Certbot SSL installed but not working


#1

Hello There,

I have just installed the certbot ssl on our linode VPS server, i logged into our server via ssh & followed the instructions on your website on how to configure the ssl certificate and i was able to do it successfully as you can see in the screenshot below

i’ve also tested my configuration at ssllabs website & the test came back positive. my issue is that wen i load the url https://bestmobileltd.com. i don’t see the padlock icon on the top-left that one usually see to indicate that the site is secure. you can see it in the screenshot below.

if you could pls assist me with this issue, i will very much appreciate it

Thank You


#2

You have a redirect on your website that is sending people back to the insecure version of the site.

$ curl -i https://www.bestmobileltd.com/
HTTP/1.1 302 Found
Date: Fri, 12 Jan 2018 11:35:18 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.20
Location: http://www.bestmobileltd.com/

Check your .htaccess file for any rewrite rules that may be doing this.


#3

It looks like some PHP application is sending the redirect, not the Apache configuration itself.


#4

i tried modifying the .htaccess file to redirect to https://www.bestmobileltd.com but it didn’t work, nothing happened. here’s the screenshot of my .htaccess file with the edits that i made. have a look and see if there’s anything else that i can do to make it work. also keep in mind this file is located in the root of the website which is a magento website

############################################

uncomment these lines for CGI mode

make sure to specify the correct cgi php binary file name

it might be /cgi-bin/php-cgi

Action php5-cgi /cgi-bin/php5-cgi

AddHandler php5-cgi .php

############################################

GoDaddy specific options

Options -MultiViews

you might also need to add this line to php.ini

cgi.fix_pathinfo = 1

if it still doesn’t work, rename php.ini to php5.ini

############################################

this line is specific for 1and1 hosting

#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php

############################################

default index file

DirectoryIndex index.php

############################################

adjust memory limit

php_value memory_limit 64M

php_value memory_limit 256M
php_value max_execution_time 18000

############################################

disable magic quotes for php request vars

php_flag magic_quotes_gpc off

############################################

disable automatic session start

before autoload was initialized

php_flag session.auto_start off

############################################

enable resulting html compression

#php_flag zlib.output_compression on

###########################################

disable user agent verification to not break multiple image upload

php_flag suhosin.session.cryptua off

###########################################

turn off compatibility with PHP4 when dealing with objects

php_flag zend.ze1_compatibility_mode Off

########################################### # disable POST processing to not break multiple image upload

SecFilterEngine Off
SecFilterScanPOST Off

############################################

enable apache served files compression

http://developer.yahoo.com/performance/rules.html#gzip

Insert filter on all content

###SetOutputFilter DEFLATE

Insert filter on selected content types only

#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript

Netscape 4.x has some problems…

#BrowserMatch ^Mozilla/4 gzip-only-text/html

Netscape 4.06-4.08 have some more problems

#BrowserMatch ^Mozilla/4.0[678] no-gzip

MSIE masquerades as Netscape, but it is fine

#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

Don’t compress images

#SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary

Make sure proxies don’t deliver the wrong content

#Header append Vary User-Agent env=!dont-vary

############################################

make HTTPS env vars available for CGI mode

SSLOptions StdEnvVars

############################################

enable rewrites

RewriteCond %{HTTP_HOST} ^bestmobileltd.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.bestmobileltd.com/$1 [R,L]

############################################

you can put here your magento root folder

path relative to web root

#RewriteBase /magento/

############################################

uncomment next line to enable light API calls processing

RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]

############################################

rewrite API2 calls to api.php (by now it is REST only)

RewriteRule ^api/rest api.php?type=rest [QSA,L]

############################################

workaround for HTTP authorization

in CGI environment

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################

TRACE and TRACK HTTP methods disabled to prevent XSS attacks

RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]

############################################

redirect for mobile user agents

#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.$
#RewriteCond %{HTTP_USER_AGENT} “android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile” [NC]
#RewriteRule ^(.
)$ /mobiledirectoryhere/ [L,R=302]

############################################

always send 404 on missing files in these folders

RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################

never rewrite for existing files, directories and links

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

############################################

rewrite everything else to index.php

RewriteRule .* index.php [L]

############################################

Prevent character encoding issues from server overrides

If you still have problems, use the second line instead

AddDefaultCharset Off
#AddDefaultCharset UTF-8

############################################

Add default Expires header

http://developer.yahoo.com/performance/rules.html#expires

ExpiresDefault “access plus 1 year”

############################################

By default allow all access

Order allow,deny
Allow from all

###########################################

Deny access to release notes to prevent disclosure of the installed Magento version

order allow,deny deny from all

############################################

If running in cluster environment, uncomment this

http://developer.yahoo.com/performance/rules.html#etags

#FileETag none

###########################################

Deny access to cron.php

############################################

uncomment next lines to enable cron access with base HTTP authorization

http://httpd.apache.org/docs/2.2/howto/auth.html

Warning: .htpasswd file should be placed somewhere not accessible from the web.

This is so that folks cannot download the password file.

For example, if your documents are served out of /usr/local/apache/htdocs

you might want to put the password file(s) in /usr/local/apache/.

