Skip to main content

SSL Access Is Not A Reality, For All Blogs

Some blog owners are not going to be able to provide SSL access to their blogs - even with SSL enabled.

Blog owners who prefer to use the "www" alias of "" - and who have chosen to enable SSL access for their blogs - report "Invalid Certificate" errors, when trying to access. And other blog owners report problems, when they have photos, hosted by Google and Picasa, using "http:".

Blog owners, who require HTTPS / SSL connectivity for their blogs, need to be patient. Impatience causes various inconveniences.

This blog is not upgraded - and it must be read with the "Not secure" warning visible.

Blogs that link to this blog will display as "Mixed content" / "Not secure" - or the link to this blog will be broken.

"This site can’t be reached" ("404") warnings.

This may be a simple typo. Not a cause for panic. This is from Chrome - other browsers may report this, differently.

Until Blogger provides HTTPS for custom domain published blogs, this will be seen sometimes. Or it may involve any of dozens of legitimate custom domain publishing problems).

Don't panic - just stop using "https:" prefix, for custom domain published blogs - and diagnose the domain connectivity!

Deceptive site warnings.

Clever workarounds, to provide custom domains using SSL, are not worth the effort.

Blogs using CloudFlare may be classified as "Deceptive" sites.

Invalid certificate warnings.

An invalid certificate warning, when SSL access is attempted, is pretty scary.

Nobody can access this blog - without some extra clicks, and cautions.

Mixed content warnings.

And some blogs, which do permit easy SSL access, generate "mixed content" errors.

Most people can access this blog - but how many will want to do so?

Both the invalid certificate ("ERR_CERT-COMMON_NAME_INVALID") and the mixed content ("... it contains unencrypted elements (such as images) ...") represent blogs that won't be able to provide SSL access - and provide readers an enjoyable experience.

A blog with an invalid certificate, with SSL access attempted, won't easily provide a connection. The browser, that the would be reader is using, is not going to connect to a website with an invalid certificate, without the reader being properly cautioned.

The link to the blog is there - so you can get there, if you wish. How many would be readers will, happily, "Proceed to (unsafe)"?

And, how many would be readers will enjoy accessing a blog that contains unencrypted elements (such as images). Maybe there are no unencrypted image exploits, in the wild, right now - but how many people who care to use SSL will know that, for a fact?

SSL is available, for blogs which can provide it - but not all blogs, which can provide it, may be suitable to provide it.


Anonymous said…
Ok. But is there anything else to do except being patient and waiting for Google to do something? Because not all bloggers know that they have to dive in to their code and fix issues occured from this change... And many of my readers are in a panic and i still have no answer for them...
By the way, greetings from Greece! ;)
Chuck Croll said…
Hi ᒎᕠᒚᗋᒪᕢ,

Thanks for the question!

In reality, there's not a lot that you can do. I suspect that Blogger is doing something, constantly. What they are doing simply involves re writing the entire Blogger infrastructure (I would bet every section of code contains some reference to "HTTP:") somewhere), while we continue to use it.

You really can't do much, except maybe alert your readers what "Mixed Content" is and why they will see the warnings. Then dive in to your code, as you have time - and fix it, one bit at a time.

That's my game plan, for this blog - when custom domain code is upgraded.

I will be writing a post, sometime soon, that I can put into a Featured Post, to replace my post about The Followers Gadget. And as soon as the custom domain SSL upgrade is rolled out, I will be making my SSL notice the Featured Post. You can do the same with your blog, when convenient.

So, greetings from California (too near Wyoming, and Yellowstone).
tttony said…
This ssl thing is a mess, problems with the images, problems with scripts, if I disable HTTPS redirect the user can access https [facepalm], we need a global option that disable the https, the only solutuion I see is to redirect https to http with javascript

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Help! I Can't See My Blog!

I just posted to my blog, so I know that it's there. I can tell others are looking at it. But I can't see it.

Well, the good news is you don't have a blog hijack or other calamity. Your blog is not gone.

Apparently, some ISPs are blocking *, or maybe have network configuration or infrastructure problems. You can access or you can access, but you can't access, or

You can't access them directly, that is. If you can access any free, anonymous proxy servers, though, you may be able to access your blog.

Note: You can use PKBlogs with the URL pre packaged. Here is the address of this post (with gratuitous line breaks to prevent the old post sidebar alignment problem):

And an additional URL, to provide to those suffering from this problem, would be the WordPress version of this post: