SSL Conversion Help

Started by mcpheex3, February 04, 2019, 12:33:44 PM

Previous topic - Next topic

mcpheex3

I started with the step by step post and I am still getting stuck. Below is the original post with response.

I was able to get the site to work by doing the repair settings. I still have the yellow warning lock. When I try to add the .htaccess redirect, I get this error,
"The Page isn't redirecting properly."

Also, since the repair, the navigation is acting weird in both Explorer and Firefox. See attached image. Any ideas?

So I still need help with:
1. Making the redirect work.
2. updating photos?
3. Weird navigation glitch.

Any brave and kind takers? Thanks!

Quote from: drewactual on January 29, 2019, 07:29:19 PM
Quote from: mcpheex3 on January 29, 2019, 07:09:36 PM
I need help. I may be beyond help, in which case I need the names of consultants I can hire.  ;D

I freely admit I barely know what I am doing when it comes to admin'ing a forum. I can't get this SSL thing straightened out.

1. I think the .htaccess file should go in the theflourishforum.com/forum directory because that is where the settings file is? Is that correct? Or should it go in theflourishforum.com?
yes- it should go in the directory with your forum, but MAKE SURE your server looks however layers deep for htaccess files- some can be configured not to.. so... ask your host

2. So basic but ... how do I create the .htaccess file? When I try to save it in notepad or wordpad, it forces a .rtf or .txt extension which can't be deleted.
write it in notepad and upload it to your server, THEN change the name to .htaccess from htacces.txt

3. Does it matter the site goes through cloudflare? I can't even remember what that means except I set it up when we were using the chat feature and I was blowing up my server. I have since deleted chat.
doesn't matter

4. When I test it on whynopadlock, the SSL connection passes, valid certificate, installed correctly. But I get, "Your webserver is forcing the use of SSL." Is that because of cloudfare? Should I get rid of cloudflare?
something in the configuration, either an htaccess or http.d file above your layer is likely forcing.... not a bad thing, but ask your host

5. Protocols, I get this: You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018. Say what?
tell your host to update you to the better protocols... if you need a list, I can get it for you

6. I then get 5 hard failures, 8 soft failures, and 2 form failures.
what kind of failures and using what kind of evaluation?
I have been trying to address this for months but every time I try, I get so overwhelmed, I give up. Also, I have a huge FAQ on the main URL which directs to various topics in the forum. This is an integral part of my site and none of the links will work because of this.

Any help is very much appreciated.

for your SSL Cipher Suite, you'll be best served with the following configuration (pass to your host) :

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256

your SSL protocols are best configured with (pass to your host) :

All -SSLv2 -SSLv3

drewactual

navigation glitch is likely a simple fix... it's most likely a missing ; in your css, specifically your .nav class A:hover.  it should NOT have the 'default' transparent background, but one with an assigned color...

updating photos: it can be glitchy, but attempt using the image proxy setting in your admin section to resolve http/https issues with them.

the redirection needs to be in your htaccess file right on top. 

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]


give me a link to your site and i'll peek at the css or perhaps the lack of causing the nav glitch... it is possibly that it's looking for css file still residing in port 80 land as opposed to port 443

mcpheex3

You are so helpful!

OK, somehow I got the green padlock to work. My home logo wasn't redirected. DOH!  :-\

Will look at the navigation issue (that only started after I updated via the repair settings).

So now the question is... the green padlock is working without the htaccess redirect. Do I still need it?
Also, since I have the green padlock, should I still set the image proxy to checked?

My site: The Flourish Forum.

Thanks again!

drewactual

oh.... and clear your cache too... your browsers cache- hold shift punch refresh.

drewactual

Quote from: mcpheex3 on February 04, 2019, 12:57:31 PM
You are so helpful!

OK, somehow I got the green padlock to work. My home logo wasn't redirected. DOH!  :-\

Will look at the navigation issue (that only started after I updated via the repair settings).

So now the question is... the green padlock is working without the htaccess redirect. Do I still need it?

My site: The Flourish Forum.

