Majjy Posted October 24, 2014 Share Posted October 24, 2014 Hi, I have recently changed my store to force ssl storewide. updated all my coding storewide, etc...... Everything is working. I noticed though that Google and other search engines are not redirecting the http://www. to my new https:// pages. For example, In Firefox using Google I get this error message: "Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies." I have tried different codes in the .htaccess file, but nothing I do works. I have a dedicated ssl with my server. I contacted them 24 hours ago and haven't heard back. I'm running CCv 5.2.12. Any help would be appreciated, Claudia Quote Link to comment Share on other sites More sharing options...
SimChris Posted October 24, 2014 Share Posted October 24, 2014 Hi,Google has a nice document online regarding converting your site from http to https, and best steps to take; and most often best way for Google to learn about the change is to submit updated sitemap with https vs http URLs. If your shop setup doesn't build the XML sitemap properly you can also use external mapping tools like "Sitemap Creator" which we use for some sites which have mix of static/dynamic content.Make sure you have your sitemap updated in your Google Webmaster Tools account, and update your root URL in your account to show new URL as needed. Actually, I think it's the "change of address" tool: https://support.google.com/webmasters/answer/83106?hl=enWith Apache servers, you can use this method for redirect I've pasted in.RewriteEngine OnRewriteCond %{HTTPS} offRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]And oops ... here is the Google doc I was mentioning:https://support.google.com/webmasters/answer/6073543?hl=en Quote Link to comment Share on other sites More sharing options...
Majjy Posted October 24, 2014 Author Share Posted October 24, 2014 Hi, Thanks for your response. i have submitted all versions of my address to Google and Bing and in Google made my preferred domain https://www.claudiasbargains.com. I also use CartDesigns Automated Sitemap Mod and in checking in my browser all pages have been updated to the https. I'm having trouble with the 301 redirect. Where exactly in my htaccess file do I put it. I know the order of things are important. If it is working properly will it allow the pages that Google has indexed as http to redirect to https? Thanks, Claudia Quote Link to comment Share on other sites More sharing options...
Majjy Posted October 24, 2014 Author Share Posted October 24, 2014 Well, I must say you, SimChris, are the best! Your redirect worked like a charm!! Search engines are redirecting to my https. Thank you very much! ... Claudia Quote Link to comment Share on other sites More sharing options...
SimChris Posted October 25, 2014 Share Posted October 25, 2014 Hi,you're welcome. I just happen to be doing this with our main website "right now." (Literally working on that today/Sat.). We have a 15 year old site, with CubeCart5, 2 wordpress installs, pre 2005 static content for news, post 2005 custom CMS, then static .shtml service and company info pages. It's been a barrel of monkeys to do this in "sections" to migrate things to https, but getting there. Ecom has always been https, but the "normal" pages have been fun to swap to new deal. And as long as your "canonical" links on all pages show htps// then you are effectively okay from the "duplicate content" penalty. Right now Google is being a bit loose on anything where sites have both http and https loading since up to 40% of major web portals are in midst of this conversion process "right now." So, I think there is likely a window until next Spring, where no major penalties for some minor stuff will be adverse.Glad I could help. :-)Next fun thing is ask your hosting company about mod_spdy to "speed up" all the https pages. quite cool tech where it basically serves up an https page as "one" connection, so there is just one gzip encrypted bundle, vs 20 elements, CSS, JS, etc. Does not work with the two third party skins (Vector and um I forgot), but all the normal skins work fine, and so should be fine with CC6. But luckily most web servers are now setup to optimize for https, so it isn't like 5+ years ago where normal page would take 2 sec and https wwould take 10. Now it's more like 1/2 sec to maybe 1 sec speed penalty at most depending on server. Anyway.... food for thought when it comes up. Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 25, 2014 Share Posted October 25, 2014 At sometime in the past I remember reading advice in the forum that discouraged running CC with SSL forced on the whole site. This thread has me wondering... has the situation changed? Quote Link to comment Share on other sites More sharing options...
SimChris Posted October 26, 2014 Share Posted October 26, 2014 The only issues I have had with SSL on the whole site, meaning outside of the CubeCart folder has been with mod_SPDY.The issues with running https on your entire site have to do witha) runs slower due to encryption you have to update canonical linksc) you have to update all image linksd) you have to load all js/css as httpse) you have to load any external elements, including CDN, over httpsOn some installs of Apache, CentOS, et al, there is a known issue with a redirect loop when you do a "force transport SSL" of the domain at the server level, but that only impacts some setups and also the issue with mod_SPDY. So, no issue with doing local htaccess 301 redirects as per my example, provided you update Google with your new https vs http page layout."Forced" means in most cases a "required" connection; meaning disallowing http connections.Generally "forced" means an http connection is NOT allowed at all. Whereas simply changing your structure to serve https pages, doing redirects for inbound links to old http pages (e.g., from social media links), and updating site maps, canonical links, etc., have no issues.There are some gotchas on "some" shared hosting setups with shared IPs for having SSL certificates, but your host would have warned you about that with your account contract.So, if you follow best practices with installing your SSL Cert, updating all your links, and all the stuff mentioned, it's a non issue, just an adjustment period.I just updated 10,000 pages of content today. Missed the subscribe to daily summary via Feedburner link which was still http. IE11 said page secure. Chrome gave me warning that the form link to Feedburner should be secure also. Duh. Fixed! Now passed all https/SSL checks.Did that help? Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 26, 2014 Share Posted October 26, 2014 Thanks for the details! Quote Link to comment Share on other sites More sharing options...
