Store Locator Plus for WordPress Forums Store Locator Plus Home marker in plugins/store-locator-le/images/ can't be found

This topic contains 10 replies, has 3 voices, and was last updated by  Lance Cleveland 9 months, 3 weeks ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #55144

    pa
    Participant

    I’m getting this error message after upgrading to latest version:

    Your home marker http://.../wp-content/plugins/store-locator-le/images/icons/bulb_yellow.png cannot be located, please select a new one

    I also get an identical one for destination marker.

    However it all looks like it’s working, so I don’t get what the issue is… It’s an annoying error message though. The error message is also in green with a checkmark, which is a bit… odd.

    Attachments:
    You must be logged in to view attached files.
    #55158

    Cici
    Keymaster

    You need to check your SSL certificate. A lot of browsers have  become strict about the SSL cert.

    I just went through this on my test site and had to update even though it was only a few months old had to get an Intermediate certificate.

     

    You can test  and run a diagnostic on  your SSL cert using the Digicert 

    #55172

    pa
    Participant

    It’s newly issued Let’s Encrypt. I mean, it should be fine, I think. The checkmark is green so I doubt my browser dislikes it.

    #55173

    Lance Cleveland
    Keymaster

    Try pasting the marker URL, exactly as it appears, directly in your browser then check the certificate details from your browser.

    If the marker appears then it is very likely due to the fact that your web server is getting a security certification violation.   This happens most often because your server has not been updated with the latest intermediate certificate authority (CA).   Since Symantec sold their SSL license business to DigiCert due to questionable authentication practices ALL web servers (and laptops, phones, etc.) must update their Intermediate CA files.    If your server is NOT updated then WordPress will generate an “untrusted certificate” error when checking a web resource that lives on a server without the latest security patches.

     

    Why does this matter?  Store Locator Plus uses the built-in WordPress “check this web address is valid” function to validate that a URL you used for a map marker points to a valid image that can be server remotely to ALL your site visitors.  Keep in mind some browsers skip over security warnings, some flag them, and some block the offending resource which means no markers will appear for those users.

    When you see the warning pop up on our admin panel about a bad marker, WordPress is reporting an error when trying to get the map markers.   Typically it is something simple like typo and when you try to paste the marker URL in a new browser window it comes up with a 404 “not found” message.  However, since this great new SSL certificate debacle that impacts hundreds-of-thousands of servers has come about we are seeing reports of long-valid map markers being reported as invalid by WordPress.   So far it has always been a now-invalid SSL setup on the server where WordPress has been installed OR the server from which the map marker is coming (usually the same thing).

    We had this happen on a few of our own servers.   We found our installed SSL certificate did NOT have the updated intermediate CA information.  When we updated our certificate to be compliant with the new November 2017 root and intermediate certificates everything was back to normal.

    Check to make sure you have all the latest security patches installed on your host.   If you do then make sure you’ve updated all your Let’s Encrypt certs as well as the supporting cert-building libraries or you’ll end up with a self-issued certificate linking to the old Symantec servers as an issuing authority.  All Symantec-based certs not redirecting to Digicert are quickly being marked as a security risk and/or invalid.

    Also, if you are pulling images from an https-backed server make sure the marker URL starts with https otherwise some users will get an ‘insecure resource’ warning in their browser.

     

    As an aside, the map marker test has been in Store Locator Plus since SLP 3.0 (2013) and has not changed.   If you are seeing the message now it is not because SLP changed.   It is because WordPress is now reporting issues with possibly insecure content as part of their ongoing focus on security improvements.

    #55174

    pa
    Participant

    The URL checks out, no 404 here. (I already checked that obviously…)

    I was unaware of this SSL debacle. I’ll look into it as soon as I can figure out how to update those files 🙂

    #55185

    Cici
    Keymaster

    Perhaps I am confused, but the screen shot you showed us starts with http as sown below…are you getting any mixed content errors when inspecting in your browser? You have not provided us with your site url so I cannot look at it in the browser to see if you have a valid SSL,  or if   you have mixed content errors or if the marker you originally selected is pointing to an old image file.  Try re-selecting the map marker  under settings/map.  All my markers start with https://…….:

    your home marker
    http://.../wp-content/plugins/store-locator-le/images/icons/bulb_yellow.png
    cannot be located, please select a new one

    #55203

    pa
    Participant

    I have found the error. And it’s beyond stupid (on my part).

    After transferring the site to it’s new server and away from the dev-environment, I had to change the URL. The easiest way to do that is to use update_option( 'siteurl', '...' ) and update_option( 'home', '...' );
    Since the site hadn’t been moved DNS wise and therefore had no SSL cert yet, I set it to http.
    Later on when I changed the url to https in the settings, I failed to realize that it switched back immediately because of the update_option()’s.

    Oops.

    This was a while ago, btw. I have since started simply editing these values directly in the database when I need to.

    #55204

    pa
    Participant

    Further testing shows… the error persists, but now with an https:// URL instead.

    And I can’t find any sources saying that the CA files are bad, and the LE certs generated all check out.

    *sigh*

    #55208

    Lance Cleveland
    Keymaster

    Give me the URL to your image and I can check it from our servers.

    If you have command-line access to your host you can use a direct get or curl command (Linux/MacOS – you’ll need Windows bash tools if you are on a Windows host).

    For linux/MacOS:

    # wget ‘<your marker url>’

     

    This will uncover errors your browser may be hiding.

     

    If you are seeing that notice pop up it is because WordPress is getting an error or security warning back from the marker URL.      In either case some users, depending which browser they are using, will NOT see the markers which is why we use that WordPress core utility to test markers and report it on the admin panel.   That test was added after chasing down a “my markers are not appearing for some users” issue reported back in 2013.  The warnings are there for a reason.

     

     

    #55243

    Lance Cleveland
    Keymaster

    Is your site behind an extra security layer such as a staging/dev site with an extra authentication layer like basic auth?

    If so the utility that checks that the file exists cannot get authorization to retrieve the marker as it uses a generic web request to check the marker is available to the general public.   It does not account for systems behind basic authentication sites.

    If your CA files check out that is the problem.

    SLP 4.9.1 has extended error logging, you’ll need to enable WP_DEBUG to see it in the log files, that will help provide clues as to why a URL the plugin is validating is failing the validation.

    #55247

    Lance Cleveland
    Keymaster

    Also coming in SLP 4.9.1

     

    * NEW FEATURE Settings | General | Admin | Messages | Enable WP DEBUG to enable the WordPress debug log to help catch late-process coding errors on your site.
    
    This will also allow people to see why a URL is failing like those that create the map marker warning.
Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.