Jump to content

force ssl storewide


Majjy

Recommended Posts

Hi,

I have recently changed my store to force ssl storewide.  updated all my coding storewide, etc......  Everything is working.  I noticed though that Google and other search engines are not redirecting the http://www. to my new https:// pages.  For example, In Firefox using Google I get this error message:

 

"Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
    This problem can sometimes be caused by disabling or refusing to accept cookies."

 

I have tried different codes in the .htaccess file, but nothing I do works.  I have a dedicated ssl with my server.  I contacted them 24 hours ago and haven't heard back. I'm running CCv 5.2.12.

 

Any help would be appreciated,

Claudia

Link to comment
Share on other sites

Hi,

Google has a nice document online regarding converting your site from http to https, and best steps to take; and most often best way for Google to learn about the change is to submit updated sitemap with https vs http URLs. If your shop setup doesn't build the XML sitemap properly you can also use external mapping tools like "Sitemap Creator" which we use for some sites which have mix of static/dynamic content.

Make sure you have your sitemap updated in your Google Webmaster Tools account, and update your root URL in your account to show new URL as needed. Actually, I think it's the "change of address" tool: https://support.google.com/webmasters/answer/83106?hl=en

With Apache servers, you can use this method for redirect I've pasted in.

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

And oops ... here is the Google doc I was mentioning:

https://support.google.com/webmasters/answer/6073543?hl=en

Link to comment
Share on other sites

Hi,

Thanks for your response.  i have submitted all versions of my address to Google and Bing and in Google made my preferred domain https://www.claudiasbargains.com. I also use CartDesigns Automated Sitemap Mod and in checking in my browser all pages have been updated to the https.  I'm having trouble with the 301 redirect.  Where exactly in my htaccess file do I put it.  I know the order of things are important.  If it is working properly will it allow the pages that Google has indexed as http to redirect to https?

 

Thanks,

Claudia

Link to comment
Share on other sites

Hi,

you're welcome. I just happen to be doing this with our main website "right now." (Literally working on that today/Sat.). We have a 15 year old site, with CubeCart5, 2 wordpress installs, pre 2005 static content for news, post 2005 custom CMS, then static .shtml service and company info pages. It's been a barrel of monkeys to do this in "sections" to migrate things to https, but getting there. Ecom has always been https, but the "normal" pages have been fun to swap to new deal. And as long as your "canonical" links on all pages show htps// then you are effectively okay from the "duplicate content" penalty. Right now Google is being a bit loose on anything where sites have both http and https loading since up to 40% of major web portals are in midst of this conversion process "right now." So, I think there is likely a window until next Spring, where no major penalties for some minor stuff will be adverse.

Glad I could help. :-)

Next fun thing is ask your hosting company about mod_spdy to "speed up" all the https pages. quite cool tech where it basically serves up an https page as "one" connection, so there is just one gzip encrypted bundle, vs 20 elements, CSS, JS, etc. Does not work with the two third party skins (Vector and um I forgot), but all the normal skins work fine, and so should be fine with CC6. But luckily most web servers are now setup to optimize for https, so it isn't like 5+ years ago where normal page would take 2 sec and https wwould take 10. Now it's more like 1/2 sec to maybe 1 sec speed penalty at most depending on server. Anyway.... food for thought when it comes up.

Link to comment
Share on other sites

The only issues I have had with SSL on the whole site, meaning outside of the CubeCart folder has been with mod_SPDY.

The issues with running https on your entire site have to do with

a) runs slower due to encryption

B) you have to update canonical links

c) you have to update all image links

d) you have to load all js/css as https

e) you have to load any external elements, including CDN, over https

On some installs of Apache, CentOS, et al, there is a known issue with a redirect loop when you do a "force transport SSL" of the domain at the server level, but that only impacts some setups and also the issue with mod_SPDY. So, no issue with doing local htaccess 301 redirects as per my example, provided you update Google with your new https vs http page layout.

"Forced" means in most cases a "required" connection; meaning disallowing http connections.

Generally "forced" means an http connection is NOT allowed at all. Whereas simply changing your structure to serve https pages, doing redirects for inbound links to old http pages (e.g., from social media links), and updating site maps, canonical links, etc., have no issues.

