Can't access admin after enabling HTTPS
Posted: Sun May 27, 2018 1:35 am
I have SSL enabled in opencart settings and I can't access the admin interface because it constantly redirect back to the same login page.
I noticed this message in Chrome console
I have defined the complete address in the two config files like so
and admin config like so
I have also defined a redirect in htaccess to force all requests to be https://www.domain.com
This used to work fine on OC 2.0.3 but recently I have upgraded to OC 2.2 and now I'm facing the login problem. If I remove the htaccess redirect I can access the admin area but I loose the redirect functionality and non https or non www requests don't get redirected.
Any ideas how to solve this? I don't have any real logic but I'm thinking some setting must be wrong after the upgrade, otherwise why would it make requests to a non secure http address like Chrome is reporting if current config points to https.
On the login page the form action points to http and I can't seem to understand why:
Thanks!
I noticed this message in Chrome console
Code: Select all
Mixed Content: The page at 'https://www.domain.com/admin/index.php?route=common/login' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.domain.com/admin/index.php?route=common/login'. This endpoint should be made available over a secure connection.
Code: Select all
// HTTP
define('HTTP_SERVER', 'https://www.domain.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.domain.com/');
Code: Select all
// HTTP
define('HTTP_SERVER', 'https://www.domain.com/admin/');
define('HTTP_CATALOG', 'https://www.domain.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.domain.com/admin/');
define('HTTPS_CATALOG', 'https://www.domain.com/');
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.domain.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
Any ideas how to solve this? I don't have any real logic but I'm thinking some setting must be wrong after the upgrade, otherwise why would it make requests to a non secure http address like Chrome is reporting if current config points to https.
On the login page the form action points to http and I can't seem to understand why:
Code: Select all
<form action="http://www.domain.com/admin/index.php?route=common/login" method="post" enctype="multipart/form-data">
Thanks!