{"id":2188,"date":"2025-11-20T15:40:01","date_gmt":"2025-11-20T12:40:01","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/ssl-sertifika-hatalari-rehberi-mixed-content-not-secure-ve-tarayici-uyarilarini-hosting-tarafinda-cozmek\/"},"modified":"2025-11-20T15:40:01","modified_gmt":"2025-11-20T12:40:01","slug":"ssl-sertifika-hatalari-rehberi-mixed-content-not-secure-ve-tarayici-uyarilarini-hosting-tarafinda-cozmek","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/ssl-sertifika-hatalari-rehberi-mixed-content-not-secure-ve-tarayici-uyarilarini-hosting-tarafinda-cozmek\/","title":{"rendered":"SSL Sertifika Hatalar\u0131 Rehberi: Mixed Content, Not Secure ve Taray\u0131c\u0131 Uyar\u0131lar\u0131n\u0131 Hosting Taraf\u0131nda \u00c7\u00f6zmek"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>SSL sertifikan\u0131z y\u00fckl\u00fc, taray\u0131c\u0131da kilit simgesini g\u00f6rmeyi bekliyorsunuz ama kar\u015f\u0131n\u0131zda &#8220;Not Secure&#8221; yaz\u0131s\u0131, k\u0131rm\u0131z\u0131 uyar\u0131lar veya konsolda dolup ta\u015fan &#8220;Mixed Content&#8221; hatalar\u0131 var. \u00d6zellikle e-ticaret ya da kurumsal bir projeyi yay\u0131na al\u0131rken bu uyar\u0131lar, kullan\u0131c\u0131 g\u00fcvenini ve d\u00f6n\u00fc\u015f\u00fcm oranlar\u0131n\u0131 do\u011frudan vuruyor. \u0130\u015fin daha can s\u0131k\u0131c\u0131 taraf\u0131 ise, sorun \u00e7o\u011fu zaman yaln\u0131zca kod taraf\u0131nda de\u011fil; <strong>hosting ve sunucu yap\u0131land\u0131rmas\u0131nda<\/strong> yap\u0131lan k\u00fc\u00e7\u00fck hatalardan kaynaklan\u0131yor.<\/p>\n<p>Bu rehberde, DCHost ekibinde kar\u015f\u0131la\u015ft\u0131\u011f\u0131m\u0131z ger\u00e7ek senaryolardan s\u00fcz\u00fclm\u00fc\u015f bir perspektifle; <strong>&#8220;Mixed Content&#8221; nedir, neden &#8220;Not Secure&#8221; uyar\u0131s\u0131 al\u0131rs\u0131n\u0131z, taray\u0131c\u0131 sertifika hatalar\u0131n\u0131 nas\u0131l yorumlars\u0131n\u0131z ve t\u00fcm bunlar\u0131 \u00f6zellikle <em>hosting taraf\u0131nda<\/em> nas\u0131l \u00e7\u00f6z\u00fcme kavu\u015fturursunuz<\/strong> sorular\u0131n\u0131 ad\u0131m ad\u0131m ele alaca\u011f\u0131z. Apache\/Nginx yap\u0131land\u0131rmalar\u0131ndan HSTS ba\u015fl\u0131klar\u0131na, cPanel\/Plesk panellerinden WordPress ayarlar\u0131na kadar pek \u00e7ok noktaya teknik ama yal\u0131n bir dille de\u011finece\u011fiz. Amac\u0131m\u0131z, yaln\u0131zca hatalar\u0131 ge\u00e7ici olarak susturmak de\u011fil, altyap\u0131n\u0131z\u0131 kal\u0131c\u0131 olarak <strong>g\u00fcvenli, tutarl\u0131 ve bak\u0131m\u0131 kolay<\/strong> hale getirmeniz i\u00e7in net bir yol haritas\u0131 sunmak.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#SSL_sertifika_hatalari_neden_bu_kadar_gorunur_oldu\"><span class=\"toc_number toc_depth_1\">1<\/span> SSL sertifika hatalar\u0131 neden bu kadar g\u00f6r\u00fcn\u00fcr oldu?<\/a><\/li><li><a href=\"#Tarayici_uyarilarini_dogru_okumak_8220Not_Secure8221_ne_demek_ne_demek_degil\"><span class=\"toc_number toc_depth_1\">2<\/span> Taray\u0131c\u0131 uyar\u0131lar\u0131n\u0131 do\u011fru okumak: &#8220;Not Secure&#8221; ne demek, ne demek de\u011fil?<\/a><ul><li><a href=\"#En_sik_gorulen_uyari_tipleri\"><span class=\"toc_number toc_depth_2\">2.1<\/span> En s\u0131k g\u00f6r\u00fclen uyar\u0131 tipleri<\/a><\/li><li><a href=\"#SSL_varken_bile_neden_8220Not_Secure8221_gorebilirsiniz\"><span class=\"toc_number toc_depth_2\">2.2<\/span> SSL varken bile neden &#8220;Not Secure&#8221; g\u00f6rebilirsiniz?<\/a><\/li><\/ul><\/li><li><a href=\"#Mixed_Content_hatasi_nedir_nasil_tespit_edilir\"><span class=\"toc_number toc_depth_1\">3<\/span> Mixed Content hatas\u0131 nedir, nas\u0131l tespit edilir?<\/a><ul><li><a href=\"#Mixed_content_kaynaklarini_tespit_etme\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Mixed content kaynaklar\u0131n\u0131 tespit etme<\/a><\/li><li><a href=\"#WordPress_ve_PHP_uygulamalarinda_mixed_content_cozumu\"><span class=\"toc_number toc_depth_2\">3.2<\/span> WordPress ve PHP uygulamalar\u0131nda mixed content \u00e7\u00f6z\u00fcm\u00fc<\/a><\/li><li><a href=\"#NginxApache_ile_mixed_contente_sunucu_tarafi_mudahale\"><span class=\"toc_number toc_depth_2\">3.3<\/span> Nginx\/Apache ile mixed content\u2019e sunucu taraf\u0131 m\u00fcdahale<\/a><ul><li><a href=\"#1_HTTP_isteklerini_HTTPSe_zorla_yukseltmek\"><span class=\"toc_number toc_depth_3\">3.3.1<\/span> 1) HTTP isteklerini HTTPS\u2019e zorla y\u00fckseltmek<\/a><\/li><li><a href=\"#2_Content-Security-Policy_ile_8220upgrade-insecure-requests8221_kullanmak\"><span class=\"toc_number toc_depth_3\">3.3.2<\/span> 2) Content-Security-Policy ile &#8220;upgrade-insecure-requests&#8221; kullanmak<\/a><\/li><\/ul><\/li><\/ul><\/li><li><a href=\"#8220Not_Secure8221_ve_sertifika_zinciri_hatalarini_hosting_tarafinda_duzeltmek\"><span class=\"toc_number toc_depth_1\">4<\/span> &#8220;Not Secure&#8221; ve sertifika zinciri hatalar\u0131n\u0131 hosting taraf\u0131nda d\u00fczeltmek<\/a><ul><li><a href=\"#1_Sertifika_suresi_dolmus_expired_certificate\"><span class=\"toc_number toc_depth_2\">4.1<\/span> 1) Sertifika s\u00fcresi dolmu\u015f (expired certificate)<\/a><\/li><li><a href=\"#2_Alan_adi_uyusmazligi_common_name_SAN_hatalari\"><span class=\"toc_number toc_depth_2\">4.2<\/span> 2) Alan ad\u0131 