SSL just not working

You are correct on the hta mod as it did nothing for the issue I was having. The problem is there are issues with the host providers and or the SSL cert... have not narrowed it to the exact problem as time is critical when it comes to sales. When your customers can't check out its a problem. Spent 2 hrs trying to get a customer to trick it somehow and the only way around it was to throw the whole thing into SSL.

Ended up switching to a real host (WX) and problem gone. These big commercial hosting companies are not knowledgeable enough to support the applications they host and have no clue how to set up the server properly. All they do is say all looks ok on their end so you end up pulling your hair out to the point of breaking your site. In the end it's not Opencart or the users but the host. Plain and simple. Go with a real host and forget about it and don't look back. For the host (starts with F and ends in w) I was having problems with I highly recommend either not going there at all or switching if you run Opencart and even have a hint of any issues. I'll never get back the 3 months of my life I spent with them.

Check this post & host thread.. do yourself a favor if you are having these issues or any issues in general with speed and your current host and make the change ASAP for your benefit. http://forum.opencart.com/viewtopic.php ... 24#p386924

http://www.wxhosting.com

Hi All you OpenCart gurus!,

I have tried every post on opencart forums to get the admin, check out pages and account to use my SSL certificate.

Specs: OP 1.5.5.1
Hosting Service: Godaddy dedicated IP with SSL Cert (no redirects)

Root config.php
// HTTP
define('HTTP_SERVER', 'http://www.reddragonvapors.com/');
define('HTTP_IMAGE', 'http://www.reddragonvapors.com/image');
define('HTTP_ADMIN', 'http://www.reddragonvapors.com/admin/');

// HTTPS
define('HTTPS_SERVER', 'https://www.reddragonvapors.com/');
define('HTTPS_IMAGE', 'https://www.reddragonvapors.com/image');

Admin config.php

// HTTP
define('HTTP_SERVER', 'http://www.reddragonvapors.com/admin/');
define('HTTP_CATALOG', 'http://www.reddragonvapors.com/');
define('HTTP_IMAGE', 'http://www.reddragonvapors.com/image');

// HTTPS
define('HTTPS_SERVER', 'https://www.reddragonvapors.com/admin/');
define('HTTPS_IMAGE', 'https://www.reddragonvapors.com/image');

Settings in admin: Settings>>Server>> Yes to SSL

.htaccess: no changes (stock)

What happens is every page goes HTTPS and some of my images are missing. All that I am trying to do is get my checkout page, admin and customer account pages to go secure. Anyone using SSL on OP 1.5.5.1? that can help?

@rdvapors.. you may find a fix with the host and the SSL but it could take a lot of finger pointing.. I spent 3 months with nothing but pure frustration with the big name hosts who don't give a rat about you or your site.. just my take.

you seem to have something wrong with the SSL for sure: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. / The server responded with an invalid SSL response, please check the web server configuration and try again

Do yourself a favor.. get with a real host who knows you, your site and the APP and bonus speed enhancements. wxhosting.com .. sorry .. may not be what you want to hear but I have never felt better since I changed. My site has not even burped since and scores a 96 out of 100 with Google Page Speed Insight with out of the box mod. zixiutangenergy.com .. take it for a spin..

@rdvapors .. it appears your cert may be installed without the www .. try removing that first then clear the insecure content on the SSL pages if it still exists..

blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... esheet.css.
reddragonvapors.com:21
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... lorbox.css.
reddragonvapors.com:22
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... 7.1.min.js.
reddragonvapors.com:1
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... tom.min.js.
reddragonvapors.com:1
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... custom.css.
reddragonvapors.com:25
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... /common.js.
reddragonvapors.com:1
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... box-min.js.
reddragonvapors.com:1
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... der.min.js.
reddragonvapors.com:1
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://www.reddragonvapors.com/catalog/ ... ing.1.3.js.
reddragonvapors.com:1
[blocked] The page at https://reddragonvapors.com/?route=checkout/cart ran insecure content from http://connect.facebook.net/en_GB/all.js.
reddragonvapors.com:60
The page at https://reddragonvapors.com/?route=checkout/cart displayed insecure content from http://www.reddragonvapors.com/image/da ... 515x75.png.
reddragonvapors.com:65

Well that got me into a secured admin! Yay! No I still have the problem of not being able to go secure with checkout, and account. I'm not sure on how to clear the ssl?

