Cannot sign-in with shared SSL and 1and1

[rayw1679]

Kobra, thank you for your response. It has nothing to do with $$$. It has to do with (a) a limited number of IP addresses and 1and1’s restrictions on the number of SSL’s (I have 4 stores), (b) my lack of understanding of the ramifications of the change, and (c) the fact I’d have to maintain a test domain with an SSL (which may not be a bad idea). Since I’ve been working under the deadline of 1and1’s PHP upgrade, my concern is to get the stores up and running and checked out. I intend to pursue the SSL option in the future, but I don’t want to muddy the water right now. (I’m running on the newer version of PHP, but want to get the bugs out and test everything before starting another project. My next project will be to install the HTML editor that is missing from 1.5.1.) Zencart clearly says it supports shared SSL and gives examples of how to set it up; apparently, I’m missing something.

DrByte, thank you, and I apologize for the confusion. I was going to post this in a new thread, but since it relates to the solution by lat9 for the cookie problem, I thought it would be more appropriate in the same thread.

I can sign-on, and, after the change you told me to make, I can now see the images. In the “Who’s Online” section, I can click on ascending/descending links. But I can’t click on the page the person is viewing. That’s not overly important, except that it indicates a problem that could manifest itself elsewhere that I haven’t found. (I tried my 1.3.8 config, changing the domain name and database info. It allowed me to sign-in, but when I clicked to go anywhere, it returned me to the sign-in screen. I switched back to 5.2 and I went to one screen and then it signed me off on the next click. I signed in again and went to the “Who’s Online” and it had the same error. Prior to the upgrade (1.3.8, PHP 5.2), I used that feature to determine when it was okay to turn off the store for maintenance.) I’m sure I made a mistake; I’d just appreciate help in determining what I did wrong, as I’m afraid I’ll find another problem in the future.

The link admin provides is https://ssl.perfora.net/pannys.net/s...Path=23&zenid=..., which is missing the “rdswebs.net” between “ssl.perfora.net” and “pannys.net”. I’m sure it’s something stupid I’m doing, but I have read the tutorial on the admin configure file many times and I can’t figure it out. I made the following changes to the original code lat9 was kind enough to provide. I included the commented-out lines so you can see the older version vs. the newer version. Although I made changes, I can’t see any difference in the operation of the store between the two.

// define('HTTP_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('HTTP_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');
define('HTTP_CATALOG_SERVER', 'http://rdswebs.net/pannys.net');
define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
$t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

// define('DIR_WS_ADMIN', '/pannys.net/store/admin…/');
define('DIR_WS_ADMIN', '/store/admin…/');
define('DIR_WS_CATALOG', '/store/');
// define('DIR_WS_HTTPS_ADMIN', '/pannys.net/store/admin…/');
define('DIR_WS_HTTPS_ADMIN', '/store/admin…/');
define('DIR_WS_HTTPS_CATALOG', '/store/');

Thank you again for your kind assistance.

[DrByte]

So this is just a "when I click to follow the whos-online link it doesn't work" problem?
What's the URL that it takes you to when you do click on it? Analyzing what's wrong with that URL will give clues about what to fix in the configure.php file. Chances are your HTTP_CATALOG_SERVER isn't the same as your non-admin configure.php file's setting for HTTP_SERVER (but it should be the same).

In Zen Cart code when the word "Catalog" is used it often refers to the "storefront". Hence, the references to CATALOG in your admin configure.php file are actually expecting to be the SAME AS the corresponding settings in your non-admin configure.php (but in many cases with the word catalog removed).

