No Green Padlock/https on New Products and All Products links

[Ted Grapler]

Am working on a fresh install/test cart of v155e on a VPS with all my products and customers transferred over from live store. PHP is 7.0 and have Image Handler 4, Lite Box, Edit Order, and Easy Populate installed. Ubuntu 16. Slowly getting it working and customized the way I want.

Using Webmin/Virtualmin and Lets Encrypt and have forced my VPS site to default to https. Modifying .htaccess to force https always gave a server error so I found that could add the line "Redirect / https://MYSITE.com/" in etc/apache2/sites-available/MYSITE.conf file and that worked great. So far I get the green padlock in Chrome on almost all my pages, however just noticed when I click on New Products, All Products, or Gift Certificate FAQ links on my main page I get no padlock and a mixed content warning (could be on other pages too but these are the only three have found so far and I have looked).

In Chrome browser Inspect/Console I see warning:

Mixed Content: The page at 'https://MY_WEBSITE/index.php?main_page=products_new' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://MY_WEBSITE/index.php?main_page=products_new'. This endpoint should be made available over a secure connection.

index.php?main_page=products_new:346

<div id="sorter">
<label for="disp-order-sorter">Sort by: </label>
<form name="sorter_form" action="http://MY_WEBSITE/index.php?main_page=products_new" method="get"><input type="hidden" name="main_page" value="products_new" /> <select name="disp_order" onchange="this.form.submit();" id="disp-order-sorter">
<option value="1" >Product Name</option>
<option value="2" >Product Name - desc</option>
<option value="3" >Price - low to high</option>
<option value="4" >Price - high to low</option>

I tried to track this down using Zen Cart Developer's Tool Kit but it's not as simple as the other things have recently worked out.

Suggestions and advice appreciated.

Thanks, Ted

[DrByte]

Evidently you're trying to serve your entire site over SSL by forcing SSL, but have left your store configured to NOT serve every page over SSL.

By default Zen Cart only serves sensitive pages (login/checkout) over SSL. If you want to tell Zen Cart to serve EVERYTHING over SSL, then just configure it as such.

See https://www.zen-cart.com/content.php...alled-zen-cart, section 3, noting the part that talks about "if you want your ENTIRE site over SSL..."

[Ted Grapler]

Thanks DrByte. I had looked at that page but missed that had to add the extra "s" even though you had it in bold print:

define('HTTP_SERVER', 'https://www.YOUR_SHOP.com');

Of course it worked. Glad I posted here. Now I can have dinner.

Ted