#AuthName "Cron auth"
#AuthUserFile ../.htpasswd
#AuthType basic
#Require valid-user

############################################

Order allow,deny
Deny from all

#5

Based on that it looks like you are using Magento, perhaps it is a Magento-specific setting. The following page lists a number of settings you may need to look at:


#6

ok, so i’ve click the link & gone through the steps in the tutorial & its kinda working, the backend of the magento website is working fine, its showing me the secure icon at the top left of the browser but when i browse to the frontend of the site the secure icon shows up for a microsecond then dissapears & then it goes back to say the site is unsecure, not sure if this is a redirect issue or what, let show what my .htaccess file looks like. pls have a look and let me know what i can do to let the secure icon show permanently on the frontend of the site. when i browse to www.bestmobileltd.com it redirects to https://www.bestmobileltd.com but it jus doesn’t give me the secure icon at the top left of the browser window.

 ############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi

#    Action php5-cgi /cgi-bin/php5-cgi
#    AddHandler php5-cgi .php

############################################
## GoDaddy specific options

#   Options -MultiViews

## you might also need to add this line to php.ini
##     cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php5.ini

############################################
## this line is specific for 1and1 hosting

    #AddType x-mapp-php5 .php
    #AddHandler x-mapp-php5 .php

############################################
## default index file

    DirectoryIndex index.php

<IfModule mod_php5.c>

############################################
## adjust memory limit

#    php_value memory_limit 64M
    php_value memory_limit 256M
    php_value max_execution_time 18000

############################################
## disable magic quotes for php request vars

    php_flag magic_quotes_gpc off

############################################
## disable automatic session start
## before autoload was initialized

    php_flag session.auto_start off

############################################
## enable resulting html compression

    #php_flag zlib.output_compression on

###########################################
# disable user agent verification to not break multiple image upload

    php_flag suhosin.session.cryptua off

###########################################
# turn off compatibility with PHP4 when dealing with objects

    php_flag zend.ze1_compatibility_mode Off

</IfModule>

<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload

    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

<IfModule mod_deflate.c>

############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip

    # Insert filter on all content
    ###SetOutputFilter DEFLATE
    # Insert filter on selected content types only
    #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript

    # Netscape 4.x has some problems...
    #BrowserMatch ^Mozilla/4 gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    #BrowserMatch ^Mozilla/4\.0[678] no-gzip

    # MSIE masquerades as Netscape, but it is fine
    #BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # Don't compress images
    #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

    # Make sure proxies don't deliver the wrong content
    #Header append Vary User-Agent env=!dont-vary

</IfModule>

<IfModule mod_ssl.c>

############################################
## make HTTPS env vars available for CGI mode

    SSLOptions StdEnvVars

</IfModule>

<IfModule mod_rewrite.c>

############################################
## enable rewrites

    Options +FollowSymLinks
    RewriteEngine on

############################################
## you can put here your magento root folder
## path relative to web root

    #RewriteBase /magento/

############################################
## uncomment next line to enable light API calls processing

#    RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]

############################################
## rewrite API2 calls to api.php (by now it is REST only)

    RewriteRule ^api/rest api.php?type=rest [QSA,L]

############################################
## workaround for HTTP authorization
## in CGI environment

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks

    RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    RewriteRule .* - [L,R=405]

############################################
## redirect for mobile user agents

    #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
    #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
    #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]

############################################
## always send 404 on missing files in these folders

    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################
## never rewrite for existing files, directories and links

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

    RewriteRule .* index.php [L]

</IfModule>


############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead

    AddDefaultCharset Off
    #AddDefaultCharset UTF-8

<IfModule mod_expires.c>

############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires

    ExpiresDefault "access plus 1 year"

</IfModule>

############################################
## By default allow all access

    Order allow,deny
    Allow from all

###########################################
## Deny access to release notes to prevent disclosure of the installed Magento version

    <Files RELEASE_NOTES.txt>
        order allow,deny
        deny from all
    </Files>

############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags

    #FileETag none

###########################################
## Deny access to cron.php
    <Files cron.php>

############################################
## uncomment next lines to enable cron access with base HTTP authorization
## http://httpd.apache.org/docs/2.2/howto/auth.html
##
## Warning: .htpasswd file should be placed somewhere not accessible from the web.
## This is so that folks cannot download the password file.
## For example, if your documents are served out of /usr/local/apache/htdocs
## you might want to put the password file(s) in /usr/local/apache/.

        #AuthName "Cron auth"
        #AuthUserFile ../.htpasswd
        #AuthType basic
        #Require valid-user

############################################

        Order allow,deny
        Deny from all

    </Files>

#7

The http version of your website is hardcoded into a few images in your frontend skin and some Magento CMS pages.

whynopadlock.com will list all the links that are causing your padlock to disappear. You must fix all these to use https or relative URLs.


#8

I changed the hardcoded images to use https but it still didn’t working, then i realised the were some other hardcoded images in the themes css files so i modified them & the ssl now works & i get the padlock sign show.

but this now presents me with a new problem, the magento has become very slow since ssl was enabled on the site. if you coud pls suggest something that i can do to make the site go faster i would very much appreciate it

Thanks


#9

I’ve been encountering the same issue with my site. Regardless of installing the SSL properly (using Dreamhost installer) it keeps on showing “Your connection is not private”. Even my nameserver is properly configured to of Dreamhost’s but still it is showing. How do I fix it??

Update: Later I figured out it was just domain propagation which was taking time. After 24 hours everything is normal again :slight_smile:

Garry Joshi
https://showbox.onl/ https://getmobdro.com/ https://dltutuapp.com/


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.