Issue with EV SSL renewal

[Man from Mars]

Hi

Please help a very frustrated new Zenner.

I've just renewed my EV SSL certificate. Prior to the renewal, you could type my sites URL and the site would appear in a browser as HTTPS showing company name and full URL. Since updating my SSL I have had all sorts of problems getting the SSL to work. I have been in touch with my server companies on many occasions and they now state that the SSL is working fine and the problem is with the Zen Cart catalog and Admin configure.php's. I can get the SSL to work if I type https://www.mysite.co.uk/catalog but it will not work if I type just mysite.co.uk . I then get an error as:

Forbidden

You don't have permission to access / on this server.
Apache/2.4.23 (Unix) Server at mysite.co.uk Port 80

I want to have my SSL across the whole of my site, so I have set in both catalog and admin configure.php to 'false'. As a note, my admin works fine with full SSL, so no need adjustments this side. Below are my two configure files.

#Catalog#
/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/

// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'http://www.mysite.co.uk');
define('HTTPS_SERVER', 'https://www.mysite.co.uk');

// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'false');

// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/catalog/');
define('DIR_WS_HTTPS_CATALOG', '/catalog/');

#Admin#

/**
* WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
* To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
*/
define('HTTP_SERVER', 'https://www.mysite.co.uk');
define('HTTPS_SERVER', 'https://www.mysite.co.uk');
define('HTTP_CATALOG_SERVER', 'https://www.mysite.co.uk');
define('HTTPS_CATALOG_SERVER', 'https://www.mysite.co.uk');

// secure webserver for admin? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_ADMIN', 'false');


// secure webserver for storefront? Valid choices are 'true' or 'false' (including quotes).
define('ENABLE_SSL_CATALOG', 'false');

Oh yes, I have placed an .htaccess file in the Public_html directory that reads as follows:
// ########################
// ## SSL .htaccess
// ########################

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]


Can anyone advise me where I'm going wrong?

Thanks

[mc12345678]

Well, for one: to get https: across the entire site, one must also tell ZC how to get there when SSL is not enabled:

Code:

define('HTTP_SERVER', 'http://www.mysite.co.uk');

Should be:

Code:

define('HTTP_SERVER', 'https://www.mysite.co.uk');

In your catalog includes/configure.php

[mc12345678]

Another thing is that you don't have anything in your htaccess that forces the inclusion of www. as a prefix, just something that forces the page to go to https with whatever domain name has made it to this point.

[mc12345678]

And (sorry for the individual posts) there is nothing that redirects/forces the visitor to go to the catalog sub-directory if it was not included in the original uri. Which of course also begs the question of why the store is seen by visitors to be in a sub-directory anyways rather than at the root of the domain name?

[DrByte]

I've just renewed my EV SSL certificate. Prior to the renewal, you could type my sites URL and the site would appear in a browser as HTTPS showing company name and full URL. Since updating my SSL I have had all sorts of problems getting the SSL to work. I have been in touch with my server companies on many occasions and they now state that the SSL is working fine and the problem is with the Zen Cart catalog and Admin configure.php's. I can get the SSL to work if I type https://www.mysite.co.uk/catalog but it will not work if I type just mysite.co.uk . I then get an error as:

Forbidden

You don't have permission to access / on this server.

I give them credit for trying to pass the buck ... But ... if it "worked before the SSL cert was changed", and suddenly afterward it "doesn't work", then ... what changed was the SSL configuration of the server ... not Zen Cart.


And the "forbidden" error strongly indicates that they've busted the vhost for the SSL side of your domain and have it pointed to someplace other than the same document root as the non-SSL site.

In short: it's a server issue.



(Unless you're not telling us about changes you made to your ZC files in the meantime. But if nobody changed Zen Cart, then ... the problem isn't Zen Cart.)

[Man from Mars]

Another thing is that you don't have anything in your htaccess that forces the inclusion of www. as a prefix, just something that forces the page to go to https with whatever domain name has made it to this point.

This .htaccess was given to me be the support team at 123 Reg. what should it be if I may ask?

I have no idea about writing these scripts. My site is www.anglingcentrewestbay.co.uk you will get a Forbidden Message unless you add /catalog.

All help very much appreciated

[mc12345678]

This .htaccess was given to me be the support team at 123 Reg. what should it be if I may ask?

I have no idea about writing these scripts. My site is www.anglingcentrewestbay.co.uk you will get a Forbidden Message unless you add /catalog.

All help very much appreciated

Unfortunately this is not a ZC specific issue, so the solution(s) can be found by searching the internet. There are a number of ways to accomplish the task, some dependent on the server others well, just form/function I guess.

Here is one solution that is likely to work:

Your .htaccess should look something like this. Note, the sequence of "commands" in the .htaccess are as important as any line of code in say the ZC store. They are processed top down and in some cases stop execution of any further rules. So, sequence (at least of groups) is important.

The below .htaccess rule was tested against an online htaccess tester and appeared to work for all cases of:
http://angling
https://angling
http://www.angling
https://www.angling
and with or without the subdirectory of catalog being present as the first sub-folder
with the response of https://www. and the subdirectory appended to the path with whatever file(s) that were called and parameters attached. Note that any other subdirectory that is first after the site name will be appended to the catalog directory such that:
site/other_directory/file.php?param1 will give: site/catalog/other_directory/file.php?param1

Code:

RewriteEngine on

RewriteBase /

RewriteCond %{HTTP_HOST} ^(www\.)anglingcentrewestbay\.co\.uk [NC] # Checks if the HTTP_HOST either has or does not have www prefix. If so, continue checking
RewriteCond %{REQUEST_URI} ^/(catalog/)?(.*)$ # Checks if the base of the site is called or optionally if the subdirectory catalog/ is used and captures the remainder of the URI as %2
RewriteRule ^(|/catalog)(.*)$ https://www.anglingcentrewestbay.co.uk/catalog/%2$1 [QSA,L,R=301] # If no subdirectory is provided or if the directory is /catalog then if /catalog it will be removed from the $1 response portion as part of %2 and any remaining parameters will be appended with site being https and including the prefix of www.

[DrByte]

you will get a Forbidden Message unless you add /catalog.

That's a misconfiguration of permissions on your hosting account, for whatever directory is the document-root in ssl mode.

Your hosting company needs to fix what they broke.

[mc12345678]

Though, one thing I see is that a 301 will be provided regardless of the address that is entered.. :/ Grrr.. Just realized/thought about that.. So, guess could add a few other checks against the provided values such that if it is not SSL or it is not catalog, or it does not begin with www, then do all of the above.. May come back with something more to support that portion of the testing...

[mc12345678]

Corrected htaccess if host is unable to correct their document-root issue:

This will not issue a 301 if all of the features are used (https, begins with www., and in the subdirectory catalog) All of those tests are case *in*sensitive.

Code:

RewriteEngine on

RewriteBase /

RewriteCond %{HTTP_HOST} ^(www\.)anglingcentrewestbay\.co\.uk [NC] # Checks if the HTTP_HOST either has or does not have www prefix. If so, continue checking
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{REQUEST_URI} !^/catalog [NC,OR]
RewriteCond %{HTTPS} off [NC]
RewriteCond %{REQUEST_URI} ^/(catalog/)?(.*)$ # Checks if the base of the site is called or optionally if the subdirectory catalog/ is used and captures the remainder of the URI as %2
RewriteRule ^(|/catalog)(.*)$ https://www.anglingcentrewestbay.co.uk/catalog/%2$1 [QSA,L,R=301] # If no subdirectory is provided or if the directory is /catalog then if /catalog it will be removed from the $1 response portion as part of %2 and any remaining parameters will be appended with site being https and including the prefix of www.

[/QUOTE]