uyu\u015fmazl\u0131\u011f\u0131 (common name \/ SAN hatalar\u0131)<\/a><\/li><li><a href=\"#3_Sertifika_zinciri_eksik_intermediate_CA_yuklenmemis\"><span class=\"toc_number toc_depth_2\">4.3<\/span> 3) Sertifika zinciri eksik (intermediate CA y\u00fcklenmemi\u015f)<\/a><\/li><li><a href=\"#4_SNI_ve_birden_fazla_site_barindirma_sorunlari\"><span class=\"toc_number toc_depth_2\">4.4<\/span> 4) SNI ve birden fazla site bar\u0131nd\u0131rma sorunlar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#HTTPSi_kalici_hale_getirmek_Yonlendirmeler_HSTS_ve_guvenlik_basliklari\"><span class=\"toc_number toc_depth_1\">5<\/span> HTTPS\u2019i kal\u0131c\u0131 hale getirmek: Y\u00f6nlendirmeler, HSTS ve g\u00fcvenlik ba\u015fl\u0131klar\u0131<\/a><ul><li><a href=\"#HTTP_HTTPS_yonlendirme_stratejisi\"><span class=\"toc_number toc_depth_2\">5.1<\/span> HTTP \u2192 HTTPS y\u00f6nlendirme stratejisi<\/a><\/li><li><a href=\"#HSTS_ile_tarayiciya_8220bu_site_hep_HTTPS8221_dedirtmek\"><span class=\"toc_number toc_depth_2\">5.2<\/span> HSTS ile taray\u0131c\u0131ya &#8220;bu site hep HTTPS&#8221; dedirtmek<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_tarafinda_pratik_senaryolar_paylasimli_hosting_VPS_ve_dedicated\"><span class=\"toc_number toc_depth_1\">6<\/span> DCHost taraf\u0131nda pratik senaryolar: payla\u015f\u0131ml\u0131 hosting, VPS ve dedicated<\/a><ul><li><a href=\"#Paylasimli_hosting_uzerinde_SSL_hatalarini_duzeltmek\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Payla\u015f\u0131ml\u0131 hosting \u00fczerinde SSL hatalar\u0131n\u0131 d\u00fczeltmek<\/a><\/li><li><a href=\"#VPS_ve_dedicated_sunucularda_daha_ince_ayarlar\"><span class=\"toc_number toc_depth_2\">6.2<\/span> VPS ve dedicated sunucularda daha ince ayarlar<\/a><\/li><\/ul><\/li><li><a href=\"#Sik_yapilan_hatalar_ve_gercek_dunya_senaryolari\"><span class=\"toc_number toc_depth_1\">7<\/span> S\u0131k yap\u0131lan hatalar ve ger\u00e7ek d\u00fcnya senaryolar\u0131<\/a><ul><li><a href=\"#1_HTTPden_HTTPSe_geciste_unutulan_CDN_ve_medya_alan_adlari\"><span class=\"toc_number toc_depth_2\">7.1<\/span> 1) HTTP\u2019den HTTPS\u2019e ge\u00e7i\u015fte unutulan CDN ve medya alan adlar\u0131<\/a><\/li><li><a href=\"#2_Alan_adi_degisimi_HTTPS_gecisi_ayni_anda\"><span class=\"toc_number toc_depth_2\">7.2<\/span> 2) Alan ad\u0131 de\u011fi\u015fimi + HTTPS ge\u00e7i\u015fi ayn\u0131 anda<\/a><\/li><li><a href=\"#3_Sertifika_guncellemeleri_hep_son_dakikaya_kaliyor\"><span class=\"toc_number toc_depth_2\">7.3<\/span> 3) Sertifika g\u00fcncellemeleri hep son dakikaya kal\u0131yor<\/a><\/li><\/ul><\/li><li><a href=\"#Adim_adim_genel_cozum_rehberi\"><span class=\"toc_number toc_depth_1\">8<\/span> Ad\u0131m ad\u0131m genel \u00e7\u00f6z\u00fcm rehberi<\/a><\/li><li><a href=\"#Sonuc_SSL_hatalarini_susturmak_degil_altyapiyi_kalici_olarak_saglama_almak\"><span class=\"toc_number toc_depth_1\">9<\/span> Sonu\u00e7: SSL hatalar\u0131n\u0131 susturmak de\u011fil, altyap\u0131y\u0131 kal\u0131c\u0131 olarak sa\u011flama almak<\/a><\/li><\/ul><\/div>\n<h2><span id=\"SSL_sertifika_hatalari_neden_bu_kadar_gorunur_oldu\">SSL sertifika hatalar\u0131 neden bu kadar g\u00f6r\u00fcn\u00fcr oldu?<\/span><\/h2>\n<p>Taray\u0131c\u0131lar son y\u0131llarda kullan\u0131c\u0131 g\u00fcvenli\u011fini \u00f6nceleyen \u00e7ok daha agresif bir politika izliyor. Eskiden sadece ge\u00e7ersiz sertifikalarda g\u00f6rd\u00fc\u011f\u00fcm\u00fcz uyar\u0131lar bug\u00fcn:<\/p>\n<ul>\n<li>Hi\u00e7 SSL olmayan sitelerde &#8220;Not Secure&#8221; ibaresi,<\/li>\n<li>Yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f HTTPS\u2019te k\u0131rm\u0131z\u0131 kilit veya uyar\u0131 sayfalar\u0131,<\/li>\n<li>HTTP \u00fczerinden \u00e7a\u011fr\u0131lan g\u00f6rsel, JS ve CSS dosyalar\u0131nda &#8220;Mixed Content&#8221; uyar\u0131lar\u0131<\/li>\n<li>Eski protokol ve \u015fifrelemelerde &#8220;Connection is not fully secure&#8221; benzeri mesajlar<\/li>\n<\/ul>\n<p>\u015feklinde kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yor.<\/p>\n<p>\u00d6zellikle \u00f6deme alan, kullan\u0131c\u0131 verisi i\u015fleyen veya giri\u015f formu bar\u0131nd\u0131ran sitelerde bu uyar\u0131lar, hem <strong>hukuki uyumluluk<\/strong> hem de <strong>SEO<\/strong> a\u00e7\u0131s\u0131ndan ciddi risk. Daha \u00f6nce yay\u0131nlad\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/ssl-sertifikasi-nedir-web-sitenizi-guvence-altina-almanin-yollari\/'>&#8220;SSL Sertifikas\u0131 Nedir?&#8221; rehberinde<\/a> temelleri anlatm\u0131\u015ft\u0131k; bu yaz\u0131da o temellerin \u00fczerine, g\u00fcnl\u00fck operasyonlarda kar\u015f\u0131n\u0131za \u00e7\u0131kan somut hatalar\u0131 ve \u00e7\u00f6z\u00fcm ad\u0131mlar\u0131n\u0131 yerle\u015ftirece\u011fiz.<\/p>\n<h2><span id=\"Tarayici_uyarilarini_dogru_okumak_8220Not_Secure8221_ne_demek_ne_demek_degil\">Taray\u0131c\u0131 uyar\u0131lar\u0131n\u0131 do\u011fru okumak: &#8220;Not Secure&#8221; ne demek, ne demek de\u011fil?<\/span><\/h2>\n<p>\u00d6nce taray\u0131c\u0131n\u0131n verdi\u011fi mesajlar\u0131 do\u011fru anlamak gerekiyor. \u00c7\u00fcnk\u00fc her &#8220;Not Secure&#8221; ayn\u0131 k\u00f6kten kaynaklanm\u0131yor ve \u00e7\u00f6z\u00fcm de ona g\u00f6re de\u011fi\u015fiyor.