Some blog owners are not going to be able to provide SSL access to their blogs - even with SSL enabled.
Blog owners who prefer to use the "www" alias of "blogspot.com" - and who have chosen to enable SSL access for their blogs - report "Invalid Certificate" errors, when trying to access. And other blog owners report problems, when they have photos, hosted by Google and Picasa, using "http:".
Blog owners, who require HTTPS / SSL connectivity for their blogs, need to be patient. Impatience causes various inconveniences.
This blog is not upgraded - and it must be read with the "Not secure" warning visible.
Blogs that link to this blog will display as "Mixed content" / "Not secure" - or the link to this blog will be broken.
"This site can’t be reached" ("404") warnings.
This may be a simple typo. Not a cause for panic. This is from Chrome - other browsers may report this, differently.
Until Blogger provides HTTPS for custom domain published blogs, this will be seen sometimes. Or it may involve any of dozens of legitimate custom domain publishing problems).
Don't panic - just stop using "https:" prefix, for custom domain published blogs - and diagnose the domain connectivity!
Deceptive site warnings.
Clever workarounds, to provide custom domains using SSL, are not worth the effort.
Blogs using CloudFlare may be classified as "Deceptive" sites.
Invalid certificate warnings.
An invalid certificate warning, when SSL access is attempted, is pretty scary.
Nobody can access this blog - without some extra clicks, and cautions.
Mixed content warnings.
And some blogs, which do permit easy SSL access, generate "mixed content" errors.
Most people can access this blog - but how many will want to do so?
Both the invalid certificate ("ERR_CERT-COMMON_NAME_INVALID") and the mixed content ("... it contains unencrypted elements (such as images) ...") represent blogs that won't be able to provide SSL access - and provide readers an enjoyable experience.
A blog with an invalid certificate, with SSL access attempted, won't easily provide a connection. The browser, that the would be reader is using, is not going to connect to a website with an invalid certificate, without the reader being properly cautioned.
The link to the blog is there - so you can get there, if you wish. How many would be readers will, happily, "Proceed to www.whatever.blogspot.com (unsafe)"?
And, how many would be readers will enjoy accessing a blog that contains unencrypted elements (such as images). Maybe there are no unencrypted image exploits, in the wild, right now - but how many people who care to use SSL will know that, for a fact?
SSL is available, for blogs which can provide it - but not all blogs, which can provide it, may be suitable to provide it.
Blog owners who prefer to use the "www" alias of "blogspot.com" - and who have chosen to enable SSL access for their blogs - report "Invalid Certificate" errors, when trying to access. And other blog owners report problems, when they have photos, hosted by Google and Picasa, using "http:".
Blog owners, who require HTTPS / SSL connectivity for their blogs, need to be patient. Impatience causes various inconveniences.
Blogs that link to this blog will display as "Mixed content" / "Not secure" - or the link to this blog will be broken.
"This site can’t be reached" ("404") warnings.
Until Blogger provides HTTPS for custom domain published blogs, this will be seen sometimes. Or it may involve any of dozens of legitimate custom domain publishing problems).
Don't panic - just stop using "https:" prefix, for custom domain published blogs - and diagnose the domain connectivity!
Deceptive site warnings.
Clever workarounds, to provide custom domains using SSL, are not worth the effort.
Invalid certificate warnings.
An invalid certificate warning, when SSL access is attempted, is pretty scary.
Mixed content warnings.
And some blogs, which do permit easy SSL access, generate "mixed content" errors.
Both the invalid certificate ("ERR_CERT-COMMON_NAME_INVALID") and the mixed content ("... it contains unencrypted elements (such as images) ...") represent blogs that won't be able to provide SSL access - and provide readers an enjoyable experience.
A blog with an invalid certificate, with SSL access attempted, won't easily provide a connection. The browser, that the would be reader is using, is not going to connect to a website with an invalid certificate, without the reader being properly cautioned.
And, how many would be readers will enjoy accessing a blog that contains unencrypted elements (such as images). Maybe there are no unencrypted image exploits, in the wild, right now - but how many people who care to use SSL will know that, for a fact?
SSL is available, for blogs which can provide it - but not all blogs, which can provide it, may be suitable to provide it.
Comments
By the way, greetings from Greece! ;)
Eva
Thanks for the question!
In reality, there's not a lot that you can do. I suspect that Blogger is doing something, constantly. What they are doing simply involves re writing the entire Blogger infrastructure (I would bet every section of code contains some reference to "HTTP:") somewhere), while we continue to use it.
You really can't do much, except maybe alert your readers what "Mixed Content" is and why they will see the warnings. Then dive in to your code, as you have time - and fix it, one bit at a time.
That's my game plan, for this blog - when custom domain code is upgraded.
I will be writing a post, sometime soon, that I can put into a Featured Post, to replace my post about The Followers Gadget. And as soon as the custom domain SSL upgrade is rolled out, I will be making my SSL notice the Featured Post. You can do the same with your blog, when convenient.
So, greetings from California (too near Wyoming, and Yellowstone).