SSL with letsEncrypt - login page still uses non https

davidofadelaide · October 31, 2022, 12:09pm

I have an install of 9.1.1, I had it working fine, albeit on http.

I later used LetsEncrypt to get a valid SSL working and it appears to mostly have worked.

Some images are missing wrong URL, and login fails now as it looks for http which returns a 301 to https.

I have .htaccess set up as follows :

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTP_HOST} ^site.com.au [NC]
        RewriteRule ^(.*)$ https://www.site.com.au/$1 [R,L]
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME}/index.html !-f
        RewriteCond %{REQUEST_FILENAME}/index.php !-f
        RewriteRule . index.php [L]
</IfModule>

the config is as follows in the SEO:

"exclude_words": "a, an, as, at, before, but, by, for, from, is, in, into, like, of, off, on, onto, per, since, than, the, this, that, to, up, via, with",
    "url_rewriting": true,
    "url_rewriting_all": true,
    "redirect_to_canonical_url": false,
    "canonical_url": "https://www.site.com.au",
    "canonical_url_alternative": "https://site.com.au",
    "trailing_slash": false,
    "title_format": "%2$s :: %1$s",
    "title_segment_separator": " :: ",
    "page_path_separator": "-",
    "group_name_separator": " / ",
    "segment_max_length": 128,
    "paging_string": "ccm_paging_p"

Any help on how I can rectify is greatly appreciated.

Cheers

dbuonomo · October 31, 2022, 1:00pm

@ davidofadelaide, check to verify that all references to assets (images, css files, etc.) are relative and not fully qualified URLs using http? You should be using <?= $this->getThemePath(); ?>/path/to/file for theme files and embedded assets, like images. Verify you are not using fully qualified URLs in your content blocks.

Also, you have a rewrite rule in your .htaccess file, but in my experience Let’s Encrypt handles this in your vhost configuration when you generate the certificate. Not sure if this is causing you this issue, but you might want to look into that as there may be a duplicate redirect here.

mlocati · October 31, 2022, 7:45pm

I’d also check that Concrete is configured to have the https version in the canonical URL

davidofadelaide · October 31, 2022, 8:07pm

is that the setting in the SEO config above?

davidofadelaide · October 31, 2022, 8:12pm

Thanks for the post @dbuonomo all assets im referring to have been added via the media uploader. its not been from a theme. I removed the rewite rules in the htaccess and the problem remains, the login form is still trying to post to http://

dbuonomo · October 31, 2022, 8:55pm

Canonical URL setting are in Dashboard > System & Settings > SEO & Statistics > URLs and Redirection.

davidofadelaide · October 31, 2022, 9:09pm

@dbuonomo because I cannot log in, I can’t see the dashboard. So I used the CLI to get the above

C5:config get concrete.seo

davidofadelaide · November 5, 2022, 3:00am

I managed to fix it by getting in and looking at the config files.

in the SEO config file there was a reference in there to HTTP instead of https and the command line to update was not setting that. I went against the comment block that mentioned to NOT change and modified it.

It then allowed me to log in and I could then use the SEO settings to correctly set the canonical URLS.