<\/p>\n<h3><span id=\"En_sik_gorulen_uyari_tipleri\">En s\u0131k g\u00f6r\u00fclen uyar\u0131 tipleri<\/span><\/h3>\n<ul>\n<li><strong>Adres \u00e7ubu\u011funda &#8220;Not Secure&#8221; (HTTP):<\/strong> Site tamamen HTTP \u00fczerinden yay\u0131n yap\u0131yor veya HTTPS zorunlu de\u011fil. \u00c7\u00f6z\u00fcm: SSL kurulumu ve HTTPS\u2019e zorunlu y\u00f6nlendirme.<\/li>\n<li><strong>&#8220;Your connection is not private&#8221; \/ sertifika uyar\u0131 sayfas\u0131:<\/strong> Genellikle sertifika s\u00fcresi dolmu\u015f, alan ad\u0131 e\u015fle\u015fmiyor ya da sertifika zinciri eksik.<\/li>\n<li><strong>Gri\/k\u0131rm\u0131z\u0131 kilit ve &#8220;This page is not fully secure&#8221; mesaj\u0131:<\/strong> Sitenin ana iste\u011fi HTTPS, fakat i\u00e7eride HTTP \u00fczerinden y\u00fcklenen g\u00f6rsel, JS, CSS veya iframe gibi kaynaklar var; klasik <strong>Mixed Content<\/strong> vakas\u0131.<\/li>\n<li><strong>Protokol\/\u015fifreleme uyar\u0131lar\u0131:<\/strong> Eski TLS s\u00fcr\u00fcmleri (TLS 1.0\/1.1) veya zay\u0131f \u015fifre tak\u0131mlar\u0131 kullan\u0131ld\u0131\u011f\u0131nda ortaya \u00e7\u0131kabiliyor.<\/li>\n<\/ul>\n<p>Bu uyar\u0131lar\u0131n her biri, bar\u0131nd\u0131rma altyap\u0131s\u0131nda farkl\u0131 bir ayara i\u015faret ediyor. \u00d6rne\u011fin sertifika s\u00fcresi ile ilgili bir hata, \u00e7o\u011fu zaman <strong>otomatik yenileme<\/strong> (ACME) s\u00fcrecinin \u00e7al\u0131\u015fmamas\u0131na; mixed content ise daha \u00e7ok <strong>uygulama ve reverse proxy katman\u0131<\/strong>nda eksik kalan ayarlara i\u015faret ediyor.<\/p>\n<h3><span id=\"SSL_varken_bile_neden_8220Not_Secure8221_gorebilirsiniz\">SSL varken bile neden &#8220;Not Secure&#8221; g\u00f6rebilirsiniz?<\/span><\/h3>\n<p>&#8220;HTTPS kurduk ama taray\u0131c\u0131 h\u00e2l\u00e2 m\u0131zm\u0131zlan\u0131yor&#8221; c\u00fcmlesini DCHost destek ekibinde \u00e7ok duyar\u0131z. En yayg\u0131n sebepler:<\/p>\n<ul>\n<li><strong>Yanl\u0131\u015f host ad\u0131na kesilmi\u015f sertifika:<\/strong> Sertifika <code>www.ornek.com<\/code> i\u00e7in al\u0131nm\u0131\u015f ama siteyi <code>https:\/\/ornek.com<\/code> \u00fczerinden a\u00e7\u0131yorsunuz (veya tam tersi).<\/li>\n<li><strong>Sertifika zinciri eksik:<\/strong> Sunucuda sadece sunucu sertifikas\u0131 y\u00fcklenmi\u015f, ara sertifikalar (intermediate) eksik.<\/li>\n<li><strong>Mixed content:<\/strong> HTML HTTPS, i\u00e7indeki baz\u0131 linkler HTTP.<\/li>\n<li><strong>Eski TLS yap\u0131land\u0131rmas\u0131:<\/strong> Taray\u0131c\u0131, kullan\u0131lan \u015fifre tak\u0131mlar\u0131n\u0131 veya protokol s\u00fcr\u00fcm\u00fcn\u00fc art\u0131k kabul etmiyor.<\/li>\n<\/ul>\n<p>Bu tip hatalar\u0131n \u00f6nemli bir k\u0131sm\u0131, do\u011fru haz\u0131rlanm\u0131\u015f bir <strong>sunucu taraf\u0131 kontrol listesi<\/strong> ile ba\u015ftan \u00f6nlenebilir. \u00d6rne\u011fin <a href='https:\/\/www.dchost.com\/blog\/tls-1-3-ve-modern-sifrelerin-sicacik-mutfagi-nginx-apachede-ocsp-stapling-hsts-preload-ve-pfs-nasil-kurulur\/'>TLS 1.3 ve modern \u015fifreler rehberimizde<\/a> hem protokol hem de HSTS gibi kritik ba\u015fl\u0131klar\u0131 ayr\u0131nt\u0131l\u0131 i\u015flemi\u015ftik.<\/p>\n<h2><span id=\"Mixed_Content_hatasi_nedir_nasil_tespit_edilir\">Mixed Content hatas\u0131 nedir, nas\u0131l tespit edilir?<\/span><\/h2>\n<p><strong>Mixed Content<\/strong>, sayfan\u0131z\u0131n ana HTML iste\u011fi HTTPS iken, i\u00e7indeki baz\u0131 kaynaklar\u0131n (g\u00f6rsel, JS, CSS, font, iframe vb.) HTTP \u00fczerinden \u00e7a\u011fr\u0131lmas\u0131d\u0131r. Taray\u0131c\u0131 bunu, g\u00fcvenli bir sayfa i\u00e7inde g\u00fcvensiz par\u00e7alar var \u015feklinde yorumlar ve:<\/p>\n<ul>\n<li>Modern taray\u0131c\u0131larda aktif i\u00e7erikleri (JS, XHR vs.) <strong>bloklayabilir<\/strong>,<\/li>\n<li>Pasif i\u00e7erikleri (g\u00f6rseller) y\u00fcklemeye devam etse bile &#8220;Not fully secure&#8221; uyar\u0131s\u0131 verebilir,<\/li>\n<li>Konsolda &#8220;Mixed Content&#8221; \u015feklinde detayl\u0131 uyar\u0131lar g\u00f6sterir.<\/li>\n<\/ul>\n<h3><span id=\"Mixed_content_kaynaklarini_tespit_etme\">Mixed content kaynaklar\u0131n\u0131 tespit etme<\/span><\/h3>\n<p>\u0130lk ad\u0131m, hangi kaynaklar\u0131n HTTP \u00fczerinden \u00e7a\u011fr\u0131ld\u0131\u011f\u0131n\u0131 bulmak:<\/p>\n<ol>\n<li>Taray\u0131c\u0131da sayfan\u0131z\u0131 a\u00e7\u0131n ve geli\u015ftirici ara\u00e7lar\u0131n\u0131 a\u00e7\u0131n (Chrome i\u00e7in F12).<\/li>\n<li><strong>Console<\/strong> sekmesinde &#8220;Mixed Content&#8221; uyar\u0131lar\u0131n\u0131 aray\u0131n. Taray\u0131c\u0131, HTTP \u00fczerinden y\u00fcklenmeye \u00e7al\u0131\u015fan tam URL\u2019leri listeler.<\/li>\n<li><strong>Network<\/strong> sekmesinde protokol s\u00fctununu veya istek URL\u2019lerini kontrol ederek <code>http:\/\/<\/code> ile ba\u015flayan istekleri filtreleyin.<\/li>\n<li>Kaynak kodda (<strong>View Source<\/strong>) sabit yaz\u0131lm\u0131\u015f <code>http:\/\/<\/code> linkleri aray\u0131n.<\/li>\n<\/ol>\n<p>Bu ad\u0131mlar sonunda elinizde genelde \u00fc\u00e7 tip problemli ba\u011flant\u0131 olur:<\/p>\n<ul>\n<li>Eski tema\/plugin veya statik HTML i\u00e7inde sabitlenmi\u015f HTTP linkleri,<\/li>\n<li>CDN, harici servisler veya eski alan ad\u0131 \u00fczerinden \u00e7ekilen kaynaklar,<\/li>\n<li>Yanl\u0131\u015f base URL veya site adresi ayarlar\u0131.