I'm getting pretty frustrated. I have my SSL Certificate, and verified it with whynopadlock.com. I am running v.2.1.0.1. I have changed the config files by adding the "s" to the "https" in both config files. I left the http lines as they were. (maybe the http lines need to be changed, or removed?)
I went to the admin area, and under the server tab turned on the Use SSL. When I click on the SAVE button, the screen refreshes and I get some page that isn't mine. I have to log back in to the admin area - when I go back to the settings/server tab, I see that the Use SSL is back to No. I have tried this several times now.
I don't know what to do with the encryption key. Do I make something up, or leave it as it is with several lines of letters and numbers?
I also changed the file htaccess.txt to .htaccess . I'm not sure if I have to change anything in that file.
Now, when I go to http://www.wevegotcomics.com, the site comes up fine, but no lock showing for the SSL. When I type in https://www.wevegotcomics.com, I get an error stating that there is a problem with this website's security certificate.
What have I missed? I need some help!
Thanks,
-Wes-
I went to the admin area, and under the server tab turned on the Use SSL. When I click on the SAVE button, the screen refreshes and I get some page that isn't mine. I have to log back in to the admin area - when I go back to the settings/server tab, I see that the Use SSL is back to No. I have tried this several times now.
I don't know what to do with the encryption key. Do I make something up, or leave it as it is with several lines of letters and numbers?
I also changed the file htaccess.txt to .htaccess . I'm not sure if I have to change anything in that file.
Now, when I go to http://www.wevegotcomics.com, the site comes up fine, but no lock showing for the SSL. When I type in https://www.wevegotcomics.com, I get an error stating that there is a problem with this website's security certificate.
What have I missed? I need some help!
Thanks,
-Wes-
You may have to turn http into https in htaccess.
htaccess will open in a php or other language editor.
In admin > system > settings before you click the blue edit button where it says store name and store url, is it https or http?
When I added SSL I received a very long (maybe 20 lines) encryption key that my host provider had to generate and install. I don't know if that is the same key your referring to.
htaccess will open in a php or other language editor.
In admin > system > settings before you click the blue edit button where it says store name and store url, is it https or http?
When I added SSL I received a very long (maybe 20 lines) encryption key that my host provider had to generate and install. I don't know if that is the same key your referring to.
kadin, I haven't changed anything in the .htaccess file. I am sure that I need to add in something, but I don't know what. I couldn't find any instructions to do that. I saw some posts about changing the SEO URL Settings (RewriteRule / Base / Cond area), but nothing telling me what to change.
When I'm in admin / system / settings, it shows as http://. I can't use https: to log in to Admin. I get errors, and page not found when I try to continue.
As to the Encryption key, I'm on hold now with HostGator to find out what the key is.
When I'm in admin / system / settings, it shows as http://. I can't use https: to log in to Admin. I get errors, and page not found when I try to continue.
As to the Encryption key, I'm on hold now with HostGator to find out what the key is.
Your security notification problem is that in trying to access the site as https://www. , your site is still loading scripts from http://www.sandkid wrote:I'm getting pretty frustrated. I have my SSL Certificate, and verified it with whynopadlock.com. I am running v.2.1.0.1. I have changed the config files by adding the "s" to the "https" in both config files. I left the http lines as they were. (maybe the http lines need to be changed, or removed?)
I went to the admin area, and under the server tab turned on the Use SSL. When I click on the SAVE button, the screen refreshes and I get some page that isn't mine. I have to log back in to the admin area - when I go back to the settings/server tab, I see that the Use SSL is back to No. I have tried this several times now.
I don't know what to do with the encryption key. Do I make something up, or leave it as it is with several lines of letters and numbers?
I also changed the file htaccess.txt to .htaccess . I'm not sure if I have to change anything in that file.
Now, when I go to http://www.wevegotcomics.com, the site comes up fine, but no lock showing for the SSL. When I type in https://www.wevegotcomics.com, I get an error stating that there is a problem with this website's security certificate.
What have I missed? I need some help
My assumption from what you say, is that you want to run http://www. for all including admin ?
