Why does my website appearance break under HTTPS but not HTTP ?

I have just had a security certificate installed by my webhost. I now notice that the website doesn't look the same under HTTPS as it does under HTTP.

Any idea what is going on?

I'm not sure. I have https enabled with Composr without issue. Perhaps you have added a direct http link somewhere rather than a relative link? Mixed content is blocked by browsers when viewed via https. It looks like an issue with your CSS and perhaps some JS, hard to tell. Your images seem to load fine. I also notice this is an ocPortal site, so maybe Chris has better advice to share but this is the usual reason. More info @ The HTTPS-Only Standard - Mixed Content

Well if you can, go to Https://DavidLFriend.com/Add_Site. I say if you can because when i click the link above I get a 404 error but on my devices i dont (???). This website is my new Composr website of the same content as the ocPortal site and placed under a subdirectory of the ocPortal site. That is the ocPortal site is in PUBLIC_HTML/  and the Composer is placed under PUBLIC_HTML/ADD_SITE. There is that security certificate on the domain DavidLFriend.com and I see the secure connection lock symbol shown on my computer and phone when accessing the Composr site.

Anyway there is nothing breaking my site. Also in reguard to any changes to SSL or JS, on this site I purposely did none. So the page is stock except for using the theme wizard to "customize it".

I am not going to use the old ocPortal site once I can get the domain pointing it. And I believe I am changing hosts so that will probably happen soon.

Anyway The old site breaking was an immediate result of the installation of the SSL certificate on my domain.

What about: https://davidlfriend.com/add_site/

I was able to access it after changing the "Add_Site" to all lowercase letters.

sholzy said

What about: https://davidlfriend.com/add_site/

I was able to access it after changing the "Add_Site" to all lowercase letters.

From “Questions about specific permissions”, 26th Feb 2025

Great, that works… but WHY?

I really don't know why. A lot of this stuff I've forgotten since I don't mess around with it anymore.

Maybe your certificate was created using "add_site" vs "Add_Site" ? But I'd think that would just throw a site not secure warning.

"add_site" or "Add_Site" is just a directory in your root. Which way was it created and which way is it now?

Sholzy, the certificate is on the domain davidlfriend.com. since The subdirectory add_site is under the domain, it is covered by the certificate.

I also checked the subdirectory and it is written all in lower case.

On Linux all folders (directories) and file names are case sensitive, which is why "add_site" works and "Add_Site" does not. I don't know if Windows web servers are the same as Linux (I assume they are).

Hey,

I read over this pretty quickly, but from what I see we're talking about a couple of issues…

1. Why does the site at the root of the domain have broken CSS etc.
2. Why the Add_Site site is not working on https unless lower case.

1- probably you need to edit the _config.php file (Composr) or info.php file (ocPortal) to change the base URL setting to be https:// instead of http://. This should stop it calling http resources for an https site and thus failing due to mixed content.

2- It is indeed weird. My guess is the Apache 'CheckSpelling' option is on for the server's HTTP configuration but not the server's HTTPS configuration.