<\/li>\n<\/ul>\n<h3><span id=\"WordPress_ve_PHP_uygulamalarinda_mixed_content_cozumu\">WordPress ve PHP uygulamalar\u0131nda mixed content \u00e7\u00f6z\u00fcm\u00fc<\/span><\/h3>\n<p>WordPress ve benzeri CMS\u2019lerde mixed content \u00e7o\u011fu zaman <strong>temel URL ayarlar\u0131n\u0131n<\/strong> yanl\u0131\u015f olmas\u0131ndan veya veritaban\u0131na HTTP\u2019li linklerin kaydedilmi\u015f olmas\u0131ndan kaynaklan\u0131r:<\/p>\n<ul>\n<li><strong>Site adresi ayar\u0131:<\/strong> WordPress\u2019te <em>Ayarlar &gt; Genel<\/em> b\u00f6l\u00fcm\u00fcnde <code>Site Adresi (URL)<\/code> ve <code>WordPress Adresi (URL)<\/code> alanlar\u0131n\u0131n <code>https:\/\/<\/code> ile ba\u015flad\u0131\u011f\u0131ndan emin olun.<\/li>\n<li><strong>Veritaban\u0131nda HTTP linkleri:<\/strong> Eski sitede <code>http:\/\/<\/code> ile olu\u015fturulmu\u015f i\u00e7erikler, g\u00f6rsel URL\u2019leri ve i\u00e7 linkler yeni HTTPS siteye ta\u015f\u0131nd\u0131\u011f\u0131nda mixed content \u00fcretir. Bu durumda, dikkatli bir <strong>arama-de\u011fi\u015ftir (search-replace)<\/strong> i\u015flemi gerekir.<\/li>\n<\/ul>\n<p>\u00d6rnek bir SQL arama-de\u011fi\u015ftir (\u00f6nce mutlaka yedek al\u0131n):<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">UPDATE wp_posts\nSET post_content = REPLACE(post_content, 'http:\/\/ornek.com', 'https:\/\/ornek.com');\n<\/code><\/pre>\n<p>Benzer i\u015flemi <code>wp_postmeta<\/code>, tema se\u00e7enekleri tablosu ve eklenti ayarlar\u0131 i\u00e7in de tekrarlamak gerekebilir. Bu tip i\u015flemlere ba\u015flamadan \u00f6nce <a href='https:\/\/www.dchost.com\/blog\/3-2-1-yedekleme-stratejisi-neden-ise-yariyor-cpanel-plesk-ve-vpste-otomatik-yedekleri-nasil-kurarsin\/'>3-2-1 yedekleme stratejisi rehberimizde<\/a> anlatt\u0131\u011f\u0131m\u0131z gibi sa\u011flam bir yedek plan\u0131n\u0131z oldu\u011fundan emin olun.<\/p>\n<h3><span id=\"NginxApache_ile_mixed_contente_sunucu_tarafi_mudahale\">Nginx\/Apache ile mixed content\u2019e sunucu taraf\u0131 m\u00fcdahale<\/span><\/h3>\n<p>Kod taraf\u0131nda temizlik yapmak idealdir ama \u00f6zellikle b\u00fcy\u00fck projelerde t\u00fcm HTTP linklerini temizlemek zaman alabilir. Bu a\u015famada sunucu taraf\u0131nda iki yakla\u015f\u0131m i\u015fe yarar:<\/p>\n<h4><span id=\"1_HTTP_isteklerini_HTTPSe_zorla_yukseltmek\">1) HTTP isteklerini HTTPS\u2019e zorla y\u00fckseltmek<\/span><\/h4>\n<p>Statik dosyalar\u0131n\u0131z ayn\u0131 sunucuda ve ayn\u0131 alan ad\u0131 alt\u0131nda ise, HTTP\u2019den gelen istekleri 301 ile HTTPS\u2019e y\u00f6nlendirebilirsiniz.<\/p>\n<p><strong>Apache (.htaccess) \u00f6rne\u011fi:<\/strong><\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">RewriteEngine On\nRewriteCond %{HTTPS} off\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]\n<\/code><\/pre>\n<p><strong>Nginx \u00f6rne\u011fi:<\/strong><\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">server {\n    listen 80;\n    server_name ornek.com www.ornek.com;\n    return 301 https:\/\/$host$request_uri;\n}\n<\/code><\/pre>\n<p>Bu y\u00f6ntem, HTML i\u00e7inde h\u00e2l\u00e2 <code>http:\/\/<\/code> yazsa bile iste\u011fin sunucuya HTTPS \u00fczerinden gelmesini sa\u011flar. Ancak <strong>farkl\u0131 domain\u2019lerdeki<\/strong> harici kaynaklar (\u00f6rne\u011fin bir \u00fc\u00e7\u00fcnc\u00fc parti analitik script\u2019i) i\u00e7in i\u015fe yaramaz.<\/p>\n<h4><span id=\"2_Content-Security-Policy_ile_8220upgrade-insecure-requests8221_kullanmak\">2) Content-Security-Policy ile &#8220;upgrade-insecure-requests&#8221; kullanmak<\/span><\/h4>\n<p>Modern taray\u0131c\u0131larda, HTTP olarak yaz\u0131lm\u0131\u015f istekleri otomatik HTTPS\u2019e y\u00fckseltmek i\u00e7in \u015fu ba\u015fl\u0131\u011f\u0131 ekleyebilirsiniz:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">Content-Security-Policy: upgrade-insecure-requests\n<\/code><\/pre>\n<p>Bu ba\u015fl\u0131k, &#8220;<code>http:\/\/<\/code> yaz\u0131lm\u0131\u015f olsa bile e\u011fer ayn\u0131 kayna\u011f\u0131n HTTPS versiyonu varsa taray\u0131c\u0131n\u0131n onu tercih etmesini sa\u011flar. CSP konusunda daha detayl\u0131 bir kurulum i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/cspyi-dogru-kurmak-wordpress-laravelde-nonce-hash-report-to-ve-inline-scriptleri-tatli-tatli-ehlilestirmek\/'>CSP\u2019yi do\u011fru kurma rehberimize<\/a> g\u00f6z atabilirsiniz.<\/p>\n<p>Unutmay\u0131n: Bu iki yakla\u015f\u0131m <strong>ge\u00e7i\u015fi kolayla\u015ft\u0131rmak<\/strong> i\u00e7in faydal\u0131d\u0131r ama uzun vadede <strong>kaynak kodundaki HTTP referanslar\u0131n\u0131 temizlemek<\/strong> en sa\u011fl\u0131kl\u0131 \u00e7\u00f6z\u00fcmd\u00fcr.<\/p>\n<h2><span id=\"8220Not_Secure8221_ve_sertifika_zinciri_hatalarini_hosting_tarafinda_duzeltmek\">&#8220;Not Secure&#8221; ve sertifika zinciri hatalar\u0131n\u0131 hosting taraf\u0131nda d\u00fczeltmek<\/span><\/h2>\n<p>Mixed content d\u0131\u015f\u0131nda en \u00e7ok ba\u015f a\u011fr\u0131tan konu, taray\u0131c\u0131n\u0131n sertifikan\u0131z\u0131 kabul etmemesi veya alan ad\u0131n\u0131zla e\u015fle\u015ftirememesidir. Bu b\u00f6l\u00fcmde, DCHost taraf\u0131nda en s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz sertifika kaynakl\u0131 hatalar\u0131 ve \u00e7\u00f6z\u00fcm ad\u0131mlar\u0131n\u0131 toparlayal\u0131m.