Post by jackiemj » Thu Jun 14, 2018 6:06 am

Hi there

I have a valid SSL Certificate for my website but the padlock on the address bar is not showing up to show it's a secure site, the only time it shows up is when checkout is used.

I would obviously like my website to show as being secure for customers peace of mind.
I was told by my web host that I could make my site secure with an Opencart plug in or secure it via my htaccess file.

Could someone give me advice on this please?
Thank you
Jackie

Active Member

Posts

Joined
Sat Nov 26, 2011 11:11 pm

Post by IP_CAM » Thu Jun 14, 2018 9:12 am

Well, Google indexes uncounted amounts of Links on this already: ;)
https://www.google.com/search?q=%22SSL+in+opencart
https://www.google.com/search?q=%22https+in+opencart
---
And here, you will find some extensions for this too:
https://www.opencart.com/index.php?rout ... search=SSL
https://www.opencart.com/index.php?rout ... load_id=44
---
And if you don't have much knowledge on such, one of the DEV's would probably
assist you on this, for the equivalent of a Steak and a Beer! ::)
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by jackiemj » Thu Jun 14, 2018 5:44 pm

Thank you Ernie
I shall check out the links and see what I can do....if no luck, then it's steak and beer 😊

Active Member

Posts

Joined
Sat Nov 26, 2011 11:11 pm

Post by jackiemj » Thu Jun 14, 2018 11:15 pm

IP_CAM wrote:
Thu Jun 14, 2018 9:12 am
Well, Google indexes uncounted amounts of Links on this already: ;)
https://www.google.com/search?q=%22SSL+in+opencart
https://www.google.com/search?q=%22https+in+opencart
---
And here, you will find some extensions for this too:
https://www.opencart.com/index.php?rout ... search=SSL
https://www.opencart.com/index.php?rout ... load_id=44
---
And if you don't have much knowledge on such, one of the DEV's would probably
assist you on this, for the equivalent of a Steak and a Beer! ::)
Ernie
Hi Ernie
I did all that you mentioned and it looks like all my pages are now starting with Https which is what I wanted. The only thing that isn't showing up in the padlock sign on the address bar. Do you know why this wouldn't show up??

Thanks
Jackie

Active Member

Posts

Joined
Sat Nov 26, 2011 11:11 pm

Post by EvolveWebHosting » Fri Jun 15, 2018 12:32 am

Without knowing your domain to take a closer look, I would suggest using the site whynopadlock.com to identify why certain pages aren't secure. My guess is that you have items such as images and/or javascript / css files that aren't being loaded securely.

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by jackiemj » Fri Jun 15, 2018 2:18 am

Thanks for your reply.

After posting here, I did find the "whynopadlock" website and checked my site. Errors came up about the font in my css and unsecure image urls. These are the errors

Hard Failure A file with an insecure url of "http://fonts.googleapis.com/css?family=Lobster+Two" was loaded on line: 23 of https://www.little-you.co.uk/.
This URL will need to be updated to use a secure URL for your padlock to return.

Soft Failure An image with an insecure url of "http://www.little-you.co.uk/image/catal ... 0LOGO4.png" was loaded on line: 146 of https://www.little-you.co.uk/.
This URL will need to be updated to use a secure URL for your padlock to return.

Soft Failure An image with an insecure url of "http://www.little-you.co.uk/catalog/vie ... HighSt.jpg" was loaded on line: 801 of https://www.little-you.co.uk/.
This URL will need to be updated to use a secure URL for your padlock to return.

Protocols You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

Active Member

Posts

Joined
Sat Nov 26, 2011 11:11 pm

Post by EvolveWebHosting » Fri Jun 15, 2018 10:29 pm

Based on that information, you need to have a few things done:

1) Contact your hosting company to disable TLSv1.1 and make sure TLSv1.2 is enabled
2) Manually correct any links in your header.tpl and footer.tpl files to change any instances of http:// to https://
3) In your config.php and admin/config.php files, do you have the 's' added in both the HTTP and HTTPS sections?

If you want to contact us directly, you can get in touch through our contact form here: https://www.evolvewebhost.com/contact-us.php

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by jackiemj » Fri Jun 15, 2018 11:31 pm

EvolveWebHosting wrote:
Fri Jun 15, 2018 10:29 pm
Based on that information, you need to have a few things done:

1) Contact your hosting company to disable TLSv1.1 and make sure TLSv1.2 is enabled
2) Manually correct any links in your header.tpl and footer.tpl files to change any instances of http:// to https://
3) In your config.php and admin/config.php files, do you have the 's' added in both the HTTP and HTTPS sections?