There are some gotchas on "some" shared hosting setups with shared IPs for having SSL certificates, but your host would have warned you about that with your account contract.

So, if you follow best practices with installing your SSL Cert, updating all your links, and all the stuff mentioned, it's a non issue, just an adjustment period.

I just updated 10,000 pages of content today. Missed the subscribe to daily summary via Feedburner link which was still http. IE11 said page secure. Chrome gave me warning that the form link to Feedburner should be secure also. Duh. Fixed! Now passed all https/SSL checks.

Did that help?

Link to comment
Share on other sites

Hi,

The reason I wanted to change to https storewide is for one if I was a customer I'd have more confidence in a store that worked that way.  I know that doesn't make sense since the checkout pages are always encrypted, but it sticks in the back of my mind.  Also, Google, and whoever decides to follow their lead, are starting to give https more weight when ranking sites.  The change

in speed has not really been that noticeable to me.

Claudia

Link to comment
Share on other sites

Good choice since Google *has* said they want to see entire sites https, not just the ecom systems. Which is why we're doing that to 20,000 pages of content from one site over 15 years.

Issue with https vs http in "speed" has to do with your Google PageSpeed Insights score, which might drop one point (or more) depending on how your server does in serving https pages vs http pages. Since we have some complex pages we're adding mod_SPDY (which will be built into future version of Apache anyway) now to help "speed up" all https pages so they load as fast as http, and we use mod_pagespeed to optimize delivery of static elements.

Those are advanced topics, but most hosts will have these as built-in offerings within the next 24 months or not be very good hosting companies. Right now, as long as you switch to https and watch out for the "gotchas" it looks like you're already on top of, then you're well on the right track.

Hope that helps somebody :-)

(FYI, I managed a web hosting company from 1996-2005; started building ecom sites in '96, and did projects for Oprah Winfrey/Civitas, and No Fear clothing, etc.).

Link to comment
Share on other sites

Doing a search through all skin files for http. Found a few I had not already changed to relative, but I'm not sure what to do with this in element.paginate.php:

 

From stock kurouto skin

 <a href="{$current}{http_build_query($params)}{$anchor}">1</a> &hellip;

From blueprint

<li><a href="{$current}{http_build_query($params)}{$anchor}" class="first" data-page="1" rel="first">1</a></li>

I also see spots in the jquery js files that have http:

==="http:"?80:443))==(bV[3]||(bV[1]==="http:"?80:443

There will probably be other spots I find before I'm through.

 

But once I've fixed all the places I can find, do I make the change to whole site SSL by using the "force" checkbox as well as by making the changes to site url, notifying Google, and adding Redirect in .htaccess?

Link to comment
Share on other sites

Hi,

The reason I wanted to change to https storewide is for one if I was a customer I'd have more confidence in a store that worked that way.  I know that doesn't make sense since the checkout pages are always encrypted, but it sticks in the back of my mind.  Also, Google, and whoever decides to follow their lead, are starting to give https more weight when ranking sites.  The change

in speed has not really been that noticeable to me.

Claudia

 

I did the same thing to my store for this same reason. I also couldn’t get my "https" to work either but my SSL provider was insanely helpful almost immediately after requesting and implementing my SSL. They responded within minutes of emailing them and we had about a dozen emails back and forth. Could not have been more pleased.

Link to comment
Share on other sites

@DIRTY

Well - in theory - you shouldn't have to change anything in your store files, as ecom systems are designed to run "all pages as https" provided you set it up that way to begin with; my store has been https from inception because we take orders and push to authorize.net via AIM method.

So, typically all you should need to do is get SSL cert installed, then update your CubeCart settings for the store to be located at https://yousitevs http://yoursite.

Note the "SSL" tab in your CC5 admin control panel

store settings > SSL tab

You shouldn't have to do much more than that to start with.

Link to comment
Share on other sites

Claudia

you should always be logging in to your admin with https anyway.

To be honest, I used to not do that, but now I do. If you use a bookmark like I did, just go there, add the s in the browser window, make NEW bookmark, and your admin will be https next time you use the new bookmark.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...