Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2018-05-22 21:41:19

lythande
Member
Registered: 2009-09-08
Posts: 191
Website

http to https in textpattern

Hi,

I am wondered, why I don’t find a “how to” for switch a webseite with textpattern from http to https?
I have try on my live-website, but it seems, that I have to need make more steps for set the https inide, because my css wasn’t shown…

With the new EU-DSGVO I must have set my website with an SSL-Certificate (SSL-Zertifikat) and a https:// instead http://
(very important for contact-formulars and another formulars…)

I hope, someone can help me for the next steps? (I have a SSL-Certificate for this one domain)

And is here maybe a second “How To” for making a new website (on the test-site) with https:// for the live-site and then switch the test-site to the live-site? My problem: the ssl-certificate is only for www.domain.tld and not for subdomain (subdomain = testsite).
I dont know, would I get errors, because there is not ssl-certificat, if I look on the test-site-domain?

Best Regards
Lythande

Offline

#2 2018-05-23 00:25:36

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,118
Website

Re: http to https in textpattern

All I have been doing is using this .htaccess file. I don’t remember exactly where I got the code from.

Edit: I changed this to match Jakob’s suggestions below.

# BEGIN Textpattern
#DirectoryIndex index.php index.html

#Options +FollowSymLinks
#Options -Indexes
#ErrorDocument 403 default

<IfModule mod_rewrite.c>
    RewriteEngine On
    #RewriteBase /relative/web/path/

    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^(.+) - [PT,L]

    RewriteCond %{REQUEST_URI} !=/favicon.ico
    RewriteRule ^(.*) index.php

    RewriteCond %{HTTP:Authorization}  !^$
    RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

<IfModule mod_mime.c>
    AddType image/svg+xml  svg svgz
    AddEncoding gzip       svgz
</IfModule>
# END Textpattern

There are several threads in the forum but the most recent is Non-HTTPS Sites Labeled ‘Not Secure’ by Chrome.

Offline

#3 2018-05-23 05:39:18

lythande
Member
Registered: 2009-09-08
Posts: 191
Website

Re: http to https in textpattern

Hi michaelkpate,

much thanks, it works. So easy? :-D

How I can made my textpattern-login in this site with ssl / https too?

Lythande

Offline

#4 2018-05-23 05:55:32

jakob
Moderator
From: Germany
Registered: 2005-01-20
Posts: 3,159
Website

Re: http to https in textpattern

Hi Lythande,

Step 1: add this line to your config.php:

define('PROTOCOL', 'https://');

That makes Textpattern create https:// links wherever you use txp:site_url or other automatically linking txp tags.

Step 2: In your .htaccess file (the dot means it’s hidden by default so you need to have “show hidden files” in your ftp program to see it), add these lines similar to what Michael said:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

except, that I’d add these near the top after RewriteBase.

There are various similar ways of doing that, like what Michael suggested. The one I’ve pasted here is from the HTML5 boilerplate.

Step 3: If you’ve coded your site brilliantly, you may already see the padlock icon in your address bar everywhere. But if you’re like me and sometimes manually construct links, you’ll need to go through your code and see if you’ve written http:// manually in your code and change that to https://.

Everything that you include in your site needs to be included as https, i.e. all css, all images, all javascript. I even had to replace some third-party plugins that themselves linked to other sources using http. It only needs one item of content that is not accessed via an encrypted connection and you won’t see the padlock (or you get the padlock with provisos). Sites that you link to externally (like in a link list) can still be http://.

And yes, you need a certificate for each subdomain, or a certificate that also covers the subdomain names. Paid SSL certificates can be ‘wildcard’ certificates and cover subdomains, but they are generally expensive. Free certificates from Let’s Encrypt will depend on how your host handles them. I use all-inkl. in Germany and have to submit a certificate request for each subdomain individually, but it’s just a two-click setting. On Webfaction, a UK-US host, more manual work is involved but you can request one certificate to handle a whole batch of domains and subdomains. Let’s Encrypt have recently added a wildcard certificate facility, but many hosts don’t yet support it.

I hope that helps. BTW: did you get your other sites working?

EDIT: Ah right, you got it working already. Well done! Your code must be nice and clean ;-)


TXP Builders – finely-crafted code, design and txp

Offline

#5 2018-05-23 06:38:23

lythande
Member
Registered: 2009-09-08
Posts: 191
Website

Re: http to https in textpattern

Much thanks, Jacob!
All works and my login is with https too! :-D

Offline

#6 2018-05-23 18:23:55

sacripant
Plugin Author
From: Rhône — France
Registered: 2008-06-01
Posts: 471
Website

Re: http to https in textpattern

Very usefull tips Julian. Thanks.
It would be great to have a txptips about textpattern and https.

Offline

#7 2018-05-23 19:50:48

jakob
Moderator
From: Germany
Registered: 2005-01-20
Posts: 3,159
Website

Re: http to https in textpattern

Jonathan had already written part of that as a txp tip: Site links in SSL but not all of it. (A note about forcing https in htaccess is shown in the preview of related DISQUS comments, but I don’t see that as an actual comment to the thread so it’s only half-readable).

That said, I don’t mind expanding on that and I’m sure Jonathan won’t mind, but I’m no expert on the subject.

@SSL experts: Are there any details I’ve forgotten or got wrong? Anything else I should add?


TXP Builders – finely-crafted code, design and txp

Offline

#8 2018-05-24 16:32:05

Vienuolis
Member
From: Vilnius, Lithuania
Registered: 2009-06-14
Posts: 172
Website

Re: http to https in textpattern

Nothing required to do for Textpattern CMS on Hiawatha webserver. The simple string is sufficient there for a virtual host: RequireTLS = yes.

Hiawatha also comes with free DST CA certificate request, revoke, and renew automation via Letsencrypt.org.

I have also forced TLS for editors, while leaving encryption optional for visitors — to the same website.

Offline

#9 2018-08-28 20:07:49

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 1,315
Website

Re: http to https in textpattern

michaelkpate wrote #311995:

All I have been doing is using this .htaccess file. I don’t remember exactly where I got the code from.

Edit: I changed this to match Jakob’s suggestions below.

# BEGIN Textpattern...

There are several threads in the forum but the most recent is Non-HTTPS Sites Labeled ‘Not Secure’ by Chrome.

causes
Error: 500 Internal Server Error¶


…. texted postive

Offline

#10 2018-08-29 14:50:31

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,379

Re: http to https in textpattern

bici wrote #313681:

causes
Error: 500 Internal Server Error¶

Can you post the entire .htaccess here that causes the 500 error?

Offline

Board footer

Powered by FluxBB