HTTP_CATALOG_SERVER should be the same as HTTP_SERVER in your /includes/configure.php
HTTPS_CATALOG_SERVER should be the same as HTTPS_SERVER in your /includes/configure.php
DIR_WS_CATALOG should be the same as DIR_WS_CATALOG in your /includes/configure.php
DIR_WS_HTTPS_CATALOG should be the same as DIR_WS_HTTPS_CATALOG in your /includes/configure.php
ENABLE_SSL_CATALOG should be the same as ENABLE_SSL in your /includes/configure.php

[rayw1679]

The URL is: https://ssl.perfora.net/pannys.net/s...index&cPath=23
It gives me a proxy error. If I insert “/rdswebs.net” into it, e.g., https://ssl.perfora.net/rdswebs.net/...index&cPath=23, it works fine.

Admin:
define('HTTP_CATALOG_SERVER', 'http://rdswebs.net/pannys.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');
define('DIR_WS_CATALOG', '/store/');
define('DIR_WS_HTTPS_ADMIN', '/store/adminaw/');
define('ENABLE_SSL_CATALOG', 'true');
Non-Admin:
define('HTTP_SERVER', 'http://rdswebs.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('DIR_WS_CATALOG', '/pannys.net/store/');
define('DIR_WS_HTTPS_CATALOG', '/pannys.net/store/');
define('ENABLE_SSL', 'true');

Obviously, I have errors. I just don’t know enough to know where they are. I have tried many variations of the configure.php file to make it work, but the changes have been to the admin one. I didn’t realize the non-admin would be related.

Yes, the only thing I’ve noticed is the “Who’s Online” doesn’t work properly, and that’s certainly not major. I just figured if I had an error on that, I could have something else pop-up later on, and I’m really trying to do it right this time. I’d like to eventually go to dedicated SSL’s, but I think each domain has to have a separate IP address, and we’re only allowed one per server.

Thanks for your help. I’m sorry I didn’t communicate well – my wife tells me that often. If you easily notice what I’m doing wrong, I’d appreciate a response. If not, I’ll either play with it some more or live with it. I’m afraid I’ll introduce more errors if I keep playing.

[DrByte]

Admin:
define('HTTP_CATALOG_SERVER', 'http://rdswebs.net/pannys.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');
define('DIR_WS_CATALOG', '/store/');
define('DIR_WS_HTTPS_ADMIN', '/store/adminaw/');
define('ENABLE_SSL_CATALOG', 'true');
Non-Admin:
define('HTTP_SERVER', 'http://rdswebs.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('DIR_WS_CATALOG', '/pannys.net/store/');
define('DIR_WS_HTTPS_CATALOG', '/pannys.net/store/');
define('ENABLE_SSL', 'true');

Try these:
Admin:
define('HTTP_CATALOG_SERVER', 'http://rdswebs.net');
define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('DIR_WS_CATALOG', '/pannys.net/store/');
define('DIR_WS_HTTPS_CATALOG', '/pannys.net/store/');

[lat9]

... The link admin provides is https://ssl.perfora.net/pannys.net/s...Path=23&zenid=..., which is missing the “rdswebs.net” between “ssl.perfora.net” and “pannys.net”. I’m sure it’s something stupid I’m doing, but I have read the tutorial on the admin configure file many times and I can’t figure it out. I made the following changes to the original code lat9 was kind enough to provide. I included the commented-out lines so you can see the older version vs. the newer version. Although I made changes, I can’t see any difference in the operation of the store between the two.

// define('HTTP_SERVER', 'https://ssl.perfora.net/rdswebs.net');
define('HTTP_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');
define('HTTPS_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');
define('HTTP_CATALOG_SERVER', 'http://rdswebs.net/pannys.net');
define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'true');

// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
$t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

// define('DIR_WS_ADMIN', '/pannys.net/store/admin…/');
define('DIR_WS_ADMIN', '/store/admin…/');
define('DIR_WS_CATALOG', '/store/');
// define('DIR_WS_HTTPS_ADMIN', '/pannys.net/store/admin…/');
define('DIR_WS_HTTPS_ADMIN', '/store/admin…/');
define('DIR_WS_HTTPS_CATALOG', '/store/');

Thank you again for your kind assistance.

