Publisher Problem: Your website was not verified because HTTPS is not enabled

Good morning,
None of my WordPress sites will verify in the Publishers system.

When adding the domain, it says “Your domain is using HTTPS” - which it does. All my sites are HTTPS.

However, with the WordPress plugin installed and the code pasted correctly, I receive this error when clicking Verify: “Your website was not verified because HTTPS is not enabled. Please enable HTTPS on your domain, or choose another verification method.”

But it DOES have HTTPS enabled, obviously.

I know it has come up many times in the forum–I see others asking for help with this problem–but I’ve yet to see a solution, and most of the requests for help to this problem appear to go unanswered and be auto-closed. I’m hoping someone can assist.

By contrast, the “file” version of verification has worked on every site I’ve done it on, but the “file” version is not available for WordPress sites: the Publishers system takes you directly to the only option: the WordPress plugin.

I hope someone can help.

Thanks,
Robbie

UPDATE: I found the button “Choose Different Verification Method” hidden in the top right - UI bug. If you make your browser window wider, the button will show up allowing you to choose something other than the WordPress plugin.

That said, trying the file method again on the WordPress site, results in the same HTTPS error, even though the site is HTTPS.

Update 2:
Here’s what I’ve tried:

  1. Change Cloudflare SSL options to all of the available options (normally I use “Full: Strict” since I have LetsEncrypt certs on my apache server),
  2. Disable Cloudflare DNS proxy entirely (standard DNS with no Cloudflare features, directly using my server’s SSL cert),
  3. Disable WordPress permalink redirection,
  4. Add an .htaccess directive to FORCE https for all access to the site,
  5. Remove and re-add my domain in the Publishers dashboard.

None of these things have made a difference.

Howdy, do you have a link to your website? Seems like a problem with our from our side of things.

Hi @cory and thanks.
It’s been the same result on any of my WordPress sites, but for example https://baldnerd.com/ is one of them.

I’m a developer / full-time nerd, so let me know if you need me to check anything. We can talk geek.

Robbie

Awesome!

There are 3 main ways to verify wordpress websites

  1. wordpress plugin
  2. public file in the .well-known/ directory
  3. dns

Wordpress Plugin

So from my understanding the Wordpress plugin works by creating redirect rules on the wordpress server.

I’ve seen some issues with some servers not working with this, but when I tried it on a fresh install of WordPress it worked fine. If you have any ideas on what might be happening I’d love to hear it :grin:

Public File

For legacy reasons we make HTTP requests to 2 files and if one of those exists we check the token inside of them.

I’m getting a 404 on on both of these files here, so I believe that’s part of the issue.

https://baldnerd.com/.well-known/brave-payments-verifcation.txt
https://baldnerd.com/.well-known/brave-rewards-verifcation.txt

One solution would be to “Choose different verification” method in the top right, and then choose public file, and then see if you can directly put the file in a .well-known folder on your domain?

Hi @cory
Please refer to Post # 2 … yes, it would be 404 because using the .well-known method also resulted in a false error that the site doesn’t have https (so I deleted the file).

DNS version also didn’t work … looks like it’s not compatible with the way CloudFlare DNS records works, though I didn’t dig too far into it.

Any other suggestions?

Cheers,
Robbie

Let’s try to do the public file method, I think that if there’s any problem connecting to the host (rather than a 404) the logic in the code simply shows the message “Your website was not verified because HTTPS is not enabled. Please enable HTTPS on your domain, or choose another verification method.”

Once the file is loaded I can take a look to see specifically what error Net::HTTP is returning rather than the user friendly message :slight_smile:

Thanks @cory
I was able to get baldnerd.com verified by:

  1. place the file in .well-known as per normal,
  2. temporarily disable WordPress’ default .htaccess file since it blocks access to files within the .well-known folder,
  3. verify the site via publishers dashboard,
  4. reinstate my .htaccess.

So, that’s great: I’ve got a workaround.

Fact remains however that:

  1. the WordPress plugin doesn’t work,
  2. on certain screens, the button to change to text file verification doesn’t exist. See the sample video I created for you here: https://www.youtube.com/watch?v=G-8_Ui47BfA

Thanks again,
Robbie

Sorry for all the trouble! I’m glad you got your site verified.

I’ll try and debug the wordpress issue, what version of wordpress are you using? Are you hosting via wordpress.org or wordpress.com? Trying to figure out what the commonalities are, and maybe if there’s a specific plugin that is conflicting.

For the second issue I’ve created a github issue for it :slight_smile:

Cool!

My WordPress sites are self-hosted. I have collocations servers, EC2 + Dreamhost. Seems to affect all (at least, any that I have tried).

The common factors are that I use CloudFlare for DNS, and each site has WordFence.

I’m a developer, so I could … if I had the time … look under the hood - but I’m happy to help test, or if it’s on GitHub, I could do a PR if I find the issue.

I keep my sites up to date regularly. So today it is 5.3, but that will change as they release updates.

Cheers,
Robbie

Definitely could be WordFence, our plugin code is here - https://github.com/brave-intl/brave-payments-verification

The code hasn’t been touched in a while :sweat_smile: I’ll try and download wordpress tonight and test it out with some common plugins