Enabled SSL gives issues - ssl

I really dont know what is the problem nor does my website hosting providers. Im using wordpress to run my business and Im using a shop plugin called "Shopp". Whenever I fill in the Paypal Pro details to process credit card on my website, I get teh following on the checkout page: "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
I can assure you that the plugin has nothing to do with it as I have tried different shop plugins. Can someone help? The url is www.imayne.co.uk/shop/checkout
Few info:
I have SSL automatically installed by my provider
Hosted package was said to be Linux

Usually that's caused by a page (or pages) that simply redirect to each other:
first.php:
<?php
header("Location: second.php")
second.php
<?php
header("Location: first.php");
or a single page that redirects to itself. check your server logs to see exactly what the requested URL is, and then look for a wordpress rule that'd cause the redirect. Possibly you're trying to redirect from non-SSL to SSL-enabled pages, but are doing the redirect wrong, so you end up back at the same page, which then tries to redirect to SSL, fails, etc...
and indeed, after trying your link, you get redirected to https://www.imayne.co.uk/shop/checkout/, which then keeps on redirecting to itself. So, your shopping car system would appear to be broken.

Your site has been removed so I don't know if you were able to solve the issue.
One thing to keep in mind when using Shopp is, you need a dedicated SSL certificate. A "shared hosting" certificate won't work.

Related

Unable to log in to admin area after installing SSL certificate on Drupal

We have recently installed an SSL certificate to our fairly old version of Drupal. The front end of it works well, however, we are now unable to log in to the admin area. We put this problem on our servers who claims the website now goes into a continuous redirect look, causing the site to crash. here is what they said.
"I have taken a further look at this and we can see some pages have specific rules in place that are forcing them to use HTTP this is then causing an issue with the redirect to HTTPS, this is essentially creating a loop as the Site goes to the HTTP which gets redirected to HTTPS, which the page then redirects back to HTTP and so on. You will need to review the content of the site and to remove the redirect(s) to HTTP for any pages that have this, alternatively, we can remove the redirect to HTTPS (However this defeats the purpose of having the SSL Certificate then). Please let me know if you would like me to remove the HTTPS redirect."
The same problem can be found here at stack overflow. However, the answer is very vague considering it's a change to the .htaccess file.
Any thoughts?
put this line at the en of settings.php
$conf['https'] = TRUE;

How to ensure my website loads all resources via https?

URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js

Getting mixed-content errors even though I’m only using https URLs

I'm having the SSL warning messages all over my website after switching to SSL for several assets:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS,
but requested an insecure script 'http://example.com/script.js'. This
request has been blocked; the content must be served over HTTPS.
I checked the page source, every single script/css is requested over https.
I even checked the dynamically created html by using the code inspector.
I disabled Javascript in case a script was loading these assets dynamically.
None of these things showed a single http:// request. I'm out of ideas to try and find what is causing this. Any ideas or suggestions?
When seeing a mixed-content message about a http://example.com/script.js (non-https) URL that doesn’t actually appear anywhere in your sources, the basic strategy to follow is:
Replace the http in the URL with https and put that into the address bar in your browser: https://example.com/script.js
If your browser redirects from that https://example.com/script.js URL back to (non-https) http://example.com/script.js, then you’ve found the cause: example.com/script.js isn’t actually available from an https URL, and ends up getting served from a http URL even though your source is requesting the https URL.
My 2 cents regarding this issue.
I have a project hosted on one domain that works flawlessly.
I need to make it international so I am cloning the master branch to a new branch, making some necessary text changes and deploying new site (new domain) with code from the new branch.
Everything works fine, except 1 ajax call (api route) that gets blocked due to Mixed content.
First things first, I checked these 3 things:
I check in the Network tab in dev tools and it is actually loaded through https.
I open the file directly in browser and it is https.
I try to open it as http:// and it automatically redirects to https://
This is very strange because the 2 domains are both using Cloudflare and their backend setup is identical, the code is the same (only text changes for the new one) yet for the new setup there is console error for 1 specific api route, an all others (some 20+ ajax requests across the page) work just fine. They are even using the same function to make the Ajax request, so it is definitely not a configuration error.
After doing some investigation I found out the issue:
The call that was 'buggy' was ending in /. For example, all other calls were made to:
https://example.com/api/posts
https://example.com/api/users
And this particular one was making requests to
https://example.com/api/todos/
The slash at the end was making it fail with mixed content issue. I am not sure why this is causing issue and how it isn't an issue on the original site (since there the same ajax call works just fine), but it definitely fixed my issue.
If I figure out what caused the / to fail so miserably, I will post an update.

Temporary redirect during server maintenance (https to http)

I'm coming to you because I'm stuck on the following problem:
I have a website, hosted on a server on which I will be doing messy maintenance stuff (understand I'm not sure what I'm doing so I might crash everything).
I'd like to temporarily redirect all the traffic to a simle page stating the website is undermaintenance and will be back soon.
So this page must be hosted on another server, since mine will be down.
To make matters more complicated, I have an ssl certificate on my whole website, so most of my users have the https adress memorized in their browser (and that's also what's memorized by google).
I've tried hosting the simple page on a free hosting, and also on microsoft azure (because I already have an account for another web-project). However, i've encountered the same problem in both cases: the users coming to the website see big red flags from thei browsers, saying that the connexion isn't private. (ERR_CERT_COMMON_NAME_INVALID)
What would be the proper way to proceed and redirect my users in a smooth way?
Thanks in advance!
Rouli

Umbraco - use HTTPS for some pages

I'm building a site with Umbraco, and there are a couple of pages that need to be visited over HTTPS instead of HTTP (e.g. a login page).
I've seen a couple of macros that get put on the page that needs to use HTTPS, and essentially just check the protocol used and do a Response.Redirect with the correct protocol if necessary. This seems like a terrible way of achieving what seems to be a fairly basic requirement - ideally I'd want Umbraco to render any links to these pages as <a href="https://...", not do a redirect when the user goes to a page.
With these redirecting macros, there's also the possibility of a browser displaying a warning if the user's on an HTTPS page and navigates to a HTTP one. If the links are relative, the user will be redirected from HTTPS to HTTP, and the browser may warn about this.
Is there a way to achieve this without modifying any Umbraco framework code?
There's currently no built-in way to make a few pages in Umbraco return a https url.
The only way I can think of doing this at the moment is just by making sure that you set up your links correctly.
But there's no way of stopping people from entering the insecure link. That is where the redirects come in handy though, it will make sure you don't get to a secure page insecurely.
I would recommend running the whole site in https mode. In the past, performance would have been an objection to running your full site in https mode. However with modern servers, this really shouldn't be a problem any more.