<\/p>\n<h3><span id=\"1_Sertifika_suresi_dolmus_expired_certificate\">1) Sertifika s\u00fcresi dolmu\u015f (expired certificate)<\/span><\/h3>\n<p>Taray\u0131c\u0131 genellikle <strong>&#8220;NET::ERR_CERT_DATE_INVALID&#8221;<\/strong> gibi hatalar g\u00f6sterir ve kullan\u0131c\u0131y\u0131 b\u00fcy\u00fck bir uyar\u0131 sayfas\u0131 ile kar\u015f\u0131lar. \u00c7\u00f6z\u00fcm:<\/p>\n<ul>\n<li>cPanel\/Plesk veya sunucu panelinizden sertifikan\u0131n biti\u015f tarihini kontrol edin.<\/li>\n<li>ACME\/otomatik yenileme kullan\u0131yorsan\u0131z cron veya systemd timer\u2019\u0131n ger\u00e7ekten \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olun.<\/li>\n<li>Elle yenileme yap\u0131yorsan\u0131z, yeni sertifikay\u0131 y\u00fckledikten sonra <strong>eski sertifikan\u0131n t\u00fcm vhost\u2019lardan tamamen kald\u0131r\u0131ld\u0131\u011f\u0131ndan<\/strong> emin olun.<\/li>\n<\/ul>\n<p>Otomasyon taraf\u0131nda daha ileri senaryolar i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/acme-otomasyonunda-yedekli-ca-nasil-kurulur-acme-sh-ile-lets-encrypt-zerossl-fallback-oran-limitlerine-karsi-guvenli-olcekleme\/'>ACME otomasyonunda yedekli CA kullan\u0131m\u0131<\/a> makalemizde detayl\u0131 bir \u00f6rnek ak\u0131\u015f bulabilirsiniz.<\/p>\n<h3><span id=\"2_Alan_adi_uyusmazligi_common_name_SAN_hatalari\">2) Alan ad\u0131 uyu\u015fmazl\u0131\u011f\u0131 (common name \/ SAN hatalar\u0131)<\/span><\/h3>\n<p>Taray\u0131c\u0131 hatas\u0131 genelde &#8220;<em>certificate for example.com doesn\u2019t match www.example.com<\/em>&#8221; gibidir. Sebep:<\/p>\n<ul>\n<li>Sertifika sadece <code>ornek.com<\/code> i\u00e7in al\u0131nm\u0131\u015ft\u0131r, siz <code>www.ornek.com<\/code> \u00fczerinden eri\u015fiyorsunuz (veya tam tersi).<\/li>\n<li>Sertifika yanl\u0131\u015f alan ad\u0131na ba\u011flanm\u0131\u015f vhost alt\u0131nda kullan\u0131l\u0131yor.<\/li>\n<li>Wildcard sertifika beklerken tek alan ad\u0131na kesilmi\u015f bir sertifika y\u00fcklenmi\u015f.<\/li>\n<\/ul>\n<p>\u00c7\u00f6z\u00fcm taraf\u0131nda iki kritik nokta var:<\/p>\n<ol>\n<li><strong>Do\u011fru sertifika t\u00fcr\u00fcn\u00fc se\u00e7mek:<\/strong> <code>ornek.com<\/code> ve <code>www.ornek.com<\/code> i\u00e7in SAN (Subject Alternative Name) i\u00e7eren tek bir sertifika veya wildcard (<code>*.ornek.com<\/code>) tercih etmek mant\u0131kl\u0131 olabilir.<\/li>\n<li><strong>Do\u011fru vhost\u2019a ba\u011flamak:<\/strong> Apache\/Nginx yap\u0131land\u0131rmas\u0131nda, ilgili <code>server_name<\/code> veya <code>ServerName\/ServerAlias<\/code> direktifleri ile sertifikan\u0131z\u0131 e\u015fle\u015ftirin.<\/li>\n<\/ol>\n<p>Hangi senaryoda DV, OV, EV veya wildcard sertifika tercih etmeniz gerekti\u011fi konusunda karars\u0131zsan\u0131z, <a href='https:\/\/www.dchost.com\/blog\/dv-ov-ev-ve-wildcard-ssl-arasinda-kaybolmadan-e-ticaret-ve-saaste-hangi-sertifika-ne-zaman\/'>DV, OV, EV ve Wildcard SSL rehberimiz<\/a> karar a\u015famas\u0131nda iyi bir referans olacakt\u0131r.<\/p>\n<h3><span id=\"3_Sertifika_zinciri_eksik_intermediate_CA_yuklenmemis\">3) Sertifika zinciri eksik (intermediate CA y\u00fcklenmemi\u015f)<\/span><\/h3>\n<p>Bazen sertifikan\u0131z do\u011fru alan ad\u0131na kesilmi\u015ftir, s\u00fcre ge\u00e7erli g\u00f6r\u00fcn\u00fcr ama baz\u0131 taray\u0131c\u0131larda veya mobil cihazlarda yine de g\u00fcven hatas\u0131 al\u0131rs\u0131n\u0131z. \u00c7o\u011fu zaman sebep:<\/p>\n<ul>\n<li>Sunucuya yaln\u0131zca <strong>sunucu sertifikas\u0131<\/strong> y\u00fcklenmi\u015f,<\/li>\n<li>CA\u2019n\u0131n verdi\u011fi <strong>intermediate (ara) sertifikalar<\/strong> y\u00fcklenmemi\u015f veya yanl\u0131\u015f s\u0131rada birle\u015ftirilmi\u015f.<\/li>\n<\/ul>\n<p>\u00c7\u00f6z\u00fcm i\u00e7in:<\/p>\n<ol>\n<li>Sertifika sa\u011flay\u0131c\u0131n\u0131z\u0131n panelinden <strong>fullchain<\/strong> veya <strong>bundle<\/strong> dosyas\u0131n\u0131 indirin.<\/li>\n<li>Apache kullan\u0131yorsan\u0131z <code>SSLCertificateFile<\/code> ve <code>SSLCertificateChainFile<\/code> (veya direkt <code>SSLCertificateFile<\/code> ile birle\u015fik fullchain) ayarlar\u0131n\u0131 kontrol edin.<\/li>\n<li>Nginx\u2019te <code>ssl_certificate<\/code> direktifinin fullchain\u2019i i\u015faret etti\u011finden, <code>ssl_certificate_key<\/code>\u2019in ise private key\u2019i g\u00f6sterdi\u011finden emin olun.<\/li>\n<\/ol>\n<h3><span id=\"4_SNI_ve_birden_fazla_site_barindirma_sorunlari\">4) SNI ve birden fazla site bar\u0131nd\u0131rma sorunlar\u0131<\/span><\/h3>\n<p>Ayn\u0131 IP \u00fczerinde birden fazla HTTPS site bar\u0131nd\u0131r\u0131yorsan\u0131z, <strong>SNI (Server Name Indication)<\/strong> deste\u011finin hem sunucuda hem de istemci taraf\u0131nda olmas\u0131 gerekir (modern taray\u0131c\u0131larda standartt\u0131r). Yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f vhost\u2019lar veya eksik SNI deste\u011fi, yanl\u0131\u015f sertifikan\u0131n sunulmas\u0131na yol a\u00e7ar.<\/p>\n<p>cPanel, Plesk ve modern web sunucular\u0131nda SNI varsay\u0131lan olarak etkin gelir. Ancak manuel Nginx\/Apache yap\u0131land\u0131rmalar\u0131nda, <code>server_name<\/code> \/ <code>ServerName<\/code> ayarlar\u0131n\u0131n do\u011frulu\u011fu ve dinledi\u011finiz IP\/port kombinasyonlar\u0131n\u0131n \u00e7ak\u0131\u015fmamas\u0131 \u00f6nemli.