Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Join Date
    Oct 2011
    Posts
    10
    Plugin Contributions
    0

    Default Enabling SSL Breaks Catalog / Admin

    I've been bashing my head against a wall for a while now, trying to enable SSL within Zencart. Any help or direction to a resource that would answer this question would be GREATLY appreciated...Going through this page is how I got this far to begin with:
    https://www.zen-cart.com/tutorials/index.php?article=14

    Currently, the Zencart store and admin panel work fine as long as SSL is set to false in include/configuration.php and admin/include/config.php.

    I am currently using Zencart Version: v1.3.9h

    I've also verified I can get to
    https://www.reelhotlures.com and https://reelhotlures.com through my browser without an error, so I'm assuming the SSL is working correctly, but I don't know what's causing Zencart to break once enabled.

    I get these error messages when trying to access either while enable SSL is set to 'true':
    -------------
    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    More information about this error may be available in the server error log.

    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at reelhotlures.com Port 443
    ------------------

    Below is what I have for include/configure.php and admin/include/configure.php.

    (I should note that I've tried entering both 'reelhotlures.com' and 'www.reelhotlures.com' within their respective http/https server fields, with no luck using either)

    include/configure.php:
    define('HTTP_SERVER', 'http://reelhotlures.com');
    define('HTTPS_SERVER', 'https://reelhotlures.com');

    define('ENABLE_SSL', 'true');


    admin/include/configure.php:
    define('HTTP_SERVER', 'http://reelhotlures.com');
    define('HTTPS_SERVER', 'https://reelhotlures.com');
    define('HTTP_CATALOG_SERVER', 'http://reelhotlures.com');
    define('HTTPS_CATALOG_SERVER', 'https://reelhotlures.com');

    define('ENABLE_SSL_CATALOG', 'true');
    define('ENABLE_SSL_ADMIN', 'true');

    ----------------------

    I can provide screenshots of how things are set up... Yes, I'm using GoDaddy. From what I have read, that wasn't the best way to go. However, switching my host is not an option at this point.

    Here is a screenshot of the SSL cert through GoDaddys panel, so it is registered and active:
    (I've blurred out some information on these screenshots because I'm not sure what is sensitive information and what is not)
    http://reelhotlures.com/images/example4.jpg

    Within my GoDaddy account is a Virtual Dedicated server, that I have the reelhotlures.com site hosted on.
    http://reelhotlures.com/images/example2.jpg

    On this Virtual Dedicated Server, I also have the SSL hosted and active. If I click on the reelhotlures.com link in this image, it takes me (successfully) to https://reelhotlures.com.
    I have also confirmed that going to 'https://WWW.reelhotlures.com' works as well (this is also noted in the zencart faq).
    Also, in this screenshot, I have noticed it does say that 'No SSL certificate is currently shared' .... so the SSL SHOULD be a 'DEDICATED' SSL, correct? (I ask because the Zencart FAQ says to verify which type you have, dedicated/shared)
    http://reelhotlures.com/images/example3.jpg

    And finally, here is a screenshot of the Cpanel for the reelhotlures.com hosted site that is on Virtual Dedicated Server. If I go into the SSL manager, I can see all the keys associated with the SSL. I've noticed it lists the home directory as home/reelhot, but I'm not sure if this should go into the Configure.php files or not. I've also noticed that at the very bottom it lists a 'shared IP address' ... which is the ip address of the virtual dedicated server. I'm not sure if that's important to note.
    http://reelhotlures.com/images/example1.jpg

  2. #2
    Join Date
    May 2010
    Location
    WA State
    Posts
    1,678
    Plugin Contributions
    3

    Default Re: Enabling SSL Breaks Catalog / Admin

    Your Godaddy SSL cert is not installed. Right now, it's a self-cert.

  3. #3
    Join Date
    Aug 2005
    Location
    Vic, Oz
    Posts
    1,905
    Plugin Contributions
    5

    Default Re: Enabling SSL Breaks Catalog / Admin

    You need a "dedicated" IP address for SSL to work correctly.
    Not a "shared" IP

    Also see this
    http://www.sslshopper.com/ssl-checke...elhotlures.com
    and
    http://www.sslshopper.com/ssl-checke...elhotlures.com

  4. #4
    Join Date
    Oct 2011
    Posts
    10
    Plugin Contributions
    0

    Default Re: Enabling SSL Breaks Catalog / Admin

    Ok, so it appears I left out a step when installing the SSL cert from GoDaddy to my Virtual Dedicated Server. I checked the links you supplied me Gilby, (after I finished installing it), and it appears everything is working for the SSL cert now. So, thank you so much for that.

    However, something strange is still going on:

    (Using FireFox)
    If I go to https://reelhotlures.com, its still saying Verfied by: Not specified, with no blue bar.

    HOWEVER, if I go to https://reelhotlures.com/zen_catalog/, I DO get the blue bar, and it's saying verified by GoDaddy. (Which is very refreshing)

    Unfortunately, the catalog is still broken while SSL is enabled, and I get the same 'internal server error' message as I posted before. This is the same for the admin page as well. (The blue bar shows up, but I get an error and it doesn't load). I've cleared my cache and cookies, and restarted, but with no luck.

    Is this happening because as you said I need a "dedicated" IP? I thought the server HAD a dedicated IP. It's always the same IP to log into the WHM panel.

    I DID have to install the cert using the user 'nobody', as it gave me an error when trying to use the site specific username.