Ray, to mimic my working copy of /admin/includes/configure.php try using:

Code:

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'https://ssl.perfora.net');
  define('HTTPS_SERVER', 'https://ssl.perfora.net');
  define('HTTP_CATALOG_SERVER', 'http://rdswebs.net/pannys.net');
  define('HTTPS_CATALOG_SERVER', 'https://ssl.perfora.net/rdswebs.net/pannys.net');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'true');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'true');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
  // these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
  $t1 = parse_url(HTTP_SERVER);$p1 = $t1['path'];$t2 = parse_url(HTTPS_SERVER);$p2 = $t2['path'];

  define('DIR_WS_ADMIN', '/rdswebs.net/pannys.net/store/admin/');
  define('DIR_WS_CATALOG', '/store/');
  define('DIR_WS_HTTPS_ADMIN', '/rdswebs.net/pannys.net/store/admin/');
  define('DIR_WS_HTTPS_CATALOG', '/store/');

[rayw1679]

DrByte and lat9, you have no idea how much appreciate your patience and help.

I tried both configs. Both seemed to work fine with everything except Who’s Online (again, it’s not a big deal if there’s not another problem this can cause).

With Dr. Byte’s config, when the store user was not signed in, the Who’s Online page showed /store/, but when clicked, went to https://ssl.perfora.net/store/. When the user was on another page (not index), it displayed /pannys.net/store/index.php?main_page=index&cPath=3, but went to https://ssl.perfora.net/pannys.net/s...=index&cPath=3 when clicked (the link that was displayed would have worked – the link it actually went to needed the rdswebs.net added, or the https://ssl.perfora.net/ removed.

With lat9’s config, whether signed-in or not, it displayed pannys.net/store but went to https://ssl.perfora.net/store/ and did the same thing as DrByte’s when the store was displaying a category (left out rdswebs.net).

If this is not going to hurt anything else, or if you are both tired of messing with it, I fully understand. If either of you want a userid/password to this test store so you can see it yourself, I’ll gladly send you one … just let me know which configure file you want installed.

[DrByte]

I tried both configs. Both seemed to work fine with everything except Who’s Online (again, it’s not a big deal if there’s not another problem this can cause).

I can't see why anything else would be affected.
If you can live without clicking on the whos-online links to spy on what your customers are doing, then you should be fine.

[rayw1679]

Thank you; I can live with it. Please pardon my being paranoid, but I still need to install the HTML editor, and I've had more problems with this one upgrade than all the rest added together. Maybe I'm getting too old for this ... (with apologies to Danny Glover). I just thought it strange that it displayed one value but went to a different URL.

Perhaps my HTML upgrade will be uneventful and I won't pester you again. Thank you both.

[DrByte]

Sorry that you've found this upgrade challenging. Your unique hosting scenario is one that is rarely used and quite complicated to test for, and indeed wasn't part of the cases tested when the autodetection for admin URLs was written.

[rayw1679]

I understand. I'm considering switching to a non-managed server with Plesk, but the conversion effort would be amazing. It would probably allow more IP addresses, though. Unless they have changed it, managed servers are limited to one IP address, which I assume means one SSL certificate. I'm under the impression SSL certificates can't share an IP, but that's something upon which I have to do more research.

This latest problem hasn't been as frustrating as the SQL restore problem (caused by an error at 1and1) or finding out one has to sign-on the first time on 1.5.1 with the original sign-in ID to set-up the other SuperUsers. That one took me almost a week of 10 - 12 hours per day of testing (and not sure what I was testing). This is why I seldom upgrade on the bleeding edge, as I can find out the problems others had and fix them. With the 1and1 PHP deadline, I had no choice this time. I'm also fighting declining health and medications, and I'm not at sharp as I used to be.

The assistance you, lat9, kobra, and others have provided has been greatly appreciated. While this hasn't been fun, and I'm not through yet, you've taught me a lot ... including to use WinMerge to test files. And, kobra, I really like Notepad++. lat9, I'd like to kiss your hand for resolving the cookie problem. You are all life-savers.