Two remaining images served via http are preventing me from moving to https. Help?

I inherited a Discourse forum from a previous team member. I’ve gone through and made a number of changes requested by my marketing department but there are two last images that I can’t find anywhere. I’ve spent several hours scouring the customization section and nothing.

<link rel="icon" type="image/png" href="…32x32.png">
<link rel="apple-touch-icon" type="image/png" href="…180x180.png">

Both link tags are being output immediately after the following line:

<meta name="generator" content="Discourse 2.4.1 - version ea7388014671cb3c103bcc9082df586de1b0edad">

How can I update these two images to https?

Can you confirm how you’re enabling https?

If you reupload the assets after enabling https then they will be corrected.

All of the branding assets are in Settings → Branding

The favicon (32x32) and Apple touch (180x180) are 7th and 8th down on the list. Perhaps deleting the existing and re-uploading new ones will set the correct url for them.


Also fixable by running the setup wizard again at /wizard@omarfilip is correct, basically just re-upload those images.


Could these urls automatically switch to https when we enable Force https?
I’ve encountered this issue on several clients’ installations. That’s not that annoying, but if it could be avoided by a single line of code somewhere, that would be nice nontheless.

1 Like

This is one of the reasons we changed discourse-setup to default to HTTPS. Making it optional meant most people skipped it and had to backtrack to it afterwards.


Hey everyone, thanks for all the replies.

I went ahead and enabled force_https, reuploaded the image and they’re now loading via https, thanks!

Feedback from a first time admin user of the forums:

Asking someone to run through a setup wizard to fix an image reference feels like bad UX. I was nervous the whole time that I’d change one of the existing settings accidentally. Better to just have granular controls for that (which you do). I wound up using those instead.

Also, I’m curious why I had to reupload the images to begin with. Why aren’t you just storing a file reference and outputting the protocol based on the settings for force_https? That might actually be what you’re doing because I changed the force_https setting AND reuploaded the images before testing.

Regardless, you guys jumped on this question quick and I really appreciate it. Stay safe everyone.


Hey @amatthews, it is actually supposed to work as you thought here :

Once you enable force_https, all discourse assets are loaded over https.

Running wizard to change/reupload images isn’t necessary either. Those can be done through admin.


That definitely wasn’t the case in the past, we got this question reasonably regularly, prior to the change above that @falco referred to. Running a quick search the frequency we get asked this fell off a cliff with the introduction of that PR.

The gross majority of installations will work with Let’s Encrypt out of the box, it’s only when people do squirrelly things with reverse proxies or network rules that it falls over.