I’ve noticed, as more sites are enabling SSL on their websites (a good thing!), that not everyone is doing it completely right, and ending up with “Mixed Content” warnings in the browsers. (In Chrome, you get the yellow lock symbol next to the address bar, instead of the green lock).
In this particular case, using Chrome’s Developer Tools, I was able to see another error message that indicated the problem was a MailChimp sign-up form. The target of the form was an insecure http:// URL. So even though the users are on a secure HTTPS page, the browser is warning because they’ll be submitted to an insecure location.
The warning is:
“Mixed Content: The page at ‘<your site URL>’ was loaded over a secure connection, but contains a form which targets an insecure endpoint ‘http://<username>.us1.list-manage1.com/subscribe/post?u=fbd8bbb58a37fa5979287ec13&id=11f061f4a6’. This endpoint should be made available over a secure connection.”
If you’re familiar with implementing HTTPS, you’d think the solution would be to switch the form target to a https:// version of the URL, or even a protocol-less URL (just the // without the http: or https:). Unfortunately this doesn’t work with MailChimp.
You also need to change the domain name from list-manage1.com to list-manage.com.
Once you change that domain (in addition to making it HTTPS or protocol-less) the warning will go away.
Thanks for the post! It helped me to fix the “Mixed Content” error.
Thanks so much for this. Fixed my problem too. (too bad I couldn’t find this on Mailchimp’s site.)
Hi Shawn it’s working for me: https://wordpress.org/plugins/force-https-littlebizzy/
This does NOT work for me. I added the HTTPS:// protocol in place of the old HTTP:// and deleted the number 1 after list-manage.com. Yet my embedded form is still not secure. I should add that I also changed my site’s URL to HTTPS:// in my MailChimp profile. Still no joy.
Hey Mickey, I just looked at your site and I’m seeing the green padlock on it (but no mailchimp form). What URL are you having problems with?
Changed to // and changed domain, fixed it! Thanks Shawn, you saved the day.