I am experiencing a weird problem on enabling ssl on various opencart installations of 2.1.0.2 version.
I have a VPS that has SSL via the new cpanel to all acounts available.
I have already enabled ssl and https on many opencart 1.5 versions, wordpress and even old joomla accounts.
However when i try to enable https on any opencart 2.1.0.2 version via the following procedure i get a bizarre redirection to a suspended account of my vps.
The procedure i follow for ssl in opencart 2.1.0.2 is:
I edit the config.php files both at public_html and admin to
// HTTPS
define('HTTPS_SERVER', 'https://example.com/admin/');
define('HTTPS_CATALOG', 'https://example.com/');
I enable ssl via the backend server settings in opencart
and i add in my .htacces file
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
right after
RewriteEngine On
I even tried to force https to all links in config files as:
// HTTP
define('HTTP_SERVER', 'https://example.com/admin/');
define('HTTP_CATALOG', 'https://example.com/');
// HTTPS
define('HTTPS_SERVER', 'https://example.com/admin/');
define('HTTPS_CATALOG', 'https://example.com/');
with no luck.
Any ideas?
thank you
Before you add any configuration changes, visit your site:
https://example.com/
If you still get the weird, unexpected page - contact your host, as there's no change in OpenCart you can do to fix a server misconfiguration.
With that said, how did you "enable" SSL? Via Let's Encrypt or a purchased SSL? If you only added the https to your config files, you do not have any SSL enabled. Your host may 'offer' it, but it may not exist by default.
If your host offers it via your cPanel, install a free SSL via the Let's Encrypt cPanel plugin. It should be done automatically and only take a few seconds to complete and you would receive a success message once it's been installed and activated to your site.
Related
I am trying to redirect my domain and sub domain to https. I have subscribed to Wildcard SSL and made below modifications to htaccess file, as per this guide.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I am now seeing HTTPS 'Secure Connection' on my main domain. But on sub-domain, it is still showing 'Not Secure' although HTTPS is in the domain.
What changes do I do here to redirect my subdomain as well to https 'Secure Connection'.
Looks like there is a problem with your cert installation or signing, that is why it shows "Not Secure".
You may want to try to check if the cert is correctly installed using some checker tool:
Example. https://cryptoreport.websecurity.symantec.com/checker/
Or check with your cert and hosting provider for assistance to see if it is your cert installation or signing problem.
You need to apply/check other .htaccess file(s) in your sub-domain(s) root directories. Example subdomain.yourmaindomain may be located at root/subdomain folder (need be checked - it's depended to your subdomain setting).
I have multiple sites on my host using Let's Encrypt and all of them have had no issues. Today I'm trying to install a certificate on joescottocpa.com. The certificate will install but when I visit the site it gives me a Your connection is not private error. When I inspect the certificate it says that it is valid.
I'm able to go to the actual HTTPS address with no issues. When I type just the domain joescottocpa.comin it will sometimes work without issues, sometimes give me the error, and other times just redirect me to my hosting providers homepage.
I am using an .htaccess file to redirect the page, the code on the file is the exact same that I've used for every other site that uses HTTPS. Any help at all would be great.
Thanks!
.htaccess:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://joescottocpa.com/$1 [R,L]
The issue was with my host. Something with their settings was off that they wouldn't tell me. Needless to say this host caused issues before so I decided to switch to a new host and the issue was no longer there.
I canceled my SSL certificate subscription but all my pages are indexed with https on search engines.
So I added a redirect to my .htaccess file
RewriteCond %{HTTPS} on
RewriteRule (.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
but I still can't go through the old https links without getting a warning:
The certificate for this website is invalid. You might be connecting to a website that is pretending to be www.flashmavi.com, which could put your confidential information at risk.
What am I doing wrong?
What am I doing wrong?
You still have SSL enabled but your certificate for the site is no longer valid. Thus browsers complain about the invalid certificate. The redirect will only be done inside the SSL connection, that is after the browser complained and the user explicitly ignored the warnings.
Your only ways are either to get a new certificate or to disable SSL completely so that browsers don't get a warning but simply fail and the search engine will update the index after a while. Note that you cannot disable SSL completely for a single host if there are other sites on the same IP address using SSL.
I have a shared hosting on Apache web server with cpanel access to my hosting account
the primary domain abc.in is used to access the public_html folder on which the site files are stored.
I have added a few domains that are not related to abc.com through cpanel add on domains.
They are namely
def.com
ghi.com
jkl.com
so my file system for the domains on shared hosting will be like this
/public_html/ files or directories for abc.in
add on domains are also on
/public_html/def.com/
/public_html/ghi.com/
/public_html/jkl.com/
so you might have understood the working system..
def.com website files are stored in sub directory in public_html folder as shown above
similarly
ghi.com website files are stored in sub directory in public_html folder as shown above
jkl.com website files are stored in sub directory in public_html folder as shown above
now the issue is i need to force https /ssl on primary domain abc.com
the ssl is issued only for abc.in and support.abc.in only
not valid for www version of abc.in and support.abc.in
more over as per my seo knowledge a website should redirect to only one version of website.
that is either www version or non www version
so i have redirection enabled for abc.in in cpanel
so whether it is www.abc.in or abc.in it will go to abc.in only
as discussed earlier ssl is only issued for abc.in and support.abc.in only
now i want to force ssl to entire domain of abc.in and support.abc.in
i have tried cpanel redirection for this,but multiple redirection made a loop and website un accessible.
i have found a .htaccess rewrite here Force HTTPS and strip WWW without receiving Cert error
but enabling it made all the add on domain hosted in sub directories redirecting to abc.in in ssl version.
So i need only ssl access to abc.in and support.abc.in
and i will need separate rules (http) for add on domains and i will be adding more add on domains later.
So i need a htaccess configuration that is generalized for this scenario,so that i can configure the add on domains to use their ssl if needed in future and rules for add on domain that i add in future.
I request the super webmasters and programmers to give some generic/custom generic configuration of htaccess for my situation.
As i am web designer i have no knowledge on htacess rewriting and i am fairly new to this.
Any one who understand the issue,please provide your valuable input.Your response is very important for me.Thank you.
please do explain the code that solves my problem,so that i can customize it later if needed.
Put this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(support\.)?abc\.com$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R=301,L]
I have a site www.example.com for which i purchased SSL cert and installed.
And it was working fine, I also have a subdomain with app.example.com which was not on SSL.
Both www.example.com and app.example.com are on same IP address.
At later we decided to put SSL only on app.frostbox.com and then i configured SSL with app.frostbox.com and it worked fine,
Now the issue is that Google is indexing my site as https://www.example.com/ and when users hits the web , Invalid security warning is issued and when user allow security issue they are shown my app.example.com contents.
Note: I have my SSL configuration files in /etc/httpd/conf.d/ssl.conf
The contents of the ssl.conf are below.
http://pastebin.com/GCWhpQJq
NOTE: I tried solutions in .httaccess but none of those worked. Like redirecting 301 redirects etc
Purchase a SAN-multi domain certificate. Issue the certificate to www.abc.com and add the additional SAN www.app.abc.com in and it will work.
Hopefully you are within the 30 day cancellation policy.
you need to edit your httpd.conf file or the file where your virtual host is specified and add these lines to redirect http to https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}