Thanks again!

i'd make sure it's in there if not for the simple virtue of landing at httpS: <important) www(<important) . yoursite.com no matter how a user approaches... example: some dude types in just the domain, boom- he shows up at https://www.... another types in https://yourdomain and he arrives at same location... another, still, uses a bookmark on their browser to find you, and it's looking for http://www.yoursite.com, and it is redirected to httpS://WWW. yoursite..... this is why the =301 part is of value, it tells the index servers this is a permanent redirect so it's not held against you.... and it does no harm to be there.

mcpheex3

Oh OK, that makes sense. Thanks!

Should I run the repair settings again to try to work out the nav glitch?

mcpheex3

I put the redirect in and it jumped to my home page .

But then it keeps redirecting to my home page. When I click on my forum page, it says, "The page isn't redirectly properly."

mcpheex3

I think there is already a redirect in my home root folder. The htaccess file says this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

order allow,deny
deny from 200.143.140.94
allow from all

When I type in my forum URL (theflourishforum.com/forum) without https or http, it automatically redirects to my root URL (theflourishforum.com). Which is fine, I think.

Yes ... I am pretty much clueless. But I'm really happy that after months of trying to get the greenpadlock I got it! A million thank you's for holding my hand.

drewactual

ah...

in the .htaccess file that is on the same level as your forum (alongside the directories "Themes" and 'sources' make sure this is atop all else:


RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://theflourishforum.com/forum//$1 [R=301,L]


now.... I see you're escaping WWW... this is fine, but you've GOT to be consistent... IF you usually don't use WWW before the domain name, you need to be certain while running repair_settings the URL's listed in it ALSO DON'T USE WWW. 

it's a bit of a trick of the web- and why/where these htaccess redirects come to the rescue. 

notice in the code above there is no www, and because you're using this for forcing folks to the secure FORUM directory we've implemented that directory's call (the /forum part).

again, this is in the htaccess IN THE SAME DIRECTORY as the forum, NOT the htaccess in the 'home page' directory. 
IF it is in the homepage htaccess, you may not need this at all... if it IS in an htaccess of your home page directory, attempt typing in http://www.theflourishforum.com/ and see if it doesn't wisp you away to httpS://www.theflourishforum.com instead. 

all we're trying to do here is use htaccess to force not only SSL (https) but also either www or NO www... consistently...

drewactual

also, in the HTML for your home page (is it WP? perhaps in your header.php file of that theme) you'll need to go through it (use search for http) and change all the links to https instead... this will clear up that issue without burdening the server to do it for you.

mcpheex3

Sigh... my site is such a mess. I wasn't consistent in terms of the www or no www.

The .htaccess file I copied earlier is on the home page level (theflourishforum.com). There is no .htaccess file on the forum level (theflourishforum.com/forum). When I put one there, it gives me the page isn't redirecting properly error.

This is where I get kerflooey - the home page has a button which says, "Enter Forum." It is a menu link to the forum page. Before it wasn't working and would just reset to the home page (the link did not have the www). When I changed it to include the www, it will now go to the forum page. ???

But... the links on the FAQ page - none of them have www and it still works. However, it won't let me log in unless there is no www.

Yes, it's a WP site.

When I type in  http://www.theflourishforum.com/, it redirects me to https://www.theflourishforum.com.

So... now what should I do? You are an angel by the way.

mcpheex3

BTW, the navigation glitch is gone.  ::)

drewactual

for speaking terms, you have four versions of your page hanging out on the interwebs.. one is http, another https, one is www and one is without.  there is also a https://www and an http://www... just to confuse you more (which isn't my intent) there is also there is both without...

do you see how quickly this can go sideways? which is why getting it straight is huge.. that's easier done in your htaccess and your hard coded links than anywhere else... i'm not sure how important it is (within https) you choose, but it is crucial to remain consistent. 

this isn't going to hurt..... much...

let's go to your top level htaccess, make sure your redirect points to either www or NO www... let's not worry about ANY htaccess changes in your forum at all- remove the redirect if it is there.  i think i told you wrong by doing that in the first place. 

once that is squared away, go into repair_settings and MAKE CERTAIN they ALL point to URL's either with or without the www, and it is the same thing used in your htaccess.. consistent.

once that is done, you're 99% of the way there. 

there is a setting in WP that forces secure (https) and in the same setting area you can specify www.  make sure it's there (or not there, depending on if you use www or not).  there is also a nice plugin that will make all links point to https from wordpress (actually, it negotiates it for you whether it changes it or not- checking first for https and if not there, then http)...