    Am I pretty much screwed in trying to get this to work with a Virtual Dedicated Server? Or is there still a way around it? I feel like I'm so close to success, but scared I'm going to hit a wall and there's going to be no way to configure because of how it is hosted. :crosses fingers and waits for reply:

  5. #5
    Join Date
    May 2010
    Location
    WA State
    Posts
    1,678
    Plugin Contributions
    3

    Default Re: Enabling SSL Breaks Catalog / Admin

    Is this happening because as you said I need a "dedicated" IP? I thought the server HAD a dedicated IP. It's always the same IP to log into the WHM panel.
    Even if it's a shared IP address it will show the same one. It's showing you the IP address for the server you're on.

  6. #6
    Join Date
    Oct 2011
    Posts
    10
    Plugin Contributions
    0

    Default Re: Enabling SSL Breaks Catalog / Admin

    So is it specifically because I have a shared IP that the catalog/admin panel is breaking when enabling SSL? If so, is there ANY way to circumvent that? Or am I basically just screwed, and need to find a different hosting solution?

  7. #7
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Enabling SSL Breaks Catalog / Admin

    Have you asked your hosting company to install the SSL certificate for you, in order to be sure it's been done correctly?

    The ONLY part that involves Zen Cart is setting the proper URL and ENABLE_SSL status in the configure.php file/s. Everything else is up to the server configuration.
    If your hosting company can't support you properly for basic hosting things like SSL certificates, then yes it's time to find a more capable hosting company. Especially one whose name is not GoDaddy.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  8. #8
    Join Date
    Oct 2011
    Posts
    10
    Plugin Contributions
    0

    Default Re: Enabling SSL Breaks Catalog / Admin

    ...So the SSL cert is probably still not installed/configured correctly?
    Even though it shows up fine here?:
    http://www.sslshopper.com/ssl-checke...elhotlures.com

    http://www.sslshopper.com/ssl-checke...elhotlures.com



    And to answer your question: I've tried multiple times to get support from them, but it has been a nightmare.

    At first we were on standard 'shared' hosting solution, but I could not get the FirstData payment module to work because of port 1129, which they would not open.

    They explained I needed a dedicated server or virtual dedicated server, so I'd have the option of opening that port. He talked it up really good, and it sounded as if I'd have all kinds of help. He even gave me his email if I had 'any further questions'. Of course, after I order the V.Ded Server, and they get their money, I don't even get a response from him.

    I've called their support after the fact, and even went through their menu for SPECIFICALLY 'SSL Support', it seems as though all they will support is making sure it's active in their GoDaddy panel, but anything to do with helping set up the server itself, they will not support. Apparently I had to pay for a ridiculously priced 'Assisted Service Plan' when I ordered the Vded server. (129.00/month, 3 month minimum)

    Anyways, I HAVE been able to get the FirstData payment module to work by opening up that port (I'm fairly knowledgeable, but have no previous experience running a web server, so I've been scouring Google for answers).

    However, things are not secure if SSL isn't working correctly, and I'm assuming that payment module should not even be used if things are not secure.

    ...At this point I don't know what to do, and I don't think that moving the host again is an option. I really just want to get this to work so I don't feel like such a failure.

    Things would probably be easier if I did not go with GoDaddy, obviously.

    But it would also be easier if the people who the site is for didn't want to use FirstData, and just went with something like PayPal for CC transactions. I would assume I wouldn't need the SSL cert since it would all go through PayPal, and I wouldn't have to worry about using the VDed server since it was specifically for that module, and could stay on the regular shared hosting solution, avoiding all this headache as well. Oh well, hindsight is always 20/20.


  9. #9
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Enabling SSL Breaks Catalog / Admin

    Responding to your last statement ... you should still have dedicated SSL for the site EVEN IF your payment module doesn't require it. It's very inexpensive and customers do like to know that you take their privacy and security seriously. Nowadays there's no good excuse for not offering SSL.

    As for all the rest of what you just said, yup, you've been sold a bill of goods that's cost you time and money needlessly. Lots of better options out there that'll run port 1129 without issue, even on shared hosting. GD won't, but better hosts will.

    Don't be afraid to escalate your support tickets all the way to the top. GD should have at least one person who can take some responsibility for customer satisfaction. Don't be afraid to find them. After all, you're paying through the nose for nothing otherwise.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  10. #10
    Join Date
    Oct 2011
    Posts
    10
    Plugin Contributions
    0

    Default Re: Enabling SSL Breaks Catalog / Admin

    Ok, I have fixed the SSL issue, and now the admin panel and catalog WORK while all three SSL entries are set to 'true'.

    admin/include/configure.php
    define('ENABLE_SSL_CATALOG', 'true');
    define('ENABLE_SSL_ADMIN', 'true');

    include/configure.php
    define('ENABLE_SSL', 'true');

    However, the catalog itself is still using http:// until I go to checkout.

    This is causing the secure bar not to pop up until users are done shopping, and go to checkout.

    Also, I put a .htaccess file at the root of the site to force traffic to https://

    While that file was there, some 'add selected items to cart' buttons would not work in the catalog, and give me an warning the information was going to be sent unencrypted.

    I have since removed that .htaccess file, but the catalog is still unsecure while users are shopping. (The checkout appears to be encrypted and working, however).

    Is there any way I can force the catalog to use https:// for all aspects while browsing the catalog and shopping?

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v151 Admin login loop after enabling SSL - v151
    By michaeltw in forum General Questions
    Replies: 10
    Last Post: 19 Dec 2013, 12:44 AM
  2. Catalog/Admin panel breaks when turning on SSL
    By Famsta in forum Installing on a Linux/Unix Server
    Replies: 2
    Last Post: 28 Oct 2011, 04:31 PM
  3. Admin Login Issues After Enabling SSL
    By Symbah in forum Basic Configuration
    Replies: 0
    Last Post: 24 Nov 2009, 07:41 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR