Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Can't turn on SSL


Psytanium

Recommended Posts

Hi, I have a SSL installed on the domain name, now I configured the 2 configure.php files to https and SSL is set to True.

 

When I open the website "domainname.com" nothing changed, it must redirect to https://domainname.com, and if I type it by myself, the website open like its missing the CCS files, same thing with the backend.

 

Any ideas ? Thanks

Link to comment
Share on other sites

The most obvious question to come to mind: what exactly is the domain specified on your SSL certificate? Is it domain.com, www.domain.com, or did you spring for wildcard capability? Does your .htaccess redirect to the wrong one (whether adding/removing www., or forcing https: )? Everything's got to match up.

Link to comment
Share on other sites

to redirect http to https add on top of your .htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

than check configure.php 

  define('HTTP_SERVER', 'https://www.website.com');
  define('HTTPS_SERVER', 'https://www.website.com');
  define('ENABLE_SSL', true);

in some case you have to change also 

  define('DIR_FS_CATALOG', '/home/usr/domains/website.com/public_html/');

to 

  define('DIR_FS_CATALOG', '/home/usr/domains/website.com/private_html/');

or make a redirection server side from private_html to public_html

Link to comment
Share on other sites

I would first check that the ssl certificate is installed properly. Many checkers can be found by a quick search on google.

 

You dont mention whether you are trying to get the whole site to work on https or just the standard secure pages.

 

If just the standard secure pages then you need to change

 

define('ENABLE_SSL', false);

 

to

 

define('ENABLE_SSL', true);

 

in your includes/configure.php file.

 

Then go to your web browser and clear the cache, then try opening a page that needs to be secure, like the create account page. It should just open as https.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

@@MrPhil My SSL is verified by cPanel and support 3 domains, mail.domain.com, domain.com and www.domain.com

 

As @@sara75 suggest, I added to .htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 

Now my problem is while the website is loading, the green lock appear for few seconds, but when the website fully load, a warning message on on the lock appear, as in the attached photo.

 

is it related to

 

define('HTTP_COOKIE_DOMAIN', '');
define('HTTPS_COOKIE_DOMAIN', '');
define('HTTP_COOKIE_PATH', '');
define('HTTPS_COOKIE_PATH', '');

 

?

 

Thanks

post-244988-0-84219700-1486218385_thumb.jpg

Link to comment
Share on other sites

@@Psytanium

 

If you look at the page source of your index.php you'll see you are not implementing SSL correctly. Almost all of the protocols are http and not https. See below and, there are many more than these.

 

<meta property="og:url" content="http://your-domain.net/">
<meta property="og:image" content="http://your-domain.net/images/"/>

http://your-domain.net/livezilla/server.php
<img src="http://your-domain.net/livezilla/server.php
src="http://your-domain.net/livezilla/image.php

http://your-domain.net/create_account.php
http://your-domain.net/login.php
http://www.your-domain.net/shopping_cart.php
http://your-domain.net/index.php/computer-parts-c
http://your-domain.net/index.php/computer-parts-chassis-case-c

Link to comment
Share on other sites

@@ecommunlimited thanks for looking into the issue, you have some ideas to fix it ?

 

Look you site using google chorme and do the command:" ctrl +Shit + i" and you will see some links inside os of code with http. You musta change to https otherwise google will continue giving the warn.

I know for myself experience.

 

your livezilla is linked as http. Same occour to google maps.