<\/p>\n<h2><span id=\"HTTPSi_kalici_hale_getirmek_Yonlendirmeler_HSTS_ve_guvenlik_basliklari\">HTTPS\u2019i kal\u0131c\u0131 hale getirmek: Y\u00f6nlendirmeler, HSTS ve g\u00fcvenlik ba\u015fl\u0131klar\u0131<\/span><\/h2>\n<p>Sertifikan\u0131z do\u011fru, mixed content temizlenmi\u015f olsa bile HTTP \u00fczerinden eri\u015fime izin veriyorsan\u0131z, taray\u0131c\u0131lar ve kullan\u0131c\u0131lar h\u00e2l\u00e2 risk alt\u0131nda olabilir. Bu a\u015famada devreye <strong>kal\u0131c\u0131 y\u00f6nlendirmeler<\/strong> ve <strong>HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131<\/strong> giriyor.<\/p>\n<h3><span id=\"HTTP_HTTPS_yonlendirme_stratejisi\">HTTP \u2192 HTTPS y\u00f6nlendirme stratejisi<\/span><\/h3>\n<p>Hedefiniz \u015fu olmal\u0131: Kullan\u0131c\u0131 <code>http:\/\/<\/code> ile de yazsa, her zaman <strong>tek bir kanonik HTTPS adresine<\/strong> d\u00fc\u015fmeli.<\/p>\n<ul>\n<li>T\u00fcm <code>http:\/\/ornek.com<\/code> istekleri \u2192 <code>https:\/\/ornek.com<\/code><\/li>\n<li>T\u00fcm <code>http:\/\/www.ornek.com<\/code> istekleri \u2192 <code>https:\/\/ornek.com<\/code> (veya tam tersi, hangi yap\u0131y\u0131 kanonik se\u00e7tiyseniz)<\/li>\n<\/ul>\n<p><strong>Apache \u00f6rne\u011fi:<\/strong><\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">RewriteEngine On\n# www'den k\u00f6ke y\u00f6nlendirme\nRewriteCond %{HTTP_HOST} ^www.ornek.com [NC]\nRewriteRule ^(.*)$ https:\/\/ornek.com\/$1 [L,R=301]\n\n# HTTP'den HTTPS'e y\u00f6nlendirme\nRewriteCond %{HTTPS} off\nRewriteRule ^(.*)$ https:\/\/ornek.com\/$1 [L,R=301]\n<\/code><\/pre>\n<p><strong>Nginx \u00f6rne\u011fi (\u00f6zet):<\/strong><\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">server {\n    listen 80;\n    server_name ornek.com www.ornek.com;\n    return 301 https:\/\/ornek.com$request_uri;\n}\n<\/code><\/pre>\n<h3><span id=\"HSTS_ile_tarayiciya_8220bu_site_hep_HTTPS8221_dedirtmek\">HSTS ile taray\u0131c\u0131ya &#8220;bu site hep HTTPS&#8221; dedirtmek<\/span><\/h3>\n<p><strong>HSTS (HTTP Strict Transport Security)<\/strong>, taray\u0131c\u0131ya &#8220;bu alan ad\u0131na bir daha asla HTTP \u00fczerinden ba\u011flanma&#8221; demenin standart yoludur. Do\u011fru kullan\u0131ld\u0131\u011f\u0131nda:<\/p>\n<ul>\n<li>Downgrade (HTTPS \u2192 HTTP) sald\u0131r\u0131lar\u0131n\u0131 engeller,<\/li>\n<li>Yanl\u0131\u015fl\u0131kla HTTP link t\u0131klamalar\u0131n\u0131 HTTPS\u2019e y\u00fckseltir,<\/li>\n<li>Taray\u0131c\u0131 taraf\u0131nda \u00f6nemli bir g\u00fcven sinyali \u00fcretir.<\/li>\n<\/ul>\n<p>Basit bir HSTS ba\u015fl\u0131\u011f\u0131 \u00f6rne\u011fi:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">Strict-Transport-Security: max-age=31536000; includeSubDomains; preload\n<\/code><\/pre>\n<p>Bu ba\u015fl\u0131\u011f\u0131 kullan\u0131rken dikkatli olun; \u00f6zellikle <code>includeSubDomains<\/code> ve <code>preload<\/code> parametreleri, yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f alt alan adlar\u0131nda problem yaratabilir. HSTS ve di\u011fer g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131 ayr\u0131nt\u0131l\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href='https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-hsts-csp-ve-digerlerini-ne-zaman-nasil-uygulamalisin\/'>HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 rehberimize<\/a> mutlaka g\u00f6z at\u0131n.<\/p>\n<h2><span id=\"DCHost_tarafinda_pratik_senaryolar_paylasimli_hosting_VPS_ve_dedicated\">DCHost taraf\u0131nda pratik senaryolar: <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a>, VPS ve dedicated<\/span><\/h2>\n<p>DCHost olarak hem payla\u015f\u0131ml\u0131 hosting hem de VPS\/dedicated ve colocation taraf\u0131nda \u00e7ok farkl\u0131 SSL senaryolar\u0131 g\u00f6r\u00fcyoruz. Hangi ortamda \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131za g\u00f6re atman\u0131z gereken ad\u0131mlar biraz de\u011fi\u015fiyor.<\/p>\n<h3><span id=\"Paylasimli_hosting_uzerinde_SSL_hatalarini_duzeltmek\">Payla\u015f\u0131ml\u0131 hosting \u00fczerinde SSL hatalar\u0131n\u0131 d\u00fczeltmek<\/span><\/h3>\n<p>Payla\u015f\u0131ml\u0131 hosting hizmetlerinde genellikle:<\/p>\n<ul>\n<li>Kontrol paneli (cPanel, Plesk vb.) \u00fczerinden <strong>otomatik SSL<\/strong> (ACME tabanl\u0131) sa\u011flan\u0131r,<\/li>\n<li>&#8220;HTTPS\u2019e zorla y\u00f6nlendir&#8221; gibi haz\u0131r se\u00e7enekler bulunur,<\/li>\n<li>Temel HSTS ve g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131 ayarlayabilece\u011finiz aray\u00fczler veya .htaccess eri\u015fimi vard\u0131r.<\/li>\n<\/ul>\n<p>Bu ortamda yap\u0131lacaklar \u00f6zetle:<\/p>\n<ol>\n<li>Alan ad\u0131n\u0131z\u0131n DNS kay\u0131tlar\u0131n\u0131n (A\/AAAA) do\u011fru sunucuyu g\u00f6sterdi\u011finden emin olun.<\/li>\n<li>Panelden <a href=\"https:\/\/www.dchost.com\/tr\/ssl\">SSL sertifikas\u0131<\/a>n\u0131n ba\u015far\u0131yla kurulup kurulmad\u0131\u011f\u0131n\u0131 ve biti\u015f tarihini kontrol edin.<\/li>\n<li>&#8220;Force HTTPS&#8221; benzeri se\u00e7ene\u011fi etkinle\u015ftirin veya kendi .htaccess y\u00f6nlendirme kurallar\u0131n\u0131z\u0131 yaz\u0131n.<\/li>\n<li>WordPress \/ CMS taraf\u0131nda site URL\u2019sini <code>https:\/\/<\/code> ile g\u00fcncelleyin.