I’ve upgraded a cart to 2.0.15, and I can’t seem to get it to use a secure connection. When I checkout, no HTTPS. When I use the admin, no HTTPS. In the admin, I have all 3 secure options checked. In my config.local.php file, I have my secure domain specified for the https_host setting. I can load the admin through an HTTPS address, but it doesn’t redirect if I load it with the HTTP address.
I cleared the browser cache, CS-Cart’s cache, and every other cache I could think of. I’m at a loss here. Any ideas?
[url]http://www.diningdiscoveries.com/din-admin.php[/url]
[quote name=‘grayloon’]I’ve upgraded a cart to 2.0.15, and I can’t seem to get it to use a secure connection. When I checkout, no HTTPS. When I use the admin, no HTTPS. In the admin, I have all 3 secure options checked. In my config.local.php file, I have my secure domain specified for the https_host setting. I can load the admin through an HTTPS address, but it doesn’t redirect if I load it with the HTTP address.
I cleared the browser cache, CS-Cart’s cache, and every other cache I could think of. I’m at a loss here. Any ideas?
[URL]http://www.diningdiscoveries.com/din-admin.php[/URL][/quote]
Is the SSL certificate issued for ‘www.diningdiscoveries.com’ or ‘diningdiscoveries.com’?
I’m not really sure if it matters if the cert is for diningdiscoveries.com or www.diningdiscoveries.com, I know it doesn’t matter for my cert.
This is the error I see when I try to do https on the site:
www.diningdiscoveries.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for 138973-web1.www.grayloon.com
It looks like the cert you have installed is for grayloon.com and not for diningdiscoveries.com
Of course I am no expert on SSL certs, but maybe this will give you something to go off of.
Brandon
[quote name=‘grayloon’]The SSL is issued for secure.diningdiscoveries.com.[/quote]
Yes, Brandon is right. The SSL certificate is self-signed and if it’s issued for ‘secure.diningdiscoveries.com’ then you can use it for 'diningdiscoveries.com.
The SSL for secure.diningdiscoveries.com was issued by Thawte. You can see info here.
I still can’t figure out why checking the 3 secure boxes in the admin is not causing my site to redirect during checkout or when I access the admin.php page.
[quote name=‘grayloon’]The SSL for secure.diningdiscoveries.com was issued by Thawte. You can see info here.[/quote]
Ok, but you can’t use it for ‘diningdiscoveries.com’.
```php
// Host and directory where software is installed on no-secure server
$config[‘http_host’] = ‘www.diningdiscoveries.com’;
$config[‘http_path’] = ‘’;
// Host and directory where software is installed on secure server
$config[‘https_host’] = ‘secure.diningdiscoveries.com’;
$config[‘https_path’] = ‘’;
```
[quote name=‘grayloon’]```php
// Host and directory where software is installed on no-secure server
$config[‘http_host’] = ‘www.diningdiscoveries.com’;
$config[‘http_path’] = ‘’;
// Host and directory where software is installed on secure server
$config[‘https_host’] = ‘secure.diningdiscoveries.com’;
$config[‘https_path’] = ‘’;
```[/quote]
- there is nothing installed (see the screenshot)
- the cart can work at a ‘http’ or ‘https’, but both
https://www.diningdiscoveries.com is not supposed to work.
https://secure.diningdiscoveries.com is supposed to work.
Which one were you using when you saw that screenshot?
[quote name=‘grayloon’]https://www.diningdiscoveries.com is not supposed to work.
https://secure.diningdiscoveries.com is supposed to work.
Which one were you using when you saw that screenshot?[/quote]
The secure.diningdiscoveries.com. It has been redirected to [url]http://www.diningdiscoveries.com/[/url]
This one [url]https://www.diningdiscoveries.com/[/url] appears as untrusted because it doesn’t have a SSL certificate.
That is correct. I don’t want any traffic to https://www.diningdiscoveries.com, and I don’t think anything is configured to use that address.
But you can’t use for the secure conection another domain or subdomain. You can use only:
// Host and directory where software is installed on no-secure server
$config['http_host'] = 'www.diningdiscoveries.com';
$config['http_path'] = '';
// Host and directory where software is installed on secure server
$config['https_host'] = 'www.diningdiscoveries.com';
$config['https_path'] = '';
or
// Host and directory where software is installed on no-secure server
$config['http_host'] = 'www.diningdiscoveries.com';
$config['http_path'] = '';
// Host and directory where software is installed on secure server
$config['https_host'] = 'diningdiscoveries.com';
$config['https_path'] = '';
I’m successfully using the www/secure combo on 6 installations of CS-Cart, and this is the only one giving me trouble.
Please ensure that you cleared the cache in the admin area and not the customer area for 2.0.15. If in doubt, remove the var/cache directory structure. Each time I’ve encountered problems with SSL redirection it is due to the cache having the old config info…
What’s the best way to clear the var/cache info? Delete the directory or just the files?
In init.php, the code removes the ‘compiled’ and ‘cache’ directories and their contents from the var directory.
I’d just use the command line but ensure that you do this from the admin.php area if running 2.0.15 or greater. I.e. yourstore.com/admin.php?cc Will work fine. There seems to be a rumor running around about needing this to be a dispatch, but it is not true.
Tried clearing the cache and compiled directories via command line, but it still didn’t work.
I copied the CS-Cart directory from one of my working stores and put the config.local.php file, images, and skin from this broken store into it. Then, I visited the storefront, added something to my cart, and clicked the checkout link. The checkout page still did not redirect to the HTTPS domain. I can also hit the admin page using HTTP, and it doesn’t redirect to HTTPS.
I’m baffled. I have a ticket in with CS-Cart support.
Why not just access your site via FTP & then delete all folders & files within the directories /var/compiled as well as /var/cache. Then you know beyond a shadow of a doubt that your cache is cleared and that you are working with freshly compiled files. The new folders / files will start to rebuild immediately as soon as the pages are visited on your site, and you can watch them rebuild while viewing these directories in your FTP program.
I do this everytime that I make any file changes!
You can delete the ‘/var/[COLOR=Red]compiled[/COLOR]/’ and ‘/var/[COLOR=Red]cache[/COLOR]/’ folder as well. They will be created automatically.