SSL Certificate

Hi Ally,

never turn on the secure flag for your cookie if your page is not yet accessible via https!

So let's roll back that setting first:

- go to your forum db with phpMyAdmin or your preferred Database tool

- execute this SQL command:

replace "yourprefix_" with your forum DB prefix!

- go with FTP to the folder uploads/cache/ and delete all files within it
(so don't delete the folder itself but just the files INSIDE that folder).



Now since you already have an SSL cert you can log in to your forum and change the settings properly to https:


- login to your forum via http
- go to your acp -> home -> general configuration
- in the domain configuration at the bottom of your page change "http://" to "https://" in your forum domain and change the "port" setting from 80 to 443.
- save these settings

now go in your acp to:
security -> HTTPS Assistant

First of all enable an https image proxy (i suggest you use our automatic one).

And after you saved that ensure that the https assistant shows you a green tick on every other setting you have to change for https. If there is still a yellow notification most of the things the https assistant can correct itself if you just click.

If everything is green there log out from your acp and forum!



Now its a good time to add a Rewrite Rule to your .htaccess so your forum is only accessable with https://

You could add:


after:


there.

Also make sure you change the http:// to https:// to the rule wich redirects your non-www call to the www. call - if you don't do this you will get an endless redirect error. I know you added that rule once so ensure you update this as well.


Open your page with https://www.motorhomecraic.com (important: https! your .htaccess should redirect you automatically if not but ensure the https and the green lock icon in the adress bar of your browser is there).


Now if everything runs over https log in to your forum.

Now you can change the Cookie back to SSL if you want.


Sincerely,
Chris

Yeah, fiddling with the networking stuff is never that pretty.

You're welcome!

Sincerely,
Chris

Hi Ally,

okay you can change the part http from your last "RewriteRule" to https and add the additional rule after RewriteEngine on

Seems you are not using the default .htaccess of the CF4, thats why the rewriteBase is missing.
EDIT: I see I already get redirected correctly to https if I open your main url, so I think you already forced https on your server, so you don't need an additional rewrite rule here, so you can skip that part. But I can still access your page without www. so check your rewrite rules in that scenario too. All accesses to your page should point to https://www.motorhomecraic.com so you don't get problems with your cookies later or with ajax script calls.


On the missing green Lock thing:

On your page I still see graphics linked without https:// for example here:




This seems you added in your own template or via a Plugin (Admanager?) Scripts or embedded Images (like the http://www.motorhomecraic.com/advert/fineedge.PNG one) wich are not yet on a https link.

You have to completely use https ready image and script links for your advertisers etc. too. So check your Plugins and the Settings you made there.

CF4 out of the box works if the https assistant shows everything green.
But for the 3rd party stuff and your own changes you have to make sure everything is https.

Sincerely,
Chris

I'm happy I could help!
Welcome to the world of encrypted website transfers!


Just one thing I still see: I can still access your page without the "www." wich could cause problems for some users for cookie & ajax handling.

You could try to change the .htaccess part you posted here:



With this one:



That's a bit cleaner and should work with all circumstances.

By the way I see your hoster seems to have added some rules here too (cpanel?) so if you get problems accessing that thing you could also try it like this:




But maybe the short first suggestion already helps.

Sincerely,
Chris