Did you edit both config files?

this looks normal if you have something in your cart by forcing the https:// in the address bar.. make sure DNS is set up for both //XXX & //www.XXX

You are not able to add to cart from your homepage now with www ..

https://reddragonvapors.com/?route=checkout/checkout

https://reddragonvapors.com/?route=account/login

Cool, I can force it by typing the https in the address bar but using any links to checkout will not go secure. However, the success page goes secure. Hmmmm, both config.php files are edited and the settings>>server is set to yes. So I'm at a lose. Admin works fine, account login and checkout does not.

That is the same thing I was having with checkout although customer account was ok.. I'm confident there is a problem with the server or ssl config with the host based on what I experienced. These hosts don't know how to set the application correctly.

So I added this to the .htaccess and account log in goes secure. But the add to cart button is broken. Any ideas?

checking further, account login does not log you in. And wish list is broken as well.

I truly understand your frustrations first hand which is why I'm trying to help.. trust me. My problem eventually got to a point where customers could not even check out until I put the entire site in SSL mode. I spent 2 hrs in a conversation with one customer until I gave up. I still don't know why she stayed with me. Try putting the entire site in SSL. Just change all config links to SSL. The only problem like this is I had to remove everything off my front page on "add to cart" cause that was not working similar to yours for this period but at least customers could checkout.

I am confident there is nothing wrong with you or your configuration. It is with the host, their SSL and or server settings for the communication protocols. Unfortunately, these companies do not know how to set up the servers to behave with OC properly.

I was fortunate when I was having problems to have support from very well trusted and known devs for OC who both came back not finding anything wrong with my setup as I was looking into and purchasing the speed module and checkout. I was not looking for a host at this time and at no point did anyone ever try to get me to switch without my inquiry.

One of these was Jeff who owns wxhosting and Hunter Business Management and the other was a dev who I was interested in a new cart - simplecheckout.

I knew the problem was not on my end after these very well respected gurus said the same. It was not until after I came back asking Jeff after frustration with my host and suspecting problems there who he could suggest for a host. Once he informed my wxhosting.com was his I LEAPED at the opportunity to make the move.

Best decision I made in all my business moves so far..

Sorry if this is not what you want to hear but I am just sharing my own experience to get you to a resolution. Unfortunately, you can continue to raise the issue with your current host which in turn may just come back saying the same as I heard which is "everything looks ok on our end" .. and yes it does but something is wrong and they just don't know what it is. Just not sure how and when they may actually find what they need to do to make it work properly.

Once I switched to Jeff (wxhosting) it was not like we had to still figure out why it didn't work because it just did. The problem was gone.. It's not you.

Having the same issue, and I've done everything here.. still it will not work however I'm getting this error

PHP Notice: Use of undefined constant HTTPS_CATALOG - assumed 'HTTPS_CATALOG' in /var/www/vhosts/syberhive.com/httpdocs/admin/model/tool/image.php on line 34

Get this only after doing the admin config file with
// HTTPS
define('HTTPS_SERVER', 'https://www.domain.com/admin/');
define('HTTPS_IMAGE', 'https://www.domain.com/image/');

and yes my images foldes are set to 777.
Also when site pages are loading the SSL is there, but once done its gone, on the admin side the SSL works just fine!

OK This worked for me.
under setting/server find
Use Shared Sessions:
Try to share the session cookie between stores so the cart can be passed between different domains. tick No

Then at the bottom of the page you will find
Display Errors: tick No

Admin config
<?php
// HTTP
define('HTTP_SERVER', 'https://www.domain.com/admin/');
define('HTTP_CATALOG', 'http://www.domain.com/');
define('HTTP_IMAGE', 'http://www.domain.com/image/');

// HTTPS
define('HTTPS_SERVER', 'https://www.domain.com/admin/');
define('HTTPS_IMAGE', 'http://www.domain.com/image/');

Root config
<?php
// HTTP
define('HTTP_SERVER', 'http://www.domain.com/');
define('HTTP_IMAGE', 'http://www.domain.com/image/');
define('HTTP_ADMIN', 'http://www.domain.com/admin/');

// HTTPS
define('HTTPS_SERVER', 'https://www.domain.com/');
define('HTTPS_IMAGE', 'http://www.domain.com/image/');

This worked for me in all browsers I'm so happy hope works for you guys..

