Fundamental

Advanced Search

Problems implementing SSL

Permalink Browser Info Environment
I am trying to secure my site so that it uses https (I have an SSL certificate). I find that if I force a page to to be secure, the Google fonts are no longer used and I cannot access the control panel from that page (its contents are not there, just the panel). If I go to a page with mixed content, it displays as intended and I can access the control panel as normal. Looking at the source code for my pages, I think there are two lines that start http rather than https: if I add them as Extra Header Content with the http changed to https: the secure page and control panel all then work. These are two lines (with the web ADDRESS left out):
<link href="http://www.ADDRESS/ccm/system/css/page/1/main.less" rel="stylesheet" type="text/css" media="all">      
<link rel="stylesheet" href="http://www.ADDRESS/fundamental/css/googlefonts.css"/>

I may be wrong but it looks like it's the Fundamental theme that's causing my problem. It looks like it's not giving https addresses for those two lines. Any ideas, please?
Type: Ticket
Status: Archived
schisto
View Replies:
c5hub replied on at Permalink Reply
c5hub
This theme does not hard code the protocol i.e. http or https.

The theme uses relative paths so there must be some settings in concrete5 you need to set.
schisto replied on at Permalink Reply
schisto
Thank you for your very quick reply. I wondered if this was the case but I’ve no idea what the required setting(s) might be. I’ve tried setting one or both URLs to the SSL address in the control panel. Have you any thoughts about the setting I need to change, please? I’ve run out of ideas.
c5hub replied on at Permalink Reply
c5hub
Have you tried clearing your cache?

Also, there appears to be a post in the forums on this matter:

https://www.concrete5.org/community/forums/5-7-discussion/concrete5....

This may help.
schisto replied on at Permalink Reply
schisto
Thank you, yes, I’ve tried clearing the cache more than once but to no avail. I had already read that discussion thread and tried the things suggested (apart from the hard core hack to the code, which looks a bad idea to me!). There seems to be lot of frustration in that discussion, which obviously I now share. It now seems to me that something’s going on of which the theme is a casualty not a cause. I’ll give it all another go and let you know how I get on. Thank you again.
schisto replied on at Permalink Reply
schisto
Solved! After a bit more trial and error, this is what worked:
In application/config/generated_overrides/concrete.php ...
'seo' => [
        'canonical_url' => 'https://www.mywebsite.co.uk',
        'trailing_slash' => false,
        'url_rewriting_all' => true,
        'redirect_to_canonical_url' => 0,
        'url_rewriting' => true,
    ],

I think there ought to be a 'make it SSL' button in Concrete5, rather than having to fiddle about until it works. That said, at least I was able to rule out the theme as the cause, and the replies helped me to find a way to work out it. Phew!
ConcreteCMS replied on at Permalink Reply
ConcreteCMS
Attention: Since there has been no activity on this issue for two weeks, this issue has been automatically archived.

To re-open this issue, reply to this message.

concrete5 Environment Information

# concrete5 Version
Core Version - 8.4.4
Version Installed - 8.4.4
Database Version - 20180717000000

# concrete5 Packages
Accordion Pro (1.0.5), Automatic Email Obfuscator (2.0.1), Brimstone Theme (2.1.6), Clear Clipboard (1.0.0), Devoda SEO (1.5.2), Documents (1.0.1), Easy PHP (0.9), EU Cookie Law (1.0.7), Fundamental (4.0.7), Honest Websites Back To Top (1.1.0), HTML5 Audio Player Basic (2.0.7), Mega Menu (1.6.2.2), Read More (1.1.0), Simple Audio Player (0.9.1), Smooth Link Scrolling (1.2.2), Webli File List (1.2), Whale Sky Tabs (1.2.0), Wrap anything (0.9.2)

# concrete5 Overrides
elements/header_required.php

# concrete5 Cache Settings
Block Cache - Off
Overrides Cache - Off
Full Page Caching - Off
Full Page Cache Lifetime - Every 6 hours (default setting).

# Server Software
Apache

# Server API
cgi-fcgi

# PHP Version
7.2.14

# PHP Extensions
bcmath, bz2, calendar, cgi-fcgi, Core, ctype, curl, date, dba, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, intl, json, libxml, mbstring, mysqli, mysqlnd, openssl, pcre, PDO, pdo_mysql, pdo_sqlite, Phar, posix, Reflection, session, shmop, SimpleXML, soap, sodium, SPL, sqlite3, standard, tidy, tokenizer, wddx, xml, xmlreader, xmlwriter, xsl, zip, zlib

# PHP Settings
max_execution_time - 50000
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - -1
max_input_vars - 5000
memory_limit - -1
post_max_size - 64M
upload_max_filesize - 64M
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - <i>no value</i>
session.gc_maxlifetime - 7200
soap.wsdl_cache_limit - 5

Browser User-Agent String

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You may not request a refund that is not currently owned by you.