Majjy Posted October 26, 2014 Author Share Posted October 26, 2014 Hi, The reason I wanted to change to https storewide is for one if I was a customer I'd have more confidence in a store that worked that way. I know that doesn't make sense since the checkout pages are always encrypted, but it sticks in the back of my mind. Also, Google, and whoever decides to follow their lead, are starting to give https more weight when ranking sites. The change in speed has not really been that noticeable to me. Claudia Quote Link to comment Share on other sites More sharing options...
SimChris Posted October 26, 2014 Share Posted October 26, 2014 Good choice since Google *has* said they want to see entire sites https, not just the ecom systems. Which is why we're doing that to 20,000 pages of content from one site over 15 years.Issue with https vs http in "speed" has to do with your Google PageSpeed Insights score, which might drop one point (or more) depending on how your server does in serving https pages vs http pages. Since we have some complex pages we're adding mod_SPDY (which will be built into future version of Apache anyway) now to help "speed up" all https pages so they load as fast as http, and we use mod_pagespeed to optimize delivery of static elements.Those are advanced topics, but most hosts will have these as built-in offerings within the next 24 months or not be very good hosting companies. Right now, as long as you switch to https and watch out for the "gotchas" it looks like you're already on top of, then you're well on the right track.Hope that helps somebody :-)(FYI, I managed a web hosting company from 1996-2005; started building ecom sites in '96, and did projects for Oprah Winfrey/Civitas, and No Fear clothing, etc.). Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 26, 2014 Share Posted October 26, 2014 Doing a search through all skin files for http. Found a few I had not already changed to relative, but I'm not sure what to do with this in element.paginate.php: From stock kurouto skin <a href="{$current}{http_build_query($params)}{$anchor}">1</a> … From blueprint <li><a href="{$current}{http_build_query($params)}{$anchor}" class="first" data-page="1" rel="first">1</a></li> I also see spots in the jquery js files that have http: ==="http:"?80:443))==(bV[3]||(bV[1]==="http:"?80:443 There will probably be other spots I find before I'm through. But once I've fixed all the places I can find, do I make the change to whole site SSL by using the "force" checkbox as well as by making the changes to site url, notifying Google, and adding Redirect in .htaccess? Quote Link to comment Share on other sites More sharing options...
CHGTF Posted October 27, 2014 Share Posted October 27, 2014 Hi, The reason I wanted to change to https storewide is for one if I was a customer I'd have more confidence in a store that worked that way. I know that doesn't make sense since the checkout pages are always encrypted, but it sticks in the back of my mind. Also, Google, and whoever decides to follow their lead, are starting to give https more weight when ranking sites. The change in speed has not really been that noticeable to me. Claudia I did the same thing to my store for this same reason. I also couldn’t get my "https" to work either but my SSL provider was insanely helpful almost immediately after requesting and implementing my SSL. They responded within minutes of emailing them and we had about a dozen emails back and forth. Could not have been more pleased. Quote Link to comment Share on other sites More sharing options...
SimChris Posted October 28, 2014 Share Posted October 28, 2014 @DIRTYWell - in theory - you shouldn't have to change anything in your store files, as ecom systems are designed to run "all pages as https" provided you set it up that way to begin with; my store has been https from inception because we take orders and push to authorize.net via AIM method.So, typically all you should need to do is get SSL cert installed, then update your CubeCart settings for the store to be located at https://yousitevs http://yoursite. Note the "SSL" tab in your CC5 admin control panelstore settings > SSL tabYou shouldn't have to do much more than that to start with. Quote Link to comment Share on other sites More sharing options...
Majjy Posted October 29, 2014 Author Share Posted October 29, 2014 Hi SimChris, Thanks for the 301 Redirect code for my .htaccess file. Works great. Only in made my admin https too. Anyway to undo that and keep admin http. Thanks, Claudia Quote Link to comment Share on other sites More sharing options...
Dirty Butter Posted October 30, 2014 Share Posted October 30, 2014 I have not made the whole store https yet, but CC by default has all Admin pages as https, as I do have SSL enabled. Quote Link to comment Share on other sites More sharing options...
SimChris Posted October 31, 2014 Share Posted October 31, 2014 Claudiayou should always be logging in to your admin with https anyway.To be honest, I used to not do that, but now I do. If you use a bookmark like I did, just go there, add the s in the browser window, make NEW bookmark, and your admin will be https next time you use the new bookmark. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.