If you want to contact us directly, you can get in touch through our contact form here: https://www.evolvewebhost.com/contact-us.php
Hi there
Thank you for your advice and help.
I had done all that you suggested and I am still getting errors, so there must be insecure parts of my site, which could be anywhere, so I shall download an extension which will hopefully help.

Thanks again
Jackie

Active Member

Posts

Joined
Sat Nov 26, 2011 11:11 pm

Post by EvolveWebHosting » Sat Jun 16, 2018 12:21 am

Hi,
I don't think you need to purchase an extension for this.

If you open up catalog/view/theme/your_theme/template/common/header.tpl, you'll find the following links that need to be changed to https
<link href='http://fonts.googleapis.com/css?family=Lobster+Two' rel='stylesheet' type='text/css'>
<a href="https://www.little-you.co.uk/index.php? ... home"><img src="http://www.little-you.co.uk/image/catalog/Home slidewhow banners/NEW LOGO4.png" width="500" height="200" title="Personalised Gifts - www.little-you.co.uk" alt="Personalised Gifts - www.little-you.co.uk" class="img-responsive"/></a>

In catalog/view/theme/your_theme/template/common/footer.tpl, change the following to https:
<div class="column-contacts footer-menu-mobile"><h5><a href="http://www.little-you.co.uk/index.php?r ... t">Contact Us</a></h5></div>
<img src="http://www.little-you.co.uk/catalog/vie ... "></a></li>

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by jackiemj » Sat Jun 16, 2018 12:33 am

Hi there
I've changed all of the http to https in my header.tpl and Footer.tpl and still nothing has changed.
I have since purchased an extension that changes all the unsecure links and my site is now HTTPS all through, but I'm still without the padlock and getting the same errors on the "whynopadlock.com" website.
So I'm not happy and have sent a message to the support of the Extension Developer and will see what happens.

Active Member

Posts

Joined
Sat Nov 26, 2011 11:11 pm

Post by MrPhil » Sat Jun 16, 2018 1:55 am

Have you looked at the HTML page (browser Ctrl+U) for any explicit http: entries? If you find any, you need to track down their source (in .php, .tpl, etc. files) and fix them. It's possible that there are one or more places inside .js or .css files that have hard coded http: entries lurking there. It can be difficult to find non-SSL entries that are causing "mixed content" problems, but you just have to keep plugging at it. If you're pulling in external .js, .css, etc. that contain http:, you might have to look into an upgrade to a later version of those files.

And of course, there's always the stupid facepalm mistake of not clearing your browser cache or otherwise forcing a fresh reload of a page (often Ctrl+F5) so you aren't using old cached code or files. If your server or ISP is doing caching, you may just have to wait them out.

User avatar
Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm

Post by jackiemj » Sat Jun 16, 2018 3:25 am

Hi Phil

Thank you for your reply and explanation.
Since then, it's been sorted out by the developer of the extension that I got.
The cache problem was mentioned in sorting it out too, although I'm not 100% sure if that was the reason, I shall find out :)

Thank you again
Jackie

Active Member

Posts

Joined
Sat Nov 26, 2011 11:11 pm

Post by EvolveWebHosting » Sun Jun 17, 2018 2:02 am

I should have mentioned that you needed to clear your OC Cache and browser cache after making the changes. I doubt the developer would refund you but you could try turning off that extensions clear the browser cache and OC Cache and I think you'd find that the manual corrections you made to the links mentioned did actually work.

Either way, I'm glad you've got your site running over https now.

If you need anything hosting / domain and/or SSL related in the future, check us out and get in touch at https://www.evolvewebhost.com !

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by IP_CAM » Sun Jun 17, 2018 2:59 am

Well, if I would use from OC-2 up, I would make sure, to find a useful
Exttension, enabling me, to remove ALL cached content with a click of one
single button. But since I don't, I am not able to test both of those, linked below.
Or even two buttons could be accepted, if they would exist on the same page... 8)
And the image below just misses VqMod, to then probably match all my needs ... ;)
Ernie
---
opencart_storage_cleaner
https://github.com/p0v1n0m/
---
opencart-cache-module
https://github.com/ankursinghagra
---
Image

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 147 guests