<\/li>\n<\/ol>\n<h3><span id=\"VPS_ve_dedicated_sunucularda_daha_ince_ayarlar\">VPS ve <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>larda daha ince ayarlar<\/span><\/h3>\n<p>VPS veya fiziksel sunucuda tam yetki sizde oldu\u011fu i\u00e7in, SSL ve TLS taraf\u0131nda \u00e7ok daha ince ayarlar yapabilirsiniz ama bu ayn\u0131 zamanda daha fazla sorumluluk da getirir:<\/p>\n<ul>\n<li>Do\u011fru ACME istemcisini (\u00f6rne\u011fin <code>acme.sh<\/code>) kurup otomatik yenileme kurgulamak,<\/li>\n<li>Nginx\/Apache\u2019de modern TLS profilleri, OCSP stapling ve HTTP\/2\/3 deste\u011fini etkinle\u015ftirmek,<\/li>\n<li>Reverse proxy, container (Docker\/Kubernetes) veya load balancer arkas\u0131nda do\u011fru sertifikay\u0131 do\u011fru katmanda sonland\u0131rmak.<\/li>\n<\/ul>\n<p>Bu konular\u0131n \u00e7o\u011funu daha \u00f6nce par\u00e7a par\u00e7a i\u015fledik; \u00f6rne\u011fin:<\/p>\n<ul>\n<li><a href='https:\/\/www.dchost.com\/blog\/nginxte-tls-1-3-ocsp-stapling-ve-brotli-nasil-kurulur-hizli-ve-guvenli-httpsnin-sicacik-rehberi\/'>Nginx\u2019te TLS 1.3, OCSP stapling ve Brotli kurulumu<\/a><\/li>\n<li><a href='https:\/\/www.dchost.com\/blog\/lets-encrypt-wildcard-ssl-otomasyonu-dns-01-ile-cpanel-plesk-ve-nginxte-zahmetsiz-kurulum-ve-yenileme-nasil-yapilir\/'>Let\u2019s Encrypt wildcard SSL otomasyonu ve DNS-01 senaryolar\u0131<\/a><\/li>\n<li><a href='https:\/\/www.dchost.com\/blog\/acme-challenge-turleri-derinlemesine-http-01-dns-01-ve-tls-alpn-01-ne-zaman-hangisi\/'>ACME challenge t\u00fcrleri (HTTP-01, DNS-01, TLS-ALPN-01)<\/a><\/li>\n<\/ul>\n<p>Bu rehberleri, burada anlatt\u0131\u011f\u0131m\u0131z genel prensiplerle birle\u015ftirdi\u011finizde, VPS ve dedicated sunucular\u0131n\u0131zda SSL ile ilgili hemen her senaryoyu y\u00f6netebilecek seviyeye gelirsiniz.<\/p>\n<h2><span id=\"Sik_yapilan_hatalar_ve_gercek_dunya_senaryolari\">S\u0131k yap\u0131lan hatalar ve ger\u00e7ek d\u00fcnya senaryolar\u0131<\/span><\/h2>\n<p>DCHost taraf\u0131nda sahada en \u00e7ok g\u00f6rd\u00fc\u011f\u00fcm\u00fcz birka\u00e7 tipik senaryoyu ve hosting taraf\u0131ndan nas\u0131l \u00e7\u00f6z\u00fcmledi\u011fimizi \u00f6zetleyelim.<\/p>\n<h3><span id=\"1_HTTPden_HTTPSe_geciste_unutulan_CDN_ve_medya_alan_adlari\">1) HTTP\u2019den HTTPS\u2019e ge\u00e7i\u015fte unutulan CDN ve medya alan adlar\u0131<\/span><\/h3>\n<p>Bir\u00e7ok projede statik dosyalar <code>cdn.ornek.com<\/code> gibi alt alan adlar\u0131ndan veya tamamen farkl\u0131 bir alan ad\u0131ndan servis edilir. Ana siteyi HTTPS\u2019e ta\u015f\u0131y\u0131p sertifika al\u0131rs\u0131n\u0131z ama CDN alan ad\u0131 i\u00e7in sertifika unutulur. Sonu\u00e7: T\u00fcm g\u00f6rseller ve statik dosyalar HTTP kal\u0131r ve taray\u0131c\u0131 mixed content uyar\u0131s\u0131 verir.<\/p>\n<p>\u00c7\u00f6z\u00fcm:<\/p>\n<ul>\n<li>CDN alt alan\u0131 i\u00e7in de sertifika al\u0131n ve sunucu\/CDN taraf\u0131nda tan\u0131mlay\u0131n.<\/li>\n<li>Uygulaman\u0131z\u0131n &#8220;asset URL&#8221; veya &#8220;base URL&#8221; ayarlar\u0131n\u0131 HTTPS\u2019e g\u00fcncelleyin.<\/li>\n<li>Gerekirse veritaban\u0131nda CDN URL\u2019lerini de <code>https:\/\/<\/code> ile g\u00fcncelleyin.<\/li>\n<\/ul>\n<h3><span id=\"2_Alan_adi_degisimi_HTTPS_gecisi_ayni_anda\">2) Alan ad\u0131 de\u011fi\u015fimi + HTTPS ge\u00e7i\u015fi ayn\u0131 anda<\/span><\/h3>\n<p>Yeni alan ad\u0131na ge\u00e7erken ayn\u0131 zamanda HTTPS\u2019e ge\u00e7mek yayg\u0131n ama riskli bir kombinasyon. Hem y\u00f6nlendirme hem de SSL taraf\u0131nda iki kat hata ihtimali ortaya \u00e7\u0131k\u0131yor. Bu s\u00fcre\u00e7te SEO kayb\u0131 ya\u015famamak i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/alan-adi-degistirirken-seo-kaybetmemek\/'>alan ad\u0131 de\u011fi\u015ftirirken SEO kaybetmeme rehberimizi<\/a> de mutlaka g\u00f6zden ge\u00e7irin.<\/p>\n<p>\u00d6zet kontrol listesi:<\/p>\n<ul>\n<li>Eski domain i\u00e7in de ge\u00e7erli bir SSL sertifikas\u0131 bulundurun (en az\u0131ndan ge\u00e7i\u015f s\u00fcrecinde).<\/li>\n<li>Eski domain\u2019in <strong>hem HTTP hem HTTPS<\/strong> isteklerini yeni domain\u2019in <strong>HTTPS kanonik adresine<\/strong> y\u00f6nlendirin.<\/li>\n<li>Mixed content\u2019i tetikleyebilecek eski domain referanslar\u0131n\u0131 temizleyin.<\/li>\n<\/ul>\n<h3><span id=\"3_Sertifika_guncellemeleri_hep_son_dakikaya_kaliyor\">3) Sertifika g\u00fcncellemeleri hep son dakikaya kal\u0131yor<\/span><\/h3>\n<p>Sertifika s\u00fcresi dolmadan birka\u00e7 g\u00fcn \u00f6nce gelen uyar\u0131 e-postalar\u0131 \u00e7o\u011fu zaman g\u00f6zden ka\u00e7\u0131yor. \u00d6zellikle manuel yenileme yap\u0131lan ortamlarda, son g\u00fcn fark edilen bir sertifika biti\u015fi, birka\u00e7 saatlik &#8220;Not Secure&#8221; d\u00f6nemine yol a\u00e7abiliyor. Bu durumu neden s\u0131k ya\u015fad\u0131\u011f\u0131m\u0131za ve operasyonel olarak nas\u0131l \u00f6nleyebilece\u011fimize dair detayl\u0131 bir analiz i\u00e7in <a href='https:\/\/www.dchost.com\/blog\/ssl-sertifika-guvenlik-guncellemeleri-neden-hep-son-dakikaya-kaliyor-ne-zaman-nasil-guncellemeli\/'>SSL sertifika g\u00fcvenlik g\u00fcncellemeleri yaz\u0131m\u0131za<\/a> bakabilirsiniz.