Skip to main content

SSL Access Is Not A Reality, For All Blogs

Some blog owners are not going to be able to provide SSL access to their blogs - even with SSL enabled.

Blog owners who prefer to use the "www" alias of "" - and who have chosen to enable SSL access for their blogs - report "Invalid Certificate" errors, when trying to access. And other blog owners report problems, when they have photos, hosted by Google and Picasa, using "http:".

Blog owners, who require HTTPS / SSL connectivity for their blogs, need to be patient. Impatience causes various inconveniences.

This blog is not upgraded - and it must be read with the "Not secure" warning visible.

Blogs that link to this blog will display as "Mixed content" / "Not secure" - or the link to this blog will be broken.

"This site can’t be reached" ("404") warnings.

This may be a simple typo. Not a cause for panic. This is from Chrome - other browsers may report this, differently.

Until Blogger provides HTTPS for custom domain published blogs, this will be seen sometimes. Or it may involve any of dozens of legitimate custom domain publishing problems).

Don't panic - just stop using "https:" prefix, for custom domain published blogs - and diagnose the domain connectivity!

Deceptive site warnings.

Clever workarounds, to provide custom domains using SSL, are not worth the effort.

Blogs using CloudFlare may be classified as "Deceptive" sites.

Invalid certificate warnings.

An invalid certificate warning, when SSL access is attempted, is pretty scary.

Nobody can access this blog - without some extra clicks, and cautions.

Mixed content warnings.

And some blogs, which do permit easy SSL access, generate "mixed content" errors.

Most people can access this blog - but how many will want to do so?

Both the invalid certificate ("ERR_CERT-COMMON_NAME_INVALID") and the mixed content ("... it contains unencrypted elements (such as images) ...") represent blogs that won't be able to provide SSL access - and provide readers an enjoyable experience.

A blog with an invalid certificate, with SSL access attempted, won't easily provide a connection. The browser, that the would be reader is using, is not going to connect to a website with an invalid certificate, without the reader being properly cautioned.

The link to the blog is there - so you can get there, if you wish. How many would be readers will, happily, "Proceed to (unsafe)"?

And, how many would be readers will enjoy accessing a blog that contains unencrypted elements (such as images). Maybe there are no unencrypted image exploits, in the wild, right now - but how many people who care to use SSL will know that, for a fact?

SSL is available, for blogs which can provide it - but not all blogs, which can provide it, may be suitable to provide it.


Anonymous said…
Ok. But is there anything else to do except being patient and waiting for Google to do something? Because not all bloggers know that they have to dive in to their code and fix issues occured from this change... And many of my readers are in a panic and i still have no answer for them...
By the way, greetings from Greece! ;)
Chuck Croll said…
Hi ᒎᕠᒚᗋᒪᕢ,

Thanks for the question!

In reality, there's not a lot that you can do. I suspect that Blogger is doing something, constantly. What they are doing simply involves re writing the entire Blogger infrastructure (I would bet every section of code contains some reference to "HTTP:") somewhere), while we continue to use it.

You really can't do much, except maybe alert your readers what "Mixed Content" is and why they will see the warnings. Then dive in to your code, as you have time - and fix it, one bit at a time.

That's my game plan, for this blog - when custom domain code is upgraded.

I will be writing a post, sometime soon, that I can put into a Featured Post, to replace my post about The Followers Gadget. And as soon as the custom domain SSL upgrade is rolled out, I will be making my SSL notice the Featured Post. You can do the same with your blog, when convenient.

So, greetings from California (too near Wyoming, and Yellowstone).
tttony said…
This ssl thing is a mess, problems with the images, problems with scripts, if I disable HTTPS redirect the user can access https [facepalm], we need a global option that disable the https, the only solutuion I see is to redirect https to http with javascript

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Free Domain Registration By "UNONIC" Is Fraudulent

Blogger blog owners, like everybody else, like to save money.

Some blog owners prefer to save money when registering a custom domain, for their blogs. We've seen several free domain registration services, providing what is claimed to be a two level Top Level Domain "co.xx" (where "xx" == various country codes).

The latest in this ongoing story appears to be "" - and 13 other "top level domains".There is also an additional free service offering third-level .tf domains, under the name United Names Organisation. They occupy 14 second-level domains, including,,, and They are run by the same company as, and are given away as URL redirections.