If so, you need to change "define http server TO https://www.example.com/ ... also for admin config too ... to run ALL in https make it run the best with least problem, IMHO and experience anyway...
If you do ONLY that then visitors can ALSO still access site with http:// OR http://www.
So therefore I chose to run a redirect ALL incoming to https://www. version ONLY, which also minimizes duplicate URLs and eliminate possibility of https errors through loading script across different protocols. Then only would be ONE version of your site, not FOUR...
So change the config files + add this to your .htaccess
It needs to go up near the top BEFORE/ABOVE YOUR # SEO URL Settings.
This is to do with [L] means: if match look no further.
Obviously change instances of example.com to your domain.
The port numbers are Apache default so should be fine.
Caching stuff - use if you want to, delete if your don't, it's well tested on a functioning shop over a couple of years.
Code: Select all
RewriteOptions inherit
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
<FilesMatch "\.(js|xml|css|gz)$">
Header append Vary: Accept-Encoding
</FilesMatch>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 months"
RewriteEngine On
Options +FollowSymlinks
Options -Indexes
<FilesMatch "(?i)((\.tpl|\.ini|\.log|(?<!robots)\.txt))">
Order deny,allow
Deny from all
</FilesMatch>
RewriteEngine On
# redirect to https for www
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# redirect to https for non-www
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
# to www for https
RewriteCond %{HTTP_HOST} !^www\.
RewriteCond %{SERVER_PORT} 443
RewriteCond %{HTTP_HOST} example.com$
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
# SEO URL Settings - MATCH UP HERE TO YOUR CURRENT FILE
Hosting for Oc 2.x: Well tested on 2.03.1 including emails work correctly, cPanel Shared or WHM VPS, managed security, fast & reliable SSD drives, Raid 10 /4 disk redundancy, server locale - Texas, contact me to discuss further.
Active Member
@VictorDrummond Thanks for the info, although it didn't help. My goal is to have my site secure because I accept credit cards. HostGator says that both http://www.wevegotcomics.com and http://wevegotcomics.com are secure. After changing my config.php files (both of them), I can't get into my site, or my admin. Here is the beginning of both config.php files:
Root directory config.php file:
<?php
// HTTP
define('HTTP_SERVER', 'http://www.wevegotcomics.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.wevegotcomics.com/');
// DIR
admin directory config.php file:
<?php
// HTTP
define('HTTP_SERVER', 'http://www.wevegotcomics.com/admin/');
define('HTTP_CATALOG', 'http://www.wevegotcomics.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.wevegotcomics.com/admin/');
define('HTTPS_CATALOG', 'https://www.wevegotcomics.com/');
// DIR
I made the changes to the .htaccess file as you suggested, but it only changed the error screen from Error 404 - Page Not Found to There is a problem with this website's security certificate.
I am pretty sure that one of the problems is that I cannot turn SSL on in my Admin. I can click on the button, but when I click on Save, my screen switches to some kind of page not found screen and I am kicked out of Admin. When I log back in to Admin, I find that the SSL is still off. I don't know what I am missing, or where to look.
-Wes-
Root directory config.php file:
<?php
// HTTP
define('HTTP_SERVER', 'http://www.wevegotcomics.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.wevegotcomics.com/');
// DIR
admin directory config.php file:
<?php
// HTTP
define('HTTP_SERVER', 'http://www.wevegotcomics.com/admin/');
define('HTTP_CATALOG', 'http://www.wevegotcomics.com/');
// HTTPS
define('HTTPS_SERVER', 'https://www.wevegotcomics.com/admin/');
define('HTTPS_CATALOG', 'https://www.wevegotcomics.com/');
// DIR
I made the changes to the .htaccess file as you suggested, but it only changed the error screen from Error 404 - Page Not Found to There is a problem with this website's security certificate.
I am pretty sure that one of the problems is that I cannot turn SSL on in my Admin. I can click on the button, but when I click on Save, my screen switches to some kind of page not found screen and I am kicked out of Admin. When I log back in to Admin, I find that the SSL is still off. I don't know what I am missing, or where to look.
-Wes-
Who is online
Users browsing this forum: Google [Bot] and 7 guests