Now... the most time consuming, but.... you're 99.9% 'there' now...

open your WP theme directory for the theme you're using.  open the header.php and use search for "http:"... change them to "https:"... open your sidebar and your footer and do the same... if there are other files such as additional templates- you'll have to go through them too to make sure all point to https.... atop this, if you're using  child theme, you may need to access the parent themes and do the same thing as the child often uses portions of the parents templates.

this sounds difficult, but it really isn't- you got this... use the developer tools in chrome or firefox to show you links internal or external.. or even right click in a browser and 'view source', and then find: http: ..... then all you have to do for the stragglers is figure out which part of the template is presenting that html, and go to that file and change http: to https....

WP's backend, along with the repair_settings and the htaccess top level redirect will likely do almost all of the work for you. 

you're no more than half an hour from whooping this...

mcpheex3

I tried to add the .htaccess file to the forum level again. It still gives me the "page isn't redirecting properly" error. What is strange is that it does redirect to:
https://theflourishforum.com/forum/index.php. If I go to the site normally at that exact same URL (with the .htaccess file deleted) it works.  I don't understand how that can be.

mcpheex3

Sorry I was posting at the same time.

OK, I think I love you. But first ... I shall give it a whirl.  ;D

Before I do though... is there a way to tell which it *should* be www or no www? Or is it purely my preference?

A million thank yous!

mcpheex3

I think this may be part of the trouble... the home site (theflourishforum.com) is at www.theflourishforum.com. The forum is at theflourishforum.com/forum/ - NO www. Is that a problem?

drewactual

yup... choose one..  there is etiquette to consider, but it really doesn't matter.  only dinosaurs like me care about the etiquette as the search engines stopped caring some time back (according to articles i've read about the subject)...

here is the thing: if that redirect is right in your htaccess top level file, it doesn't matter how the user approaches, as the redirect will work it's magic and plop them where YOU want them... consistently. 

if that redirect is done right, it won't even allow someone to get to the other versions in the first place- which means for you? consistency... for your users? same... consistency brings trust.  that little green padlock means you give a dang about what you're doing... the search engines are noticing- and that 301 in your redirect? it tells the engines to hold you harmless for the other three versions of your page (the non-secure and the one with or without www). 

drewactual

the WP (main page) is using a hyperlink to arrive at the (www less) /forum... and... the www less or www present forum is reporting 'not secure' at the forum's top level... AS SOON AS YOU click a link within the forum, it whisps you to NON www and secure with the padlock. 

something is defeating the htaccess that exists in the parent directory...

is there a user.ini file in your forum directory?  is there one in your top directory? how about a php.ini in either?

Please go to your WP dashboard and settings... filter through those until you find the 'links' settings... make CERTAIN it points to either www (if that's what you're using) or not... ALL of these need to be consistent. 

mcpheex3

That is so very helpful! I went through all of the steps. I searched the header, footer, sidebar - no http.

The Settings link in the WP dashboard says the WP & Site address is: https://www.theflourishforum.com.

I am pretty sure I found the culprit though... I am using a plugin called, "Really Simple SSL." "Lightweight plugin without any setup to make your site SSL proof." I thought that was just getting everything transitioned to SSL (and I didn't think it went to the forum level).

Enable WordPress 301 redirection to SSL is ON.
Enable 301 .htaccess redirect is OFF.
Enable Javascript redirection to SSL is ON.

There is a "Deactivate plugin and keep SSL" button. Should I do that?

Can I just say how refreshing it is to have someone encouraging me and helping me in a direct, thorough, understandable manner?  ;D  :-*

mcpheex3

I am a numbnut. I'm so sorry I didn't think of that plugin sooner.  I installed it months ago and then forgot about it.

It says I can enable the .htaccess redirect (and it is recommended) but only if I have FTP access (which I obviously do). Should I do that?

So, just to clarify... how do I change the forum to www? I see the links for the main site but where would I change it for the forum part?

Advertisement: