Cannot enable SSL

I spoke to my hosting provider tech support (1and1) and after 2 hours of checks and waiting on the phone they told me that there is a conflict in the .htaccess file



1adn1 provided a code after purchasing the dedicated SSL certificate to input into the .htaccess file to redirect traffic to SSL secured site which is the following:



RewriteEngine On

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://www.mydomainname.com/$1 [R]



However 1and1 tech said that since there is another RewriteCond in the existing .htaccess file it creates a conflict and that is why I am experiencing issues and I cannot enable the SSL on my cart.



When I try to access the domain name where my cs-cart is installed, I can see the web no problem if I set no https_path set in the config.local.php file



Instead when I set the full path to my secure directory (which in my case is the root of my domain) my browser redirects me to the following address

[url]https://mydomainame.com/homepages/5/d18148007/htdocs/index.php[/url]



where /homepages/5/d18148007/htdocs/ is the https_path set in the config.local.php and consequently I get 401 error Page Not Found…

I believe it should redirect me to https://www.mydomainname.com :confused:



Anyone on 1and1 ever solved it?

Can someone help me solve this?

Their rewrite is trying to make your whole site ssl. Suggest you NOT do that and let the cart handle switching to SSL per the selections in Admininstration/Security settings.

[QUOTE]RewriteEngine On

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://www.mydomainname.com/$1 [R][/QUOTE]

This won’t work. The server is not right configured to handle http and https within one public folder.

[quote name=‘indy0077’]This won’t work. The server is not right configured to handle http and https within one public folder.[/QUOTE]



Yes, it does not work. How do I make it work? How would I have just the cart handle the switch like suggested?



I actually cannot enable the SSL in my admin panel because I keep getting that warning message about the certificate…

I verified and my certificate result active for my domain name

can someone help me to work this?

Not familiar with 1and1 but on a typical server your certs should be in a folder (/home/user/ssl/) and there should not be anything added to htaccess.

It’s something you’ll have to address with your hosting provider. As Tool said, the certificate needs to be in a place where the webserver can serve it up if needed. It’s ignored unless a secure port is used for access. If you’re running apache, take a look at the http.conf file and see where it things the ssl certificate should be loaded. There will be 2 entries, 1 for the cert (usually ssl.cert) and one for the key (usually ssl.key). On my servers they are in the user (owner of the website) home directory (/home/). This is also the directory where public_html or www is located.



Good luck, work it out with your host.

[quote name=‘tbirnseth’]It’s something you’ll have to address with your hosting provider. As Tool said, the certificate needs to be in a place where the webserver can serve it up if needed. It’s ignored unless a secure port is used for access. If you’re running apache, take a look at the http.conf file and see where it things the ssl certificate should be loaded. There will be 2 entries, 1 for the cert (usually ssl.cert) and one for the key (usually ssl.key). On my servers they are in the user (owner of the website) home directory (/home/). This is also the directory where public_html or www is located.



Good luck, work it out with your host.[/QUOTE]



Ok I am at a dead stop now. 1AND1 tech said that of course on their side everything is fine and that the ssl certificate is correctly installed. Since I am using a third party application it is no longer part of their support. Great! I was on the phone with them for probably 4 hours…no kidding…



I mentioned them about the ssl.cert and the ssl.key but they did not say anything about it. No mention of where these entries are on the server or any path to reach them. Plus this is my first experience with a ssl certificate



When I type my domain name, it automatically switches to https in the address…

does it mean that the whole website is secure and I can still run the store? Or I need to solve the issue of enabling SSL in the admin first?



What would you recommend?

I am also waiting to hear from the cs-cart help desk but I guess that will only happen probably on Monday…

Please advise…

My opinion is that they have done more than install the ssl certificate and key. They are forcing all accesses to your site to be ssl which is wrong in this case.



Tell them you want the certificate installed but do not want rewrite rules in place to force the whole site to be ssl. Ask them where they installed the certificate and key and tell them you only want this “available” to apache and that the application will correctly handle the rest.

