• Welcome to Simple Machines Community Forum. Please login or sign up.
December 03, 2021, 02:57:41 AM

News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord


Converting to https, step-by-step...

Started by shawnb61, July 08, 2017, 03:01:04 AM

Previous topic - Next topic

computel

anyone had luck in a sub-directory setup? Here is what I see when I got to mine with HTTPS: really afraid to mess with the site I have over 10+ years of stuff.

Illori

you did not run repair_settings.php and redirect your forum to be forced https.

What is repair_settings.php?

computel

I did a .htaccess force HTTPS and that is what it showed in the image

computel

Just ran it What is repair_settings.php? and got 500 server error do I need to do a .htaccess to force it? how do I force it? my domain is canadianracingonline.com/smf

Thanks

Sir Osis of Liver

Did you upload repair_settings.php to canadianracingonline.com/smf/?  It's not there now.  You should be able to force https in cpanel domain settings.
"The best laid schemes o' mice an' men / Gang aft a-gley." - Robert Burns

computel

removed it the file. I get 500 server errors what do I do?

Sir Osis of Liver

Shouldn't get a 500 error from repair_settings.  Do you have the current version?
"The best laid schemes o' mice an' men / Gang aft a-gley." - Robert Burns

computel

Downloaded it from here. as soon as I run it and then go back to the forum I get 500 errors I hit restore from the repair_settings.php and the forum works again.

computel

Seems to work now. I copied the recommended into the spot and saved it and it works. Thanks everyone

thatjustit

I did all the steps, forum seems to be working fine, but I can't edit or make new posts, I keep getting:
QuoteThe information you're about to submit is not secure
Because this form is being submitted using a connection that's not secure, your information will be visible to others.

Kindred

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."


Kindred

yup... something is not set to https in your settings.

<link rel="canonical" href="http://aboard.pl/regulamin/regulamin/" />
<link rel="help" href="https://aboard.pl/help/" />
<link rel="search" href="https://aboard.pl/search/" />
<link rel="contents" href="https://aboard.pl/index.php" />
<link rel="alternate" type="application/rss+xml" title="Forum Wielotematyczne Ogólnotematyczne ABoard.pl - RSS" href="https://aboard.pl/.xml/?type=rss" />
<link rel="prev" href="http://aboard.pl/regulamin/regulamin/?prev_next=prev" />
<link rel="next" href="http://aboard.pl/regulamin/regulamin/?prev_next=next" />
<link rel="index" href="http://aboard.pl/regulamin/" />

and a whole bunch of the board links - some of the breadcrumb links, etc are still using http

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

thatjustit

Would running repair_settings.php again help or should I download the database and mass change all remaining urls to https?

Kindred

running repair_settings again won't hurt....

I'm not sure what mods you are using---   but SOMETHING is keeping http values in places that SHOULD be updated (but are not)

Did you make the htaccess changes as well, to force https?
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

thatjustit

I did run repair_settings again to no effect and I have made changes to htaccess before, thankfully changing all urls from http to https in the database worked. Later I found out that I had a couple of wrong folder paths in my config, don't know if that might have been an issue too.

Aleksi "Lex" Kilpinen

You at least have some url rewriting going on that is hiding the actual SMF url structure - for example you seem to be hiding index.php from your url, and that's often a bad idea.

On the other hand, pretty much everything I could visit as a guest seem to be secure now, so you've got most of it figured out already I guess.
A Finnish Project Manager (Support Specialist)
 Happily running multiple SMF 2.x installations.
  Fooling around with i7-10700 @ 2,90GHz-4.80GHz / 16Gb / RTX-2070 Super / 3840x2160 / Win 10 x64


How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

landyvlad

Is the process for this still the same with 2.1 as it was with 2.0 ?

I followed all the usual steps including creating the htaccess file with relevant code
Ran repair_settings.php to change all to https:
Have a (self-signed) SSL certificate on the server (host supplied)

and now weirdness ensues

ytyak.com <- doesn't work
www.ytyak.com <- does work but shows as not secure.

Thoughts?
Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

To paraphrase Kindred: "There are no technical solutions to social problems."

Kindred

yes, the procedure has not changed....


works fine for me on several sites running both 2.0.18 and 2.1 RC4

The certificate should be set at the ROOT domain....   (setting a cert for www technically sets it for only the www subdomain)
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Self signed certificates are rarely a good idea outside of testing or very specific situations; Let's Encrypt is free and most hosts have it set up now.
No good deed goes unpunished
All helpful urges should be circumvented

Advertisement: