We have recently installed an SSL certificate to our fairly old version of Drupal. The front end of it works well, however, we are now unable to log in to the admin area. We put this problem on our servers who claims the website now goes into a continuous redirect look, causing the site to crash. here is what they said.
"I have taken a further look at this and we can see some pages have specific rules in place that are forcing them to use HTTP this is then causing an issue with the redirect to HTTPS, this is essentially creating a loop as the Site goes to the HTTP which gets redirected to HTTPS, which the page then redirects back to HTTP and so on. You will need to review the content of the site and to remove the redirect(s) to HTTP for any pages that have this, alternatively, we can remove the redirect to HTTPS (However this defeats the purpose of having the SSL Certificate then). Please let me know if you would like me to remove the HTTPS redirect."
The same problem can be found here at stack overflow. However, the answer is very vague considering it's a change to the .htaccess file.
Any thoughts?
put this line at the en of settings.php
$conf['https'] = TRUE;
Related
URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js
I use BlueHost for LearnInternetGrow.com and I have all www addresses being redirected to non www. I did this so that my organic search results would start with my domain name.
I recently set up SSL for the site but may not keep it in the long run.
I have backlinks that are hard coded with http://learninternetgrow.com. I want to redirect all types of variations of the address
(http://learninternetgrow.com http://www.learninternetgrow.com https://www.learninternetgrow.com)
to https://learninternetgrow.com. I want to do it this way so that if I get rid of SSL (which comes with a premium) I don't have to get Google to recrawl the site and redo all the backlinks.
I feel like my logic may be faulty. Has anyone used a 301 redirect to send all traffic to a secure version of their site. I started without SSL because the site is just a blog without any sign ins, but I read that SEO can get a boost if I use SSL. So this is really a test to see if the premium is worth the SEO bump. If it isn't I will get rid of it but I want to minimize the work necessary for this test.
Please let me know if you have done a similar test and how you did it. If you started with an http site and upgraded to TLS (SSL) how did you go about doing it without hurting your organic traffic.
The main questions is - When upgrading to SSL on WordPress, should one redirect to Https at the server level or change wordpress settings - WordPRess address URL to https:// or should I do both.
To get that "boost" your https but do done properly :
301 (permanent) redirect
Avoid mixed content
So you need to change the wordpress address in the settings to avoid mixed content, and add the 301 redirect directly in the server configuration if possible.
Wait at least 2 week before start looking for a boots. The boost will be small but don't forget :
https is not about SEO boost, it's about security of your visitor and integrity of your website (some ISP inject ads inside http websites...)
I have just installed a SSL certificate on my site that has concrete5 installed. I tried changing the canonical URL in the dashboard, just the SSL part to the https version of my site, and when I tried changing both it created a redirect loop so I had to undo it. The mixed content warning seems to be coming from the photos that I have on the site, Google Chrome informs me in the console that the photos and thumbnails are not using the https version, so it doesn't load them unless you specifically ask for it.
I fixed it! What I did, if anyone runs into the same problem, is I changed the Canonical URL settings in the dashboard to have the Canonical URL be the https version, the Canonical SSL URL be the https one, and have the redirect to canonical URL unchecked and it seems to be working now.
I run a secure website on Apache, but one part requires YouTube videos that aren't showing due to the SSL blocking them.
I therefore need to use HTTP for this part of the site (/videos). If I delete the 's' off https, it jumps back in there so can't simply change the link to it.
Is there a mod_rewrite code or something similar that might add an exception to this directory?
Switching from HTTPS to HTTP will always cause problems, especially if your users are authenticated and if you want to maintain security.
You could use YouTube via HTTPS instead, as described on the YouTube API Blog.
I really dont know what is the problem nor does my website hosting providers. Im using wordpress to run my business and Im using a shop plugin called "Shopp". Whenever I fill in the Paypal Pro details to process credit card on my website, I get teh following on the checkout page: "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
I can assure you that the plugin has nothing to do with it as I have tried different shop plugins. Can someone help? The url is www.imayne.co.uk/shop/checkout
Few info:
I have SSL automatically installed by my provider
Hosted package was said to be Linux
Usually that's caused by a page (or pages) that simply redirect to each other:
first.php:
<?php
header("Location: second.php")
second.php
<?php
header("Location: first.php");
or a single page that redirects to itself. check your server logs to see exactly what the requested URL is, and then look for a wordpress rule that'd cause the redirect. Possibly you're trying to redirect from non-SSL to SSL-enabled pages, but are doing the redirect wrong, so you end up back at the same page, which then tries to redirect to SSL, fails, etc...
and indeed, after trying your link, you get redirected to https://www.imayne.co.uk/shop/checkout/, which then keeps on redirecting to itself. So, your shopping car system would appear to be broken.
Your site has been removed so I don't know if you were able to solve the issue.
One thing to keep in mind when using Shopp is, you need a dedicated SSL certificate. A "shared hosting" certificate won't work.