We just switched hosts to one that offers SSL so now we have the certificate and the site is secure. www.auroraprint.ca The problem is once we switched everything to https, a few things no longer work properly. When I switch all instances back to http then it functions properly. At the moment, our web host was able to roll the files back to before we switched it all over, so everything is working but unsecure using http. When it was https, so far I had noticed:
Our upload page uses Dispatch Server and most files I try sending do not work. It gives the error “could not move file”. www.auroraprint.ca/upload
At the bottom of each page there is a Customer Login button. It uses Lockdown. When using https, clicking that link just goes to a blank page.
I found that if I type in a URL such as auroraprint.ca/upload it would result in the error "could not load the page auroraprint.ca:443/upload - where is the :443 coming from? If I type it in as https://auroraprint.ca/upload then it loads the proper page.
Any thoughts on how to get it to work as a secure site?
First thing, you have mixed “active” content on the homepage and probably other pages.
You can’t have anything on a secure page that isn’t secure.
On the homepage you have a JavaScript that’s http not https.
http://connect.facebook.net/en_US/all.js
Run each page of your site through why no padlock and fix the mixed content.
As for the dispatch server and lockdown issues have you had a look at the console on your browser? I’m on an iPad right now so can’t check but when stuff doesn’t work it’s a good starting point.
Thank for the suggestions, I’ll try out that padlock link. I don’t know if the Facebook link was a problem because the entire site was checked with a find and replace to change all http to https.
Find and replace won’t the HTML wouldn’t find the facebook problem. It inside of jQuery call. You don’t need to even use Why no Padlock, just look at the console.
I see that error. I never could get lockdown to work. But it seems the login pop-up must be http not https. You could try to contact YourHead support, but I think lockdown is going away. I would suggest you look at sometihng like pagesafe to replace it.
That’s not happening now because you removed the redirects from http to https. That would probably indicate the .htaccess rules are not working properly. Without seeing them here it’s going to be hard to debug.
Thanks I appreciate it! So what happened is our new web host migrated everything for us and he did the htaccess and a find and replace for http to https. Only a week later did I discover the problems and we actually lost a print job because a file the customer sent never actually got delivered (long story). Our new web host determined the problems were because of the switch to https so he reverted the files back without modification, so right now they are unaltered from before the migration and still http. When I get back to the office on Monday I will work through all these tips!
When I run it through Why No Padlock, I get this error:
The Mixed content tests failed. Please be sure that you can connect to your site over SSL and try again. Error Returned: Navigation Timeout Exceeded: 30000ms exceeded
I also noticed today that the Facebook Like buttons don’t show up under each location when in HTTPS too. I guess that stack is out of date. I found online that there’s an update to the stack to work with https but the download link on the website doesn’t work.
Something is messed up with the redirects.
If I enter: https://auroraprint.ca/securetest
It tries to redirect to: http://auroraprint.ca:443/securetest/
Are you using htaccess rules to redirect?
Could you post them here?
Just make sure when you post something like that that you mark it as code.
Select the lines and then hit the </> right above where you type.
This htaccess will redirect all Non-https pages to https. It doesn’t require any changes.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
As for the facebook stack problem, don’t know about that stack. There are other stacks that do facebook stuff. You can also just generate the code yourself. https://developers.facebook.com/docs/plugins/like-button/
Just plug-in the URL to the site (https) and follow the instructions.
Oops, I forgot to add the .htaccess file. I used your code and put it there now.
I tried that Facebook code and it didn’t seem to work - OH I think it’s because I misunderstood the instructions and put the code in the Javascript tab when it should be in Body.
UPDATE > now that I added the htaccess file, the secure test won’t load at all
I put that htaccess file in the directory for the secure test. So my main site auroraprint.ca is all http and in a subfolder called securetest I uploaded the site with everything https and that htaccess file. Maybe this is a no-no? I see now there’s also a htaccess file in the root directory. I removed the one in the securetest folder and kept the one in the root.
UPDATE > the site just gives and error no matter where I put that htaccess file so I removed it completely.
Should work now if you clear the browsers cache. 301 redirects are cacheable.
You can try and put the htaccess file I gave you above in the securetest directory if you want. Not sure why you are doing that?
If you are trying to look for mixed content, you can use the Why No Padlock site on each page and just ignore the Force HTTPS error.
Right now with no htaccess file you still should be able to get to every single page on the site with https. Just change the front from http: to https: in the address bar.
Once you are satisfied that all works then add the htaccess stuff from above.
The code the hosting company gave you is intended to do the same thing. The code I gave above I know works without a problem.
You can try and put the htaccess file I gave you above in the securetest directory if you want. Not sure why you are doing that?
I was attempting to keep the main site still working while testing in a separate directory. Not sure if that’s a good or bad thing. I’ll try the No Padlock test now.
I’m still waiting to hear back from YourHead (Lockdown) and Joe Workman (Dispatch).
I tried the test again on the main site, Upload, Customer Login and About pages. All of them give the same error:
The Mixed content tests failed. Please be sure that you can connect to your site over SSL and try again.
Error Returned: Navigation Timeout Exceeded: 30000ms exceeded
Hi, looks like you’re testing the main site which I have not updated to https. It’s in https://auroraprint.ca/securetest that I updated it including the Facebook link. That’s the least of my worries though. I need the Lockdown and Dispatch functions to work.
UPDATE > I wonder if that file is a remnant of the old stack, because I removed that stack and used https code directly from Facebook.
UPDATE 2 > yes that was it. I deleted the “files” folder then reuploaded that main page from Rapidweaver. The test passes for the main page now. It also passes for Customer Login. But it gives that same error for the Upload page.
Not sure why you are still trying the https://auroraprint.ca/securetest page. It’s the same site, just a subpage. It’s using the same SSL Certificate. As I said before, 301’s have no expiry date, so it can be cached. https works fine on the regular pages, so you should be able to do all the testing. you want.
As for lockdown, Isaiah has been sick as of late, and he has a bunch of other stuff on his plate. It might be a bit before he gets back to you.
I just tried your main site again and it’s broken.
