Added shipping Module, now site is not Secure

[ridecals]

I added the All in one shipping Mod.  Now when I open the site, it says 

Your connection is not private

Attackers might be trying to steal your information from ridecals.us (for example, passwords, messages, or credit cards).

 

I have put a lot of time in this already and do not want do a fresh install, and do not know how to restore the backup I created.

 

TIA

 

Dave

[havenswift-hosting]

This is nothing at all to do with AIO shipping and not even really to do with CubeCart, except that you have enabled SSL in the Store Settings

Your domain is ridecals.us but the certificate installed on your hosting is for charlestrongtrees.com hence the warning message.

You dont need to do anything with CubeCart or restore simply get the correct SSL installed on your hosting account

Ian

[bsmither]

Welcome ridecals! Glad to see you made it to the forum.

Would this message be generated by the browser? What browser are you using? Chrome?

I think one possibility is that this message is being triggered when a page is requested under SSL, but then that page is making a request for resources (javascript, images, etc) not using SSL.

Do you get the same response when you log in to admin not using SSL?

[ridecals]

I don't get an option to log in SSL or not SSL.  But if I am not logged in and just go to ridecals.us, I still get the error.  I did not get that before.

This is nothing at all to do with AIO shipping and not even really to do with CubeCart, except that you have enabled SSL in the Store Settings

Your domain is ridecals.us but the certificate installed on your hosting is for charlestrongtrees.com hence the warning message.

You dont need to do anything with CubeCart or restore simply get the correct SSL installed on your hosting account

Ian

Do you know how I got about changing it?

 

TIA

 

Dave

[havenswift-hosting]

You will need a valid SSL certificate issued for ridecals.us and then it will need to be installed onto your hosting account which can be done through your hosting control panel such as cPanel.  If you dont know how to do this or you have any doubt about whether the SSL for charlestrongtrees.com is valid or not then I strongly suggest you speak to your hosting company

Ian

[bsmither]

If SSL is working and the Store Settings has SSL enabled, then on the admin login screen, there will be a padlock. Click on it and you will toggle between https and http login pages with a locked and unlocked padlock, respectively.

If that padlock is not there, then the Store Settings has SSL not enabled.

Even if SSL is not enabled, an admin can still specifically request the login page using https and the session will continue under SSL - provided that the SSL Cert's contents are correct and is correctly installed.

Even if SSL is not enabled, an admin can request the login screen with the unlocked padlock (http) and the session will continue not under SSL.

Getting to the storefront with the result being the warning, then I would consult the hosting provider to get the certificate straightened out.

[ridecals]

I have SSL Turned off.  Everything was working great until I added the 2 pluggins

[bsmither]

Two plugins? You have mentioned the AIO Shipping, what is the other plugin?

And what browser are you using? I am using Firefox and I don't get this message.

[ridecals]

The free shipping Plug

[havenswift-hosting]

This will not have anything at all to do with the plugins !

If you go to http://www.ridecals.us or http://www.ridecals.us/index.php or http://ridecals.us/ or http://ridecals.us/index.php (mentioned because you are likely to be incurring duplicate content penalties for displaying the same homepage for all four url variations which Google sees as four different websites !) then you will reach your website

If you go to the https:// version of any of them then you will get the error you saw before which is because there is an SSL installed on your hosting account which is for a different domain to the one you are going to.  You need to remove that SSL and then if you want SSL / https purchase and install one for your won domain

Ian

[bsmither]

@ridecals, I hear you saying you are entering your site not using https, yet still getting Chrome's warning page.

On that warning page, click the "Advanced" link. There is more information that will show why Chrome is complaining.

[ridecals]

his server could not prove that it is ridecals.us; its security certificate is fromcharlestrongtees.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

[bsmither]

So, if you are not entering your site via https, and SSL has been switched off in CubeCart's admin, why is Chrome complaining about the certificate?

[ridecals]

That is what I want to know.  It wasn't doing it until yesterday.

[bsmither]

An internet search for chrome force https shows that Chrome has a setting (HSTS) that will rewrite page requests. This setting is in chrome://net-internals/ part of the settings pages. The HTTPS Everywhere has an extension for Chrome (and others).

Just a wild guess, but check if this setting or extension is installed on your browser. Also check to see if your firewall or anti-virus product, if installed on your computer, may be affecting the page request.

How can you tell? You will need to look at the web server Access Logs and find the page requests made from your home IP address (www.whatismyip.com).

[ridecals]

I did not see the  HTTPS Everywhere.  The on thing I saw was HTTPS settings which were certificates, which non were installed.

 

It does seem as though it is Chrome specific.  Works fine in Explorer.