Certificates installed by Host- Passes test- no padlock?


#1

To the experts here: First, I apologize for being so “wordy”, but I figure the more info I can provide the better.
I am not an expert and on my own struggling with this,I finally turned here for help. I am hoping that perhaps someone can offer guidance and advice.
I would really appreciate it. So, therefore, I speak with a lot of ignorance of SSL and TLS, Shells, etc.

I asked my host (Hawk Host) to set me up with SSL and they suggested the Let’s Encrypt and they installed it for me. I can go to my cPanel at the SSL management icon and I can see all the URL’s listed has a padlock. I also see these three sets of items:

  1. Certificate: (CRT)
  2. Private Key (KEY)
  3. Certificate Authority Bundle: (CABUNDLE)
    and also listed are the padlocked URLs
    cpanel.shipsofscale.com
    mail.shipsofscale.com
    shipsofscale.com
    webdisk.shipsofscale.com
    webmail.shipsofscale.com
    www.shipsofscale.com
    (even though sadly, I do not understand all of this at this time)

The support at Hawk Host ran whynopadlock for me and sent me the results. It had a huge list of items that needed attention and as I read the error, I figured out intuitively that all the links that were embedded all through-out my site had http://shipsofscale/
and I realized that perhaps, I needed to change ALL of those http into https - - and I did.

I ran the whynopadlock again and it all was clear no errors. I attached what I think is a link to the results page.

https://www.whynopadlock.com/results/e35d4387-a8f9-45da-a81a-f1c40afe8229

Now, after this, I come here to find out, what am I doing wrong ?
First, I have an assumption.
I assume that if I enter shipsofscale.com in the address bar, that my site will come up with the green padlock and the URL will change over to https://shipsofscale.com but it does not. On all browsers such as FF, Opera, MSIE, they all show that this site is unsecured.

So, in my logic, I am thinking that somehow there needs to be a redirect or some type of instruction set that will tell the browser to change to the secured https version.

The whynopadlock suggested adding a few lines of code into the .htaccess page and I tried that with no success, but, that was before I cleaned up my site pages. I used cPanel using the MultiPHP INI Editor. However, since my site has cleaned up according to whynopadlock, I have not tried to enter that code again.
I am wondering if I should try that code again since I do not have any errors, but I would like to see what is suggested here first.

This is what was recommended by WNP
RewriteCond %{HTTP_HOST} shipsofscale.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://shipsofscale.com/$1 [R,L]

My domain is:http://www.shipsofscale.com

I ran this command:

It produced this output:

My web server is (include version): LiteSpeed

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: Hawk Host

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know, but I have cPanel and it has SSH access, but I do not know how to use it nor set it up.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, cPanel

thank you kindly
D. Driskell
Ships of Scale


#2

So, in summary, you want to redirect the insecure version of your website to the HTTPS variant.

That .htaccess change actually looks suitable for what you need. I am surprised to hear it did not work.

Could you post your full, current .htaccess file?


#3

; cPanel-generated php ini directives, do not edit
; Manual editing of this file may result in unexpected behavior.
; To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
; For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)

asp_tags = Off
display_errors = Off
max_execution_time = 30
max_input_time = 60
max_input_vars = 1000
memory_limit = 128M
post_max_size = 14M
session.gc_maxlifetime = 1440
session.save_path = "/var/cpanel/php/sessions/ea-php56"
upload_max_filesize = 12M
zlib.output_compression = Off


#4

That is not your .htaccess file.

Your .htaccess file is an actual file that exists in the same directory as your website. For example, the same directory as index.php.

You need to put the redirect rule at the top of that file.


#5

Ok, I had a funny feeling about that file, so I FTP to my root dir and downloaded the .htaccess and opened it and it looks somewhat similar as below:

BEGIN cPanel-generated php ini directives, do not edit

Manual editing of this file may result in unexpected behavior.

To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)

For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)

php_flag asp_tags Off
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 128M
php_value post_max_size 14M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php56"
php_value upload_max_filesize 12M
php_flag zlib.output_compression Off

END cPanel-generated php ini directives, do not edit

So, I added the code from WNP at the beginning and finally I had a green padlock when I just enter
shipsofscale.com - the address bar shifts immediately to show the green padlock !
thank you very much !

RewriteCond %{HTTP_HOST} shipsofscale.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://shipsofscale.com/$1 [R,L]

:thinking:However, I have just one small detail left and I run a forum in this root as well and it is
shipsofscale.com/sosforums (it is showing non-secure).

So, it seems logical I need to add another statement and I am wondering if that “path” also needs to have a rule on it as well:


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.