Psytanium Posted February 1, 2017 Share Posted February 1, 2017 Hi, I have a SSL installed on the domain name, now I configured the 2 configure.php files to https and SSL is set to True. When I open the website "domainname.com" nothing changed, it must redirect to https://domainname.com, and if I type it by myself, the website open like its missing the CCS files, same thing with the backend. Any ideas ? Thanks Link to comment Share on other sites More sharing options...
MrPhil Posted February 1, 2017 Share Posted February 1, 2017 The most obvious question to come to mind: what exactly is the domain specified on your SSL certificate? Is it domain.com, www.domain.com, or did you spring for wildcard capability? Does your .htaccess redirect to the wrong one (whether adding/removing www., or forcing https: )? Everything's got to match up. Link to comment Share on other sites More sharing options...
sara75 Posted February 2, 2017 Share Posted February 2, 2017 to redirect http to https add on top of your .htaccess RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] than check configure.php define('HTTP_SERVER', 'https://www.website.com'); define('HTTPS_SERVER', 'https://www.website.com'); define('ENABLE_SSL', true); in some case you have to change also define('DIR_FS_CATALOG', '/home/usr/domains/website.com/public_html/'); to define('DIR_FS_CATALOG', '/home/usr/domains/website.com/private_html/'); or make a redirection server side from private_html to public_html Link to comment Share on other sites More sharing options...
♥14steve14 Posted February 2, 2017 Share Posted February 2, 2017 I would first check that the ssl certificate is installed properly. Many checkers can be found by a quick search on google. You dont mention whether you are trying to get the whole site to work on https or just the standard secure pages. If just the standard secure pages then you need to change define('ENABLE_SSL', false); to define('ENABLE_SSL', true); in your includes/configure.php file. Then go to your web browser and clear the cache, then try opening a page that needs to be secure, like the create account page. It should just open as https. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
Psytanium Posted February 4, 2017 Author Share Posted February 4, 2017 @@MrPhil My SSL is verified by cPanel and support 3 domains, mail.domain.com, domain.com and www.domain.com As @@sara75 suggest, I added to .htaccess RewriteEngine OnRewriteCond %{HTTPS} offRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Now my problem is while the website is loading, the green lock appear for few seconds, but when the website fully load, a warning message on on the lock appear, as in the attached photo. is it related to define('HTTP_COOKIE_DOMAIN', '');define('HTTPS_COOKIE_DOMAIN', '');define('HTTP_COOKIE_PATH', '');define('HTTPS_COOKIE_PATH', ''); ? Thanks Link to comment Share on other sites More sharing options...
ecommunlimited Posted February 4, 2017 Share Posted February 4, 2017 @@Psytanium If you look at the page source of your index.php you'll see you are not implementing SSL correctly. Almost all of the protocols are http and not https. See below and, there are many more than these. <meta property="og:url" content="http://your-domain.net/"> <meta property="og:image" content="http://your-domain.net/images/"/> http://your-domain.net/livezilla/server.php<img src="http://your-domain.net/livezilla/server.phpsrc="http://your-domain.net/livezilla/image.phphttp://your-domain.net/create_account.phphttp://your-domain.net/login.phphttp://www.your-domain.net/shopping_cart.phphttp://your-domain.net/index.php/computer-parts-chttp://your-domain.net/index.php/computer-parts-chassis-case-c Link to comment Share on other sites More sharing options...
Psytanium Posted February 4, 2017 Author Share Posted February 4, 2017 @@ecommunlimited thanks for looking into the issue, you have some ideas to fix it ? Link to comment Share on other sites More sharing options...
Antena Posted February 4, 2017 Share Posted February 4, 2017 @@ecommunlimited thanks for looking into the issue, you have some ideas to fix it ? Look you site using google chorme and do the command:" ctrl +Shit + i" and you will see some links inside os of code with http. You musta change to https otherwise google will continue giving the warn. I know for myself experience. your livezilla is linked as http. Same occour to google maps. After change it change in "includes/configuration.php" // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.domain.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.domain.com'); define('HTTPS_COOKIE_DOMAIN', 'www.domain.com'); After it changed admin /includes/configuration.php to : // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.domain.com'); define('HTTPS_CATALOG_SERVER', 'https://www.domain.com'); define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module Change inside of the store admin painel go to Configuration ->> Sessions: and change to theses values: Force Cookie Use True Check SSL Session ID True Check User Agent True Check IP Address True Prevent Spider Sessions True Recreate Session True Change.htaccess: RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header unset X-Powered-By Header unset Server Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$"> Header unset X-XSS-Protection </FilesMatch> </ifModule> Link to comment Share on other sites More sharing options...
Psytanium Posted February 4, 2017 Author Share Posted February 4, 2017 @@Antena i don't know how i can thank you. almost every thing you mentioned was missing. now all is fine :) Link to comment Share on other sites More sharing options...
ecommunlimited Posted February 4, 2017 Share Posted February 4, 2017 @@Psytanium I checked your site again and all seems to be correct now. Only one thing is noticeable, the www.your-domain.com does not redirect to your-domain.com. Since it doesn't, that tells Google and the other search engines that, you have two websites with the exact same content. You'll get penalized for that if you don't make a change. In your root .htaccess file add this: RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [QSA,NC,L] After you do that, when you type in https://www.your-domain.com it will redirect to https://your-domain.com. Your SSL shows your domain name without the www so, if you haven't already, you should set your preferred domain with Google. If you have a Google Webmaster account, login to your Search Console and click the gear icon in the upper right corner. Then select Site Settings. When it opens up, in the Preferred domain section, tick the box for Display URLs as your-domain.com. Take care Bill Link to comment Share on other sites More sharing options...
Antena Posted February 4, 2017 Share Posted February 4, 2017 @@Antena i don't know how i can thank you. almost every thing you mentioned was missing. now all is fine :) You are welcome. Had same problem two days ago. :) Link to comment Share on other sites More sharing options...
Antena Posted February 4, 2017 Share Posted February 4, 2017 @@Psytanium I checked your site again and all seems to be correct now. Only one thing is noticeable, the www.your-domain.com does not redirect to your-domain.com. Since it doesn't, that tells Google and the other search engines that, you have two websites with the exact same content. You'll get penalized for that if you don't make a change. In your root .htaccess file add this: RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [QSA,NC,L] After you do that, when you type in https://www.your-domain.com it will redirect to https://your-domain.com. Your SSL shows your domain name without the www so, if you haven't already, you should set your preferred domain with Google. If you have a Google Webmaster account, login to your Search Console and click the gear icon in the upper right corner. Then select Site Settings. When it opens up, in the Preferred domain section, tick the box for Display URLs as your-domain.com. Take care Bill @@ecommunlimited I wanna redirect mine to only www. How do it? My actual htaccess RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header unset X-Powered-By Header unset Server Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$"> Header unset X-XSS-Protection </FilesMatch> </ifModule> Link to comment Share on other sites More sharing options...
Psytanium Posted February 4, 2017 Author Share Posted February 4, 2017 @@ecommunlimited Thanks again for looking very well into my situation. I did as your advise, very appreciated Link to comment Share on other sites More sharing options...
ecommunlimited Posted February 5, 2017 Share Posted February 5, 2017 @@Antena The first condition and rule will make http:// redirect to https://www. RewriteEngine OnRewriteCond %{HTTPS} offRewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L] This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com. If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com, it will redirect to https://www.your-domain-name.com. RewriteEngine OnRewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC]RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L] Take care Bill Link to comment Share on other sites More sharing options...
♥John W Posted February 6, 2017 Share Posted February 6, 2017 Did you get this fixed, or are you still having problems? I'm not really a dog. Link to comment Share on other sites More sharing options...
Antena Posted February 6, 2017 Share Posted February 6, 2017 @@Antena The first condition and rule will make http:// redirect to https://www. RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L] This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com. If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com, it will redirect to https://www.your-domain-name.com. RewriteEngine On RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC] RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L] Take care Bill Thank you very much! Link to comment Share on other sites More sharing options...
♥14steve14 Posted February 6, 2017 Share Posted February 6, 2017 I did something similar in my htaccess file when turning on https site wide and it seems to work. RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L] REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
MrPhil Posted February 7, 2017 Share Posted February 7, 2017 Remember that %{HTTP_HOST} is the domain that the visitor typed in to their browser, not necessarily your desired format (with or without www). It's best to explicitly give the desired domain in the rewrite rule, rather than using %{HTTP_HOST}. Also, the sooner you give the desired protocol (http or https) and domain name, the fewer 301 redirects you'll have to do later, which makes search engines happier. Link to comment Share on other sites More sharing options...
Antena Posted February 20, 2017 Share Posted February 20, 2017 @@Antena The first condition and rule will make http:// redirect to https://www. RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L] This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com. If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com, it will redirect to https://www.your-domain-name.com. RewriteEngine On RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC] RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L] Take care Bill @@ecommunlimited Can you tell me how change it to redirect everything to https:// without www when the site is hosted in another folder, like "domain.com/store" Link to comment Share on other sites More sharing options...
Omar_one Posted February 20, 2017 Share Posted February 20, 2017 @@Antena ecommunlimited passed away on Feb 5th.. RIP ecommunlimited Get the latest Responsive osCommerce CE (community edition) here . Link to comment Share on other sites More sharing options...
Antena Posted February 20, 2017 Share Posted February 20, 2017 @@Antena ecommunlimited passed away on Feb 5th.. RIP ecommunlimited Oh god. Sorry. RIP ecommunlimited ! Link to comment Share on other sites More sharing options...
Omar_one Posted February 20, 2017 Share Posted February 20, 2017 @@Antena try this RewriteEngine on RewriteCond %{HTTP_HOST} ^(.*)\.domain\.com RewriteRule ^(.*)$ https://domain.com/subdomains/%1/$1 [R=301,L,NC,QSA] BR Omar Get the latest Responsive osCommerce CE (community edition) here . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.