 

After change it change  in "includes/configuration.php"

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', 'https://www.domain.com'); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', true); // secure webserver for checkout procedure?
  define('HTTP_COOKIE_DOMAIN', 'www.domain.com');
  define('HTTPS_COOKIE_DOMAIN', 'www.domain.com');

After it changed admin /includes/configuration.php to :

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'https://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.domain.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.domain.com');
  define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module

Change inside of the store admin painel go to Configuration ->> Sessions: and change to theses values:

 
Force Cookie Use	True	
Check SSL Session ID	True	
Check User Agent	True	
Check IP Address	True	
Prevent Spider Sessions	True	
Recreate Session	True	

Change.htaccess:

 
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header unset X-Powered-By
Header unset Server
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
    Header unset X-XSS-Protection
</FilesMatch>
</ifModule>

Link to comment
Share on other sites

@@Psytanium

 

I checked your site again and all seems to be correct now. Only one thing is noticeable, the www.your-domain.com does not redirect to your-domain.com. Since it doesn't, that tells Google and the other search engines that, you have two websites with the exact same content. You'll get penalized for that if you don't make a change.

 

In your root .htaccess file add this:

 

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [QSA,NC,L]

 

After you do that, when you type in https://www.your-domain.com it will redirect to https://your-domain.com.

 

Your SSL shows your domain name without the www so, if you haven't already, you should set your preferred domain with Google. If you have a Google Webmaster account, login to your Search Console and click the gear icon in the upper right corner. Then select Site Settings. When it opens up, in the Preferred domain section, tick the box for Display URLs as your-domain.com.
 

Take care

Bill

Link to comment
Share on other sites

@@Psytanium

 

I checked your site again and all seems to be correct now. Only one thing is noticeable, the www.your-domain.com does not redirect to your-domain.com. Since it doesn't, that tells Google and the other search engines that, you have two websites with the exact same content. You'll get penalized for that if you don't make a change.

 

In your root .htaccess file add this:

 

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]

RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [QSA,NC,L]

 

After you do that, when you type in https://www.your-domain.com it will redirect to https://your-domain.com.

 

Your SSL shows your domain name without the www so, if you haven't already, you should set your preferred domain with Google. If you have a Google Webmaster account, login to your Search Console and click the gear icon in the upper right corner. Then select Site Settings. When it opens up, in the Preferred domain section, tick the box for Display URLs as your-domain.com.

 

Take care

Bill

 

@@ecommunlimited I wanna redirect mine to only www. How do it?  My actual htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header unset X-Powered-By
Header unset Server
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
    Header unset X-XSS-Protection
</FilesMatch>
</ifModule>
Link to comment
Share on other sites

@@Antena

 

 

The first condition and rule will make http:// redirect to https://www.

 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L]

 

This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com.

If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com,

it will redirect to https://www.your-domain-name.com.

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC]
RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L]

 

Take care

Bill

Link to comment
Share on other sites

@@Antena

 

 

The first condition and rule will make http:// redirect to https://www.

 

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L]

 

This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com.

If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com,

it will redirect to https://www.your-domain-name.com.

RewriteEngine On

RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC]

RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L]

 

Take care

Bill

Thank you very much!

Link to comment
Share on other sites

I did something similar in my htaccess file when turning on https site wide and it seems to work.

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

Remember that %{HTTP_HOST} is the domain that the visitor typed in to their browser, not necessarily your desired format (with or without www). It's best to explicitly give the desired domain in the rewrite rule, rather than using %{HTTP_HOST}. Also, the sooner you give the desired protocol (http or https) and domain name, the fewer 301 redirects you'll have to do later, which makes search engines happier.

Link to comment
Share on other sites

  • 2 weeks later...

@@Antena

 

 

The first condition and rule will make http:// redirect to https://www.

 

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule ^(.*)$ https://www.your-domain-name.com/$1[R=301,L]

 

This second one will make any request (http, https, www or non-www) redirect to https://www.your-domain-name.com.

If a customer can't remember if you site is http, https, www or non-www and they just type in your-domain-name.com,

it will redirect to https://www.your-domain-name.com.

RewriteEngine On

RewriteCond %{HTTP_HOST} !^www.your-domain-name.com$ [NC]

RewriteRule ^(.*)$ https://www.your-domain-name.com$1[R=301,L]

 

Take care

Bill

@@ecommunlimited

 

Can you tell me how change it to redirect everything to https:// without www when the site is hosted in another folder, like

"domain.com/store"

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...