as on that image as its displayed in a browser....

Go to the page that image is on in WP...

Edit the image, and delete it...

Add the image you "right clicked and saved as" back into the same location.

Update the page, and your issue should be resolved!
 

yixuan_loh

Member
Jan 11, 2021
7
1
3
Penang
cPanel Access Level
Website Owner
First, right click and save as on that image as its displayed in a browser....

Go to the page that image is on in WP...

Edit the image, and delete it...

Add the image you "right clicked and saved as" back into the same location.

Update the page, and your issue should be resolved!
Hey apparently, I installed a plugin to help me resolve the issue. Now when I ran my site through whynopadlock, my site passes everything.

But it still appears as dangerous now when I try to visit the site. Is there anything I should check out as well...
 
  • Like
Reactions: ZenHostingTravis

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
Hey apparently, I installed a plugin to help me resolve the issue. Now when I ran my site through whynopadlock, my site passes everything.

But it still appears as dangerous now when I try to visit the site. Is there anything I should check out as well...
If it was me...

I'd remove that plugin and fix each image, one at a time. I don't like to use plugins unless absolutely necessary.

You can use the developer options in Chrome (Lighthouse) to figure out what files are not secure.

It's actually pretty easy.
 

ZenHostingTravis

Well-Known Member
PartnerNOC
May 22, 2020
207
68
28
Australia
cPanel Access Level
Root Administrator
Hey apparently, I installed a plugin to help me resolve the issue. Now when I ran my site through whynopadlock, my site passes everything.

But it still appears as dangerous now when I try to visit the site. Is there anything I should check out as well...
Glad to hear the link was helpful.

Re being dangerous, could you please provide us with a screenshot, like you did earlier?
 

yixuan_loh

Member
Jan 11, 2021
7
1
3
Penang
cPanel Access Level
Website Owner
Putting it here cause this might be some error source as well.

I tried to update my plugin just now and this error message appears:

1610436928460.png

How can I try to resolve this?
 

ZenHostingTravis

Well-Known Member
PartnerNOC
May 22, 2020
207
68
28
Australia
cPanel Access Level
Root Administrator
Thanks for providing a screenshot.

This issue is unrelated to the issue with HTTPS.

Your website has been infected with malware. Once it has been cleaned, you can resubmit the website to Google to have it removed from the Dangerous list.

The best thing to do is to roll back to a clean backup, if you have one. Website cleanup can be difficult but companies like Wordfence do offer a cleanup service for 200 USD, which is standard.
 

yixuan_loh

Member
Jan 11, 2021
7
1
3
Penang
cPanel Access Level
Website Owner
Thanks for providing a screenshot.

This issue is unrelated to the issue with HTTPS.

Your website has been infected with malware. Once it has been cleaned, you can resubmit the website to Google to have it removed from the Dangerous list.

The best thing to do is to roll back to a clean backup, if you have one. Website cleanup can be difficult but companies like Wordfence do offer a cleanup service for 200 USD, which is standard.
Hey thanks again for the reply! I just notice my site has Wordfence as you mentioned. And it prompt me to download a file in order to get more secure:

1610457221043.png

This is the file I downloaded and then Wordfence proceed to run itself. See below:

1610457255213.png

The first one "Web Application Firewall" increased from 11% to 55%. So I guess it worked in certain ways right? I can't proceed to up the % as I need to buy the premium features

But the site still appears as dangerous. So how do I proceed next? You mentioned resubmitting the site to Google. How do I do that?

Edit: I also did a scan via Wordfence and deleted some deleteable files.
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
3,074
387
243
cPanel Access Level
Root Administrator
As has been mentioned, the deceptive site warning would be a different issue from the https problems earlier. I've had excellent luck with this plugin in the past:


but you'd need to track down the issue with the malware.

If you believe you have resolve that issue you can re-submit your site to be scanned by Google by clicking the "report a detection problem" link on the page or going to Google Transparency Report