Having Fits With HTTPS: AArgggggh!!!!

justinbowser · October 11, 2020, 06:46:50 PM

OK, let me try to explain where I am at...

1. I installed SMF V1.1.14

2. I ran the yabb24_to_smf conversion script

3. Ran the smf_2-0-17_upgrade script

4. Created .htaccess file in the root of the server

5. Ran the repair_settings script and changed all instances of HTTP: to HTTPS:

6. Set image proxy to on in settings

No custom themes, with or without forum logo (forum logo stored in smf directory). The only thing I have added is a paypal donate button in one of the news boxes with it's links as HTTPS:.

Went to http://www.redirect-checker.org/index.php and it said "CONGRATULATION. Everything seems to be fine."

Went to https://www.ssllabs.com/ssltest/ and got an A+

Went to whynopadlock.com and passed - results here: https://www.whynopadlock.com/results/186aa176-18af-4648-b37b-8498708ac1be

I tried running install under HTTPS: but no matter what, when I entered the url for both install and upgrade it poped it back to HTTP before executing.

At this point I don't know what else to check...

Illori · October 11, 2020, 07:07:33 PM

link to the specific page with the issue so we can check further?

Arantor · October 11, 2020, 07:40:31 PM

What exactly are you trying to "install"?

The forum is at the current version, HTTPS is in place, if you visit the HTTP version you get redirected... what is left that you think you need to do?

justinbowser · October 11, 2020, 08:22:59 PM

Illori - web site address is www.bmwr65.org Thanks for helping.

Arantor - I'm not trying to install anything, just trying to get the "Not secured" message to go away on the l/h side of address bar. I have a few users that this is causing them issues connecting.

Illori · October 12, 2020, 05:01:06 AM

i cannot duplicate the issue.

do you have .htaccess redirecting to the https URL?
is there a specific URL that is causing the issue?

Aleksi "Lex" Kilpinen · October 12, 2020, 06:04:52 AM

If this is only a problem for a chosen few, empty your browsers cache and do a forced refresh (ctrl+f5). See if that helps.

Tonyvic · October 12, 2020, 06:24:32 AM

I am no expert but it appears to be an Avatar problem.
In the thread I looked at https://bmwr65.org/smf/index.php?topic=10421.0 the Avatar for Justin B. is fine but for wilcom it is from a Yabb (non https directory).

Aleksi "Lex" Kilpinen · October 12, 2020, 06:27:58 AM

That's funny - For me, Wilcom's avatar loads from https://b***.org/smf/
Could there be some odd caching at play here?

EDIT: Sorry, my bad - it is actually loading from the old location, and I just looked at the wrong URL

Copying over the old avatar folder, and changing the path to it to be under the new address should fix that. Unless it's manually linked from the old location.

justinbowser · October 12, 2020, 12:06:10 PM

Illori - The .htaccess file is in the root and is combined with the redirect commands:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} ^bmwr65\.org$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bmwr65\.org$
RewriteRule ^/?$ "https\:\/\/www\.bmwr65\.org\/smf\/index\.php" [R=301,L]

Tony - I edited Wilcom's profile and changed HTTP to HTTPS and still have the same issue.

Lex - I went into Chrome and cleared everything except for stored passwords, did <ctrl><f5> and I still get no padlock. I just tried accessing the site with IE and Seamonkey and it comes up secured! Maybe this is a Chrome issue?

Tonyvic · October 12, 2020, 02:00:11 PM

QuoteTony - I edited Wilcom's profile and changed HTTP to HTTPS and still have the same issue.

Yes and that thread's URL is now secured. Why not do as Lex suggested, i.e.

QuoteCopying over the old avatar folder, and changing the path to it to be under the new address should fix that. Unless it's manually linked from the old location.

because there are lots of Avatars in the 'Yabb' directory.

justinbowser · October 12, 2020, 02:22:28 PM

Tony - OK. I have copied the avatars from the YaBB user avatars directory to the avatars directory under smf. Not sure what this will accomplish since the user avatar URL is "hard-coded" in their profile and they have the URL set to "HTTP:"

After copying avatars I still get "no padlock."

Is there a way I can do a global wipeout of all user avatar pointers and force them to choose it from the smf avatars directory?

Arantor · October 12, 2020, 02:24:49 PM

So you need to fix their entries in the database to point somewhere else.

justinbowser · October 12, 2020, 02:40:57 PM

I am not an SQL expert, is there a way to globally replace every instance of http with https or do I need to do it my hand? All that aside I can't see why a user avatar's URL would cause a no padlock issue on the main forum page when a different user, or no user, is logged in.

Maybe I'm just slow...

Arantor · October 12, 2020, 02:45:38 PM

For user's avatars you need to do it in their profile. But even on the link you mentioned I can't get it to give me no-padlock in Chrome because it looks to me like everything is forced via HTTPS...

justinbowser · October 12, 2020, 04:43:29 PM

Yes, I'm forcing HTTPS through the .htaccess file so it just boggles my mind why some folks Chrome gives a not secure message.

justinbowser · October 12, 2020, 05:12:02 PM

Not sure why but I did a cold boot of my PC and the site now shows as secure! I've been banging my head against the wall for almost three days because of this!

Thanks to all for the help.

News:

Having Fits With HTTPS: AArgggggh!!!!