Jump to content

Archived

This topic is now archived and is closed to further replies.

Psytanium

Can't turn on SSL

Recommended Posts

Hi, I have a SSL installed on the domain name, now I configured the 2 configure.php files to https and SSL is set to True.

 

When I open the website "domainname.com" nothing changed, it must redirect to https://domainname.com, and if I type it by myself, the website open like its missing the CCS files, same thing with the backend.

 

Any ideas ? Thanks

Share this post


Link to post
Share on other sites

The most obvious question to come to mind: what exactly is the domain specified on your SSL certificate? Is it domain.com, www.domain.com, or did you spring for wildcard capability? Does your .htaccess redirect to the wrong one (whether adding/removing www., or forcing https: )? Everything's got to match up.

Share this post


Link to post
Share on other sites

to redirect http to https add on top of your .htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

than check configure.php 

  define('HTTP_SERVER', 'https://www.website.com');
  define('HTTPS_SERVER', 'https://www.website.com');
  define('ENABLE_SSL', true);

in some case you have to change also 

  define('DIR_FS_CATALOG', '/home/usr/domains/website.com/public_html/');

to 

  define('DIR_FS_CATALOG', '/home/usr/domains/website.com/private_html/');

or make a redirection server side from private_html to public_html

Share this post


Link to post
Share on other sites

I would first check that the ssl certificate is installed properly. Many checkers can be found by a quick search on google.

 

You dont mention whether you are trying to get the whole site to work on https or just the standard secure pages.

 

If just the standard secure pages then you need to change

 

define('ENABLE_SSL', false);

 

to

 

define('ENABLE_SSL', true);

 

in your includes/configure.php file.

 

Then go to your web browser and clear the cache, then try opening a page that needs to be secure, like the create account page. It should just open as https.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

@@MrPhil My SSL is verified by cPanel and support 3 domains, mail.domain.com, domain.com and www.domain.com

 

As @@sara75 suggest, I added to .htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 

Now my problem is while the website is loading, the green lock appear for few seconds, but when the website fully load, a warning message on on the lock appear, as in the attached photo.

 

is it related to

 

define('HTTP_COOKIE_DOMAIN', '');
define('HTTPS_COOKIE_DOMAIN', '');
define('HTTP_COOKIE_PATH', '');
define('HTTPS_COOKIE_PATH', '');

 

?

 

Thanks

post-244988-0-84219700-1486218385_thumb.jpg

Share this post


Link to post
Share on other sites

@@Psytanium

 

If you look at the page source of your index.php you'll see you are not implementing SSL correctly. Almost all of the protocols are http and not https. See below and, there are many more than these.

 

<meta property="og:url" content="http://your-domain.net/">
<meta property="og:image" content="http://your-domain.net/images/"/>

http://your-domain.net/livezilla/server.php
<img src="http://your-domain.net/livezilla/server.php
src="http://your-domain.net/livezilla/image.php

http://your-domain.net/create_account.php
http://your-domain.net/login.php
http://www.your-domain.net/shopping_cart.php
http://your-domain.net/index.php/computer-parts-c
http://your-domain.net/index.php/computer-parts-chassis-case-c

Share this post


Link to post
Share on other sites

@@ecommunlimited thanks for looking into the issue, you have some ideas to fix it ?

 

Look you site using google chorme and do the command:" ctrl +Shit + i" and you will see some links inside os of code with http. You musta change to https otherwise google will continue giving the warn.

I know for myself experience.

 

your livezilla is linked as http. Same occour to google maps.

 

After change it change  in "includes/configuration.php"

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www.domain.com'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.domain.com');
  define('HTTPS_COOKIE_DOMAIN', 'www.domain.com');

After it changed admin /includes/configuration.php to :

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.domain.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.domain.com');
  define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module

Change inside of the store admin painel go to Configuration ->> Sessions: and change to theses values:

 
Force Cookie Use	True	
Check SSL Session ID	True	
Check User Agent	True	
Check IP Address	True	
Prevent Spider Sessions	True	
Recreate Session	True	

Change.htaccess:

 
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header unset X-Powered-By
Header unset Server
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
    Header unset X-XSS-Protection
</FilesMatch>
</ifModule>

Share this post


Link to post
Share on other sites

@@Psytanium

 

I checked your site again and all seems to be correct now. Only one thing is noticeable, the www.your-domain.com does not redirect to your-domain.com. Since it doesn't, that tells Google and the other search engines that, you have two websites with the exact same content. You'll get penalized for that if you don't make a change.

 

In your root .htaccess file add this:

 

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [QSA,NC,L]

 

After you do that, when you type in https://www.your-domain.com it will redirect to https://your-domain.com.

 

Your SSL shows your domain name without the www so, if you haven't already, you should set your preferred domain with Google. If you have a Google Webmaster account, login to your Search Console and click the gear icon in the upper right corner. Then select Site Settings. When it opens up, in the Preferred domain section, tick the box for Display URLs as your-domain.com.
 

Take care

Bill

Share this post


Link to post
Share on other sites

@@Antena i don't know how i can thank you. almost every thing you mentioned was missing. now all is fine :)

 

You are welcome. Had same problem two days ago.  :)

Share this post


Link to post
Share on other sites

@@Psytanium

 

I checked your site again and all seems to be correct now. Only one thing is noticeable, the www.your-domain.com does not redirect to your-domain.com. Since it doesn't, that tells Google and the other search engines that, you have two websites with the exact same content. You'll get penalized for that if you don't make a change.

 

In your root .htaccess file add this:

 

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]

RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [QSA,NC,L]

 

After you do that, when you type in https://www.your-domain.com it will redirect to https://your-domain.com.

 

Your SSL shows your domain name without the www so, if you haven't already, you should set your preferred domain with Google. If you have a Google Webmaster account, login to your Search Console and click the gear icon in the upper right corner. Then select Site Settings. When it opens up, in the Preferred domain section, tick the box for Display URLs as your-domain.com.

 

Take care

Bill

 

@@ecommunlimited I wanna redirect mine to only www. How do it?  My actual htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header unset X-Powered-By
Header unset Server
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
    Header unset X-XSS-Protection
</FilesMatch>
</ifModule>

Share this post


Link to post
Share on other sites

@@Antena

 

 

The first condition and rule will make http:// redirect to https://www.

 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L]

 

This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com.

If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com,

it will redirect to https://www.your-domain-name.com.

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC]
RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L]

 

Take care

Bill

Share this post


Link to post
Share on other sites

@@Antena

 

 

The first condition and rule will make http:// redirect to https://www.

 

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L]

 

This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com.

If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com,

it will redirect to https://www.your-domain-name.com.

RewriteEngine On

RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC]

RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L]

 

Take care

Bill

Thank you very much!

Share this post


Link to post
Share on other sites

I did something similar in my htaccess file when turning on https site wide and it seems to work.

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

Remember that %{HTTP_HOST} is the domain that the visitor typed in to their browser, not necessarily your desired format (with or without www). It's best to explicitly give the desired domain in the rewrite rule, rather than using %{HTTP_HOST}. Also, the sooner you give the desired protocol (http or https) and domain name, the fewer 301 redirects you'll have to do later, which makes search engines happier.

Share this post


Link to post
Share on other sites

@@Antena

 

 

The first condition and rule will make http:// redirect to https://www.

 

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L]

 

This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com.

If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com,

it will redirect to https://www.your-domain-name.com.

RewriteEngine On

RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC]

RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L]

 

Take care

Bill

@@ecommunlimited

 

Can you tell me how change it to redirect everything to https:// without www when the site is hosted in another folder, like

"domain.com/store"

Share this post


Link to post
Share on other sites

×