Forcing SSL on site
Permalink
I have spent a week now trying different htaccess configurations and seo configurations on my site to get the site to use SSL exclusively. My certificate is installed, and the sites loads HTTPS as long as the originating URL demands it.
When I try to force http to https, however, I get a too-many-redirects error. Every time, no matter how I try to do it. Even the SSL Redirection add-on causes a 500 error.
At this point, must I conclude that my shared-server host is redirecting to another folder when it encounters an https request??
Thanks!
When I try to force http to https, however, I get a too-many-redirects error. Every time, no matter how I try to do it. Even the SSL Redirection add-on causes a 500 error.
At this point, must I conclude that my shared-server host is redirecting to another folder when it encounters an https request??
Thanks!
While I don't know what I'm talking about, I wonder if there could be some nasty interaction between the HTTPS rewrite rules and c5's 'pretty URLs' rules. If you've got the latter turned on, maybe try turning them off (ideally after removing all HTTPS rules), and then try to apply HTTPS.
Yes, thanks for the reply. That was my first theory. Thoroughly debunked at this point, since I've tried the pretty URLs and canonical URLs in all the permutations, including with and without .htaccess directives.
As per legacy advice (5.7, I'm on v.8), I tried redefining the seo rules directly in site.php. I can't remember precisely, but I also worked on several config files with the same results.
Bottom line, when my code has been successful at redirecting traffic, I ALWAYS get a redirect loop.
As per legacy advice (5.7, I'm on v.8), I tried redefining the seo rules directly in site.php. I can't remember precisely, but I also worked on several config files with the same results.
Bottom line, when my code has been successful at redirecting traffic, I ALWAYS get a redirect loop.
If you have more than one SSL forcing method configured, such as .htaccess rewrite/redirect and within php redirect, they could be forming a loop between them. So check you only have one method of SSL forcing configured.
Thanks, yes, I'm making sure to restore the original files after I try config changes. The site either doesn't redirect at all ... or it redirects endlessly.
Any Concrete5 admins out there? Do I need to take this up with my hosting service?
Any Concrete5 admins out there? Do I need to take this up with my hosting service?
Checked with my host, and they can't figure it out, either. Does anyone know of directives in the Concrete5 code that would conflict with a simple redirect in .htaccess?
I'm very interested in this too, since I may have to convert a c5 site from HTTP to HTTPS.
I note that, when installing c5 via Softaculous, you have to choose whether you want an HTTP or HTTPS installation. Does anyone know what difference this makes? Perhaps this could provide clues about how to convert an HTTP c5 site to an HTTPS site after installation.
Of course, I could just do an installation of each kind and compare the files...
I note that, when installing c5 via Softaculous, you have to choose whether you want an HTTP or HTTPS installation. Does anyone know what difference this makes? Perhaps this could provide clues about how to convert an HTTP c5 site to an HTTPS site after installation.
Of course, I could just do an installation of each kind and compare the files...
I set up C5 with a one click install WITHOUT https, then installed the ssl, then added a bit to my htaccess, see below. Then set up the url’s in ’System and Settings’, see image.
My redirect in .htaccess
RewriteCond %{HTTP_HOST} ^www\.thundridge-wadesmill\.co.uk$
RewriteRule ^/?$ "https\:\/\/thundridge-wadesmill\.co.uk\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^77\.72\.1\.2
RewriteRule (.*)https://www.thundridge-wadesmill.co.uk/$1... [R=301,L]
My redirect in .htaccess
RewriteCond %{HTTP_HOST} ^www\.thundridge-wadesmill\.co.uk$
RewriteRule ^/?$ "https\:\/\/thundridge-wadesmill\.co.uk\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^77\.72\.1\.2
RewriteRule (.*)https://www.thundridge-wadesmill.co.uk/$1... [R=301,L]
Thanks! I'm working with it right now ...
Out of curiosity, what are you doing with the *backward* slashes there?
Out of curiosity, what are you doing with the *backward* slashes there?
Have no idea about 'backward' slashes, can't remember. Just googled my needs, tested until I found one that worked for me.
My thanks too, Steevb. With browsers now spitting out scary warnings when logging in to HTTP-only sites, this will become more much more sought-after.
yes, I've noticed this. Sometimes quite inappropriate warnings they are too.
Hi just thought i'd post about my experience with this on version 8.2 of concrete5. Traditional htaccess redirect methods did not work for me, and i'm not sure why. However, the following method did (try at your own risk, it worked for me but it might not work on all versions of concrete5). Also, before doing this method, you might want to make a copy of the current files in your 'generated overides' folder in application > config > generated overides, in case you need to replace them.
Method:
Head to the 'URLs and Redirection' of system and settings in concrete 5 (8.2). Put the https URL of your site in both fields of Canonical URL and Alternative canonical URL (eg put:
) then hit Save.
Next head to /application/config/generated_overrides/concrete.php file and change
Method:
Head to the 'URLs and Redirection' of system and settings in concrete 5 (8.2). Put the https URL of your site in both fields of Canonical URL and Alternative canonical URL (eg put:
https://www.example.com
Next head to /application/config/generated_overrides/concrete.php file and change
'redirect_to_canonical_url' => 0, to 'redirect_to_canonical_url' => true,