Need help troubleshooting ssl that just broke

[fiberlady]

this is my first post here. I have two add on domains running zen cart 1.3.7 and a test site for 1.3.8 under one of the add on domains. I have been using the webhost's shared ssl certificate for these two domains. Yesterday morning I noticed that they had (or were in the process of) upgrading cpanel to cpanel 11.

Everything was working fine on the sites. Then in the afternoon when I tried to login to the admin console for zen cart, received a page indicating 'no file referenced' or something to that effect. Not an error, if I changed a path to an invalid path I received a 404 error.

After contacting the hosting company, I was told I needed to go to a dedicated certificate, which I had been planning on doing when I rolled in the 1.3.8 upgrade. Since the dedicated certificate required a new IP address, it would take about 8 hours to propagate through the dns system. I updated my secure server paths in both of my configure.php files to the path they indicated for the dedicated ssl, and went to bed for 8 hours and waited for the changes to propagate.

In the morning I was able to login. (Hooray, it seemed to have worked). Then disaster. I can log in and I get the admin index.php page and everything comes up as expected from the database. The problem comes that every link I click on takes me back to the login page and when I login again, right back to the admin index.php.

One of the stores is a wholesale site, so it is set to require a login before prices. Any customers that login, seem to login, but when they click on a product for it gives the 'Must login for price' message. Basically a catalog version of the admin problem.

If I attempt to checkout on the retail site that doesn't require a login to view the prices or add products to the cart, I get the message that my session has timed out when I click on checkout.

I have cleared the browser cache on multiple browsers/boxes,
I have changed the Recreate Sessions from true to false and back again, verified that the configure.php is using database sessions,
checked out the posts that I could find related to ssl.

If turn off the ssl everything works.

Old configure ssl settings, these have worked for a year without any problems, until yesterday afternoon:

define('HTTP_SERVER', 'http://dacheleenterprises.com/test');
define('HTTPS_SERVER', 'https://ssl131.penguinhosting.net/~dfwterra/dachele/test');
define('HTTP_CATALOG_SERVER', 'http://dacheleenterprises.com/test');
define('HTTPS_CATALOG_SERVER', 'https://ssl131.penguin webhosting.net/dachele/test');

// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');



New settings:

define('HTTP_SERVER', 'http://dacheleenterprises.com/test');
define('HTTPS_SERVER', 'https://www.dfwterraclean.com/dachele/test');
define('HTTP_CATALOG_SERVER', 'http://dacheleenterprises.com/test');
define('HTTPS_CATALOG_SERVER', 'https://www.dfwterraclean.com/dachele/test');

// Use secure webserver for catalog module and/or admin areas?
define('ENABLE_SSL_CATALOG', 'true');
define('ENABLE_SSL_ADMIN', 'true');


I can login and reach the admin Index.php page, but all other links lead back to the login screen.

What I need to know is what server settings that could have been changed by my hosting company could be causing this and how do I check them?

Some of the more obvious pieces of info from the 1.3.8 test site with the use ssl set to false so I can login and get to the server/versio info page:

Database Host: localhost (127.0.0.1) Server OS: Linux 2.6.9-67.0.4.ELsmp Database: MySQL 4.1.22-standard Server Date: 05/08/2008 23:05:37 Database Date: 05/08/2008 23:05:37 Server Up Time: 23:05:37 up 79 days, 21:16, 0 users, load average: 1.03, 2.17, 1.88 HTTP Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP Version: 5.2.6 (Zend: 2.2.0) PHP Memory Limit: 16M PHP Safe Mode: Off
I know the server has been running PHP 5 for a while, but the 5.2.6 seems to be different. mysql is the same version. I know it has been apache 2, but I'm not sure if the 2.2.8 is different, but I keep thinking that may have changed recently as well.


I have tried to provide as much of the information as I can, but there are so many entries in the Server Version info that I can get to if I turn off the SSL (only on the test site, but they are the same server and add on domains in the same primary account.), that I don't know where to go from here.

[Website Rob]

Couple of steps were skipped over in your description of events.

Who purchased the SSL Cert?
Who created the CSR required to get an SSL Cert?
Who installed the SSL Cert?

Your Host should be the one you discuss this situation with. They know more about your Hosting account than anyone else.