<\/p>\n<h2><span id=\"Adim_adim_genel_cozum_rehberi\">Ad\u0131m ad\u0131m genel \u00e7\u00f6z\u00fcm rehberi<\/span><\/h2>\n<p>T\u00fcm anlatt\u0131klar\u0131m\u0131z\u0131 toparlayan pratik bir checklist ile bitirelim. Elinizde &#8220;Not Secure&#8221; veya mixed content uyar\u0131s\u0131 veren bir site olsun; DCHost taraf\u0131nda tipik ad\u0131m s\u0131ralamam\u0131z \u015f\u00f6yle:<\/p>\n<ol>\n<li><strong>Alan ad\u0131 ve DNS kontrol\u00fc:<\/strong> A\/AAAA kay\u0131tlar\u0131 do\u011fru sunucuyu g\u00f6steriyor mu? Yanl\u0131\u015f sunucuda eski bir sertifika kalm\u0131\u015f m\u0131?<\/li>\n<li><strong>Sertifika durumu:<\/strong>\n<ul>\n<li>Ge\u00e7erlilik s\u00fcresi kontrol\u00fc (bitmi\u015f mi, yak\u0131nda m\u0131 bitecek?),<\/li>\n<li>Alan ad\u0131 e\u015fle\u015fmesi (CN\/SAN alanlar\u0131),<\/li>\n<li>Fullchain \/ intermediate sertifikalar\u0131n y\u00fcklenip y\u00fcklenmedi\u011fi.<\/li>\n<\/ul>\n<\/li>\n<li><strong>HTTP \u2192 HTTPS y\u00f6nlendirmeleri:<\/strong>\n<ul>\n<li>Tek bir kanonik HTTPS adresine 301 ile y\u00f6nlendirme,<\/li>\n<li>www \/ non-www tercihini netle\u015ftirme.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Mixed content taramas\u0131:<\/strong>\n<ul>\n<li>Taray\u0131c\u0131 konsolundan HTTP kaynaklar\u0131 listeleme,<\/li>\n<li>CDN veya harici servis URL\u2019lerini g\u00f6zden ge\u00e7irme,<\/li>\n<li>Veritaban\u0131 ve tema\/plugin ayarlar\u0131nda HTTP referanslar\u0131n\u0131 d\u00fczeltme.<\/li>\n<\/ul>\n<\/li>\n<li><strong>G\u00fcvenlik ba\u015fl\u0131klar\u0131 ve protokol:<\/strong>\n<ul>\n<li>HSTS, X-Content-Type-Options, X-Frame-Options vb. ba\u015fl\u0131klar\u0131 ekleme,<\/li>\n<li>TLS s\u00fcr\u00fcmlerini ve \u015fifre tak\u0131mlar\u0131n\u0131 g\u00fcncel tutma.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Otomasyon ve izleme:<\/strong>\n<ul>\n<li>ACME\/otomatik yenileme s\u00fcre\u00e7lerini kurma ve test etme,<\/li>\n<li>Log ve izleme ara\u00e7lar\u0131yla sertifika yenileme hatalar\u0131n\u0131 takip etme.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2><span id=\"Sonuc_SSL_hatalarini_susturmak_degil_altyapiyi_kalici_olarak_saglama_almak\">Sonu\u00e7: SSL hatalar\u0131n\u0131 susturmak de\u011fil, altyap\u0131y\u0131 kal\u0131c\u0131 olarak sa\u011flama almak<\/span><\/h2>\n<p>SSL sertifika hatalar\u0131, taray\u0131c\u0131n\u0131n \u00f6n y\u00fcz\u00fcnde g\u00f6r\u00fcnen k\u00fc\u00e7\u00fck uyar\u0131lar gibi dursa da arka planda \u00e7o\u011fu zaman <strong>alan ad\u0131 stratejisi, DNS kurgusu, web sunucusu yap\u0131land\u0131rmas\u0131 ve uygulama mimarisi<\/strong> ile ilgili daha derin sorunlara i\u015faret eder. &#8220;Mixed Content&#8221; veya &#8220;Not Secure&#8221; mesajlar\u0131n\u0131 tek seferlik bir d\u00fczenlemeyle susturmak m\u00fcmk\u00fcn; ancak as\u0131l hedefiniz, projenizin ya\u015fam d\u00f6ng\u00fcs\u00fc boyunca bu tip hatalar\u0131n <strong>otomatik olarak \u00f6nlenmesi<\/strong> olmal\u0131.<\/p>\n<p>DCHost taraf\u0131nda, payla\u015f\u0131ml\u0131 hosting\u2019ten y\u00f6netilen VPS ve dedicated sunuculara kadar her seviyede, SSL ve TLS yap\u0131land\u0131rmas\u0131n\u0131 operasyonel s\u00fcre\u00e7lerinizin do\u011fal bir par\u00e7as\u0131 haline getirmenize yard\u0131mc\u0131 oluyoruz. \u0130ster yeni HTTPS\u2019e ge\u00e7iyor olun, ister karma\u015f\u0131k bir SaaS altyap\u0131s\u0131nda onlarca alan ad\u0131 ve wildcard sertifikay\u0131 y\u00f6netiyor olun; do\u011fru DNS, do\u011fru ACME ak\u0131\u015f\u0131 ve do\u011fru web sunucusu ayarlar\u0131yla bu s\u00fcreci <strong>\u00f6ng\u00f6r\u00fclebilir, tekrarlanabilir ve denetlenebilir<\/strong> k\u0131lmak m\u00fcmk\u00fcn.<\/p>\n<p>E\u011fer bug\u00fcn sitenizde taray\u0131c\u0131 uyar\u0131lar\u0131 g\u00f6r\u00fcyorsan\u0131z; yukar\u0131daki kontrol listesiyle ba\u015flay\u0131n, kritik noktalar\u0131 i\u015faretleyin ve gerekirse DCHost altyap\u0131s\u0131nda size uygun hosting, VPS veya dedicated sunucu \u00e7\u00f6z\u00fcmlerini de\u011ferlendirerek SSL taraf\u0131n\u0131 uzun vadeli bir plana oturtun. B\u00f6ylece hem kullan\u0131c\u0131lar\u0131n\u0131z hem de arama motorlar\u0131 i\u00e7in sitenizin ger\u00e7ekten &#8220;g\u00fcvenli&#8221; oldu\u011funu teknik olarak kan\u0131tlam\u0131\u015f olursunuz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>SSL sertifikan\u0131z y\u00fckl\u00fc, taray\u0131c\u0131da kilit simgesini g\u00f6rmeyi bekliyorsunuz ama kar\u015f\u0131n\u0131zda &#8220;Not Secure&#8221; yaz\u0131s\u0131, k\u0131rm\u0131z\u0131 uyar\u0131lar veya konsolda dolup ta\u015fan &#8220;Mixed Content&#8221; hatalar\u0131 var. \u00d6zellikle e-ticaret ya da kurumsal bir projeyi yay\u0131na al\u0131rken bu uyar\u0131lar, kullan\u0131c\u0131 g\u00fcvenini ve d\u00f6n\u00fc\u015f\u00fcm oranlar\u0131n\u0131 do\u011frudan vuruyor. \u0130\u015fin daha can s\u0131k\u0131c\u0131 taraf\u0131 ise, sorun \u00e7o\u011fu zaman yaln\u0131zca kod taraf\u0131nda de\u011fil; hosting [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2189,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-2188","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=2188"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2188\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/2189"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=2188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=2188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=2188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}