I canceled my SSL certificate subscription but all my pages are indexed with https on search engines.
So I added a redirect to my .htaccess file
RewriteCond %{HTTPS} on
RewriteRule (.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
but I still can't go through the old https links without getting a warning:
The certificate for this website is invalid. You might be connecting to a website that is pretending to be www.flashmavi.com, which could put your confidential information at risk.
What am I doing wrong?
What am I doing wrong?
You still have SSL enabled but your certificate for the site is no longer valid. Thus browsers complain about the invalid certificate. The redirect will only be done inside the SSL connection, that is after the browser complained and the user explicitly ignored the warnings.
Your only ways are either to get a new certificate or to disable SSL completely so that browsers don't get a warning but simply fail and the search engine will update the index after a while. Note that you cannot disable SSL completely for a single host if there are other sites on the same IP address using SSL.
Related
I am working on a GoDaddy VPS (Apache, CentOS, cPanel). I have an SSL certificate valid for example.com but NOT www.example.com.
I want to use a .htaccess file to forward any requests to https://example.com/<pages>.
My code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule ^(.*) https://example.com/$1 [L,R=301]
The problem:
All tested browsers (Chrome, Edge, Opera) work fine for all combinations of http, https, www, and specific pages. However, Firefox does NOT forward https://www.example.com (with or w/out pages).
I get a security warning stating that www.example.com is not on the cert.
I have tried numerous other code snippets but none seem to work.
Firefox may seem like the oddball, but actually it's the other browsers doing it "wrong" - to be forgiving with other peoples' server misconfiguration in favor of the user's convenience. (Also, it will look less odd once you realize that all three browsers you mentioned - Chrome, Edge, Opera - are forks of Chromium.)
If you look in the Chrome devtools, you'll see this:
Redirecting navigation www.example.com -> example.com because the server presented a certificate valid for example.com but not for www.example.com. To disable such redirects launch Chrome with the following flag: --disable-features=SSLCommonNameMismatchHandling
So, even though you didn't present a valid certificate for https://www.example.com, Chrome was nice enough to execute the redirect anyway, because you did present a certificate that was valid for the target domain of the redirect (example.com), even though technically the redirect response was returned over a connection that wasn't properly secured (with a certificate not matching the requested domain).
The solution would be to have a proper SSL certificate in the first place, including all the domains that you want your site to be reachable under, in that case probably just example.com and www.example.com. (Some certificate issuers will even include the www subdomain for free if you purchase a certificate for the naked domain.)
I am trying to redirect my domain and sub domain to https. I have subscribed to Wildcard SSL and made below modifications to htaccess file, as per this guide.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I am now seeing HTTPS 'Secure Connection' on my main domain. But on sub-domain, it is still showing 'Not Secure' although HTTPS is in the domain.
What changes do I do here to redirect my subdomain as well to https 'Secure Connection'.
Looks like there is a problem with your cert installation or signing, that is why it shows "Not Secure".
You may want to try to check if the cert is correctly installed using some checker tool:
Example. https://cryptoreport.websecurity.symantec.com/checker/
Or check with your cert and hosting provider for assistance to see if it is your cert installation or signing problem.
You need to apply/check other .htaccess file(s) in your sub-domain(s) root directories. Example subdomain.yourmaindomain may be located at root/subdomain folder (need be checked - it's depended to your subdomain setting).
I am experiencing a weird problem on enabling ssl on various opencart installations of 2.1.0.2 version.
I have a VPS that has SSL via the new cpanel to all acounts available.
I have already enabled ssl and https on many opencart 1.5 versions, wordpress and even old joomla accounts.
However when i try to enable https on any opencart 2.1.0.2 version via the following procedure i get a bizarre redirection to a suspended account of my vps.
The procedure i follow for ssl in opencart 2.1.0.2 is:
I edit the config.php files both at public_html and admin to
// HTTPS
define('HTTPS_SERVER', 'https://example.com/admin/');
define('HTTPS_CATALOG', 'https://example.com/');
I enable ssl via the backend server settings in opencart
and i add in my .htacces file
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
right after
RewriteEngine On
I even tried to force https to all links in config files as:
// HTTP
define('HTTP_SERVER', 'https://example.com/admin/');
define('HTTP_CATALOG', 'https://example.com/');
// HTTPS
define('HTTPS_SERVER', 'https://example.com/admin/');
define('HTTPS_CATALOG', 'https://example.com/');
with no luck.
Any ideas?
thank you
Before you add any configuration changes, visit your site:
https://example.com/
If you still get the weird, unexpected page - contact your host, as there's no change in OpenCart you can do to fix a server misconfiguration.
With that said, how did you "enable" SSL? Via Let's Encrypt or a purchased SSL? If you only added the https to your config files, you do not have any SSL enabled. Your host may 'offer' it, but it may not exist by default.
If your host offers it via your cPanel, install a free SSL via the Let's Encrypt cPanel plugin. It should be done automatically and only take a few seconds to complete and you would receive a success message once it's been installed and activated to your site.
I have multiple sites on my host using Let's Encrypt and all of them have had no issues. Today I'm trying to install a certificate on joescottocpa.com. The certificate will install but when I visit the site it gives me a Your connection is not private error. When I inspect the certificate it says that it is valid.
I'm able to go to the actual HTTPS address with no issues. When I type just the domain joescottocpa.comin it will sometimes work without issues, sometimes give me the error, and other times just redirect me to my hosting providers homepage.
I am using an .htaccess file to redirect the page, the code on the file is the exact same that I've used for every other site that uses HTTPS. Any help at all would be great.
Thanks!
.htaccess:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://joescottocpa.com/$1 [R,L]
The issue was with my host. Something with their settings was off that they wouldn't tell me. Needless to say this host caused issues before so I decided to switch to a new host and the issue was no longer there.
I have a site www.example.com for which i purchased SSL cert and installed.
And it was working fine, I also have a subdomain with app.example.com which was not on SSL.
Both www.example.com and app.example.com are on same IP address.
At later we decided to put SSL only on app.frostbox.com and then i configured SSL with app.frostbox.com and it worked fine,
Now the issue is that Google is indexing my site as https://www.example.com/ and when users hits the web , Invalid security warning is issued and when user allow security issue they are shown my app.example.com contents.
Note: I have my SSL configuration files in /etc/httpd/conf.d/ssl.conf
The contents of the ssl.conf are below.
http://pastebin.com/GCWhpQJq
NOTE: I tried solutions in .httaccess but none of those worked. Like redirecting 301 redirects etc
Purchase a SAN-multi domain certificate. Issue the certificate to www.abc.com and add the additional SAN www.app.abc.com in and it will work.
Hopefully you are within the 30 day cancellation policy.
you need to edit your httpd.conf file or the file where your virtual host is specified and add these lines to redirect http to https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}