Revoking certification still redirects to https (Drupal)

Hi,

I mistakenly got ssl certificate for a wrong site so I revoked it. But it still redirects me to https. Where can I change this setting? I currently have named virtual hosts and this site is one of them.

Also, I’m not sure which one but either getting the certificate or revoking the certificate, broke my website. CSS is not rendering. Which one cause this issue?

Thanks in advance.

LetsEncrypt doesn’t handle any redirection — your web server and browser does this.

If you open the Network panel of your browser’s developer tools there should be some sort of indication as to what is causing the redirect.

If it is HSTS then you must wait for the record to expire. You can force your browser to de-cache the HSTS record for your website (causing http to automatically redirect to https) but if you have already shared the URL to others then there is no way to force other users to forget to use HTTPS.

The network panel may say it’s a permanent redirection, in which case you need to reset your cache to prevent your browser from redirecting automatically. The above rules on other users apply.

Regardless, what do you mean by “you mistakenly got an SSL cert for a wrong site” — you should try use HTTPS everywhere!

I think the reason why we are not getting certificate for this site is because it breaks the site. It’s a Drupal site and when we use https, CSS doesn’t render. No image, nothing…

The reason for this will be because your Drupal instance is currently configured to use HTTP. That means that all your forms, styles and other assets will be referring to the http version of your website, and not https.

All modern browsers block requests to HTTP assets when on a HTTPS connection. This is for security reasons. Google “content security policy”.

To fix HTTPS you just need to tell Drupal that you’re using https, and not http.

While CSP may be relevant, you'll probably get even better results by searching for "mixed content" :wink:

2 Likes

Rip yes this is what I meant :slight_smile:

1 Like

Ok I struggled to find the solution but ultimately below code in settings.php (Drupal) fixed it.

By the way, I reissued the certificate using certbot:)

Then I tried to fix the issue with Drupal settings.

I first changed the base_url from http to https…didn’t work.
I tried to change apache config…didn’t work.

Finally below solution worked.

Put this under $base_url line (details in the link)

if( $_SERVER['REQUEST_SCHEME'] == "https" )
   $base_url = str_replace( "http://", "https://", $base_url ); 

Well done!

Did you try commenting out base_url?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.