So after many hours of frustration and lost revenue, a lesson learned. Godaddy can not accommodate OP too well. The tech support stated that the SSL cert was installed correctly. But obviously it was not. I could not get account or check out to go secure. So from a suggestion from this forum (sdynak), I moved my store to wxhosting. As this member said, It was the best thing I have done for my business. It is lighting fast, tech support is outstanding and all the free stuff that comes with the 28/month hosting is fantastic! My web shop is working flawlessly! Jeff at wx is a opencart guy! he specializes in opencart installations and problems. If it where not for the member in this forum and Jeff, I would have just shut my doors. Jeff installed the SSL cert from Godaddy and it worked the first time! all of it is secure that is supposed to be secure. I ran a test with McAfee for PCI compliance.....and ..... guess what?! Right out of the box it is PCI compliant!.

All the advice previous to this is correct, it is coming down to the SSL cert from our hosting company. Consider looking at wxhosting if you are having issues with GD.

I pretty much tried everything to get SSL to work and it finally worked doing this:

Edit the store link in your admin panel>system>setting, try to edit the url of your store to https

The default store might not allow you to add the https so "insert" a new store and add the "https" store to the "SSL URL:" under the "General tab."

I am not sure why this wasn't included in the documentation/tutorial for installing SSL but it should. I didn't find it anywhere on Google either. One of the developer told me to do this and it worked, I hope it should solve the SSL problem for you guys.

Another thing, when you edit the config.php and admin config.php make sure that you have changed permission to allow you to write and execute the file so that it can be saved. I noobishly didn't realize this before.

@rdvapors.. It is good to hear all is well with your site under Jeff and wxhosting. I spent 3 months of just trying to keep my site up and working let alone the the SSL issue. I was at a point where I was checking it constantly. The SSL issue once I realized it was the last straw. I only wish I knew how long it was like that. It took some adjusting to but I am actually getting away from managing and backing up the site to adding, filling orders and working like a business. What a difference Jeff had made. If I only knew.. I'd be months ahead. I'll never look back and could not be any happier now with the performance and stability. Best of luck with your business. You have solid ground now. Nothing but worrying how to fill all the boxes now .


@vryannn - If I understand correctly it sounds like you did what I did until I got the site working properly with Jeff and wxhosting by placing the entire site in SSL mode. This is not how OC is supposed to work. Only admin/login/checkout are supposed to go into SSL. If it is not working this way something is wrong. In this mode customers could not add to cart from the home page for whatever reason. Anyway.. it is just not right and it sounds like you have the host SSL plague. Can only offer the guidance already offered by myself and rdvapors at this point if so for a remedy. Hope it works out.

@sdynak

Actually my entire website isn't in SSL mode, it's in normal mode until I go to admin or checkout and then it goes into SSL mode, which is how Opencart is suppose to work. I have hosting with Godaddy and I thought they were the problem but it was just because I was suppose to do that extra step.

@vryannn - ok.. glad that worked for you. Not required for me when things were finally set up with SSL properly but at least it works for you. My issues were deeper than just that.. that was just the last straw. I was with fatcow. Just chalking it up to a lesson learned in the business world I guess. Seems you have to take them along the way. My pagespeed also went from 70 to 96.

If that doesn't work, you might look in at least two places among files driving it. One is for wherever calls to load are looping back through the secure gateway without credentials to give when it issues, "Halt! Who goes there?" T'other is for wherever calls to load are looking inside admin/ for what is instead outside and beside that (alike admin/, off the store's root or basedir/). A carefully crafted Search may turn up a narrowed list of ideas, dunno, dinna try it here.

I am having the same issues as everyone here with security of the site at checkout, account, etc. Everything is exactly how it is supposed to be with config files in both admin and public changed as well as SSL on site. Cert is installed properly and shows up if manually changed to https. I have read every bit of information on the forum, on the web and have had several people look at it. There are quick fixes to getting it to work, but its not the proper way. I dont want the whole site secure, just pages where customers are entering personal information. My site seems to be fine with 1.5.3 but isnt with 1.5.5.1. Something's gotta give!