[quote name=‘tbirnseth’]My opinion is that they have done more than install the ssl certificate and key. They are forcing all accesses to your site to be ssl which is wrong in this case.



Tell them you want the certificate installed but do not want rewrite rules in place to force the whole site to be ssl. Ask them where they installed the certificate and key and tell them you only want this “available” to apache and that the application will correctly handle the rest.[/QUOTE]



Just got off the phone with 1and1 tech they said they cannot provide the certificate location and key and that the only option I have is to create a subdomain and point that certificate to the subdomain, but that only after 30 days from the purchase of the certificate…

i cannot wait 30 days to switch the certificate and start dealing with the rest of the store

Think I am going to switch hosting…

Also can we officially say it: cs-cart users do not use 1and1 shared hosting…their SSL certificate will not work with cs-cart

Sounds like a shared cert.?

[quote name=‘The Tool’]Sounds like a shared cert.?[/quote]



Sounds like bullshit, 1&1 are NOT good for CS.

Sorry to hear that you’ve dug yourself a hole there cherubrock74 but you need to move if you want to grow your business.

[quote name=‘JesseLeeStringer’]Sounds like bullshit, 1&1 are NOT good for CS.

Sorry to hear that you’ve dug yourself a hole there cherubrock74 but you need to move if you want to grow your business.[/QUOTE]

Grow my business? You mean start my business! I cannot even setup the ssl for the cart…

I am curious to hear back from the official help desk…

I mean is it possible that there is no work around this?

You have already wasted at least an entire day with this bubblegum grade host!



You truly do need to immediately find a business level hosting provider if you ever want to focus on your business! :wink:



PS: Read thru a few forum posts to find better user recommendations!

[quote name=‘JesseLeeStringer’]Sounds like bullshit, 1&1 are NOT good for CS…[/quote]

1&1 is good for ‘kids’ but not for business…

[quote name=‘Struck’]No offense to CS Staff, however, don’t use any of the "Recommended Hosting Providers, read thru a few forum posts to find better user recommendations!)[/quote]

It’s wrong!!! what do you say.


  • eUKhost
  • Martfox
  • VPS.NET



    are one of the best providers regardig price/service value.



    Did you personally tried one of them??? If yes, then write a review of them, if not, then don’t say ‘DON’T USE ANY’…



    Bye

Can I ask my stupid question again here? If my whole site is https aren’t the transactions secure anyway? I mean can I still run the store with the current settings or I need to solve the issue of enabling ssl in the admin of cs-cart?

[quote name=‘cherubrock74’]Can I ask my stupid question again here? If my whole site is https aren’t the transactions secure anyway? I mean can I still run the store with the current settings or I need to solve the issue of enabling ssl in the admin of cs-cart?[/QUOTE]



In that case you can operate your site without worry, it is just that your site will perform a bit slower until you get this issue resolved.



In otherwords, better that you can only run in https mode rather than only in http.

[QUOTE]It’s wrong!!! what do you say.


  • eUKhost
  • Martfox
  • VPS.NET



    are one of the best providers regardig price/service value.



    Did you personally tried one of them??? If yes, then write a review of them, if not, then don’t say ‘DON’T USE ANY’…



    Bye[/QUOTE]



    Sorry Indy, relax! :wink:



    My apologies, I hadn’t looked in the “Recommended Hosting” list for quite some time & did not even realize you were listed there!



    Didn’t mean to get you all upset or anything.



    So, yes, several users do indeed seem to be pleased with Martfox (& Indy) if you desire a host in their service areas! (And she does tend to be quite supportive here in the forums) :smiley:



    Otherwise, I still suggest reading the forums to find other highly recommended hosting options.

[quote name=‘Struck’]In that case you can operate your site without worry, it is just that your site will perform a bit slower until you get this issue resolved.



In otherwords, better that you can only run in https mode rather than only in http.[/QUOTE]



Ok yes it will be slower, but still protected as far as credit card transactions?

At least temporarely to start my store and keep working towards solving my issue…

[QUOTE]Ok yes it will be slower, but still protected as far as credit card transactions? [/QUOTE]



Yes, that was my point exactly. :wink: