Let's Encrypt SSL

[Aficionado]

Today i got a new plugin on my Cpanel to use Let's Encrypt SSL (free).

I haven't done anything yet, i would like to ask what is the best way to do this on a live and well established website. I have NEVER installed ssl to anything and i have no knowledge on all that.

Thanks

[Aficionado]

What i mean is what to do within Osclass.

[_CONEJO]

Only change required it to modify your config.php

Change your WEB_PATH to reflect the https URL

From

Code: [Select]

define('WEB_PATH', 'http://yourdomain.com/');

To

Code: [Select]

define('WEB_PATH', 'https://yourdomain.com/');

With this change, all the internal links to your website will have the HTTPS proto.


SSL has nothing to do with Osclass or any other script you could run on your webserver, SSL is handle by the server (apache, nginx,...). I don't use CPanel, nor know about that plugin. Let's encrypt gives you a free SSL certificate that last 4 months (IIRC), the plugin may renew the certificate automatically (I imagine). Now, it depends on how you have configured your server and what you want to achieve, if you want to allow both HTTP and HTTPS connections, you need to modify a little more your config.php file.

Something like that will allow both connection

Code: [Select]

// this is in case you have a proxy and the connection proxy<-->server is not secure
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO'])=='https') {
    $_SERVER['HTTPS'] = "on";
}
// allow both connection
if(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']=='on' || $_SERVER['HTTPS']==1)) {
    define('WEB_PATH',  'https://yourdomain.com/');
} else {
    define('WEB_PATH',  'http://yourdomain.com/');
}
Warning: It depends on which server are you running, they may or may not send you the $_SERVER['HTTPS'] (some send a "1" value, others send a "on" value)
If you for example use nginx as a proxy, and the connection nginx-apache is not secure, $_SERVER['HTTPS'] will be empty/null but $_SERVER['HTTP_X_FORWARDED_PROTO'] will have a http/https value depending on which connection reach the proxy.

[Aficionado]

Thanks Daniel.

I'm running LiteSpeed webserver and it is very compatible.

I will try to switch one Osclass site to SSL and see how it goes.

[Aficionado]

That was very easy to do.

With Bender 100% ok, with OsclassWizards theme i use i get mixed content. I will try to find out what that could be.

[Aficionado]

Also if anybody interested in this information, after installing the ssl, all traffic should be redirected to the ssl site.

By adding this to .htaccess on top.

Code: [Select]

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]

[Aficionado]

Does anybody know what happens if you have a a multi-country Osclass with countries as subdomains (wildcard DNS as documented in the Osclass blog) and you want to enable SSL ?

Thanks

[_CONEJO]

As far as I know, Let's Encrypt does not allow for wildcard certificates.

If you have a finite number of different domains, you could set up your server and a finite number of different certificates. Let's say you have a 20 countries installation, you need 20 different certificates and 20 different configurations of apache/nginx/litespeed/whatever you are using.

For about 85€/year you could have a rapidSSL/Comodo wildcard certificate, that will only require to have  ONE configuration and ONE certificate, which is way less problematic to maintain.

[Aficionado]

Thanks Daniel, i was afraid of that.

I will see how i will handle my situation, maybe i will disable that subdomain/country thing. Didn't offer me any rank anyway ....

[vecamar]

Hi Conejo!
You said this:

With this change, all the internal links to your website will have the HTTPS proto.

It´s true, but what happen with home page? In my site in home page appears "https" but not "secure" and green bar like in internal links.
What can I do? Thanks!

[p206ab]

Hi Conejo!
You said this:

With this change, all the internal links to your website will have the HTTPS proto.

It´s true, but what happen with home page? In my site in home page appears "https" but not "secure" and green bar like in internal links.
What can I do? Thanks!

Check the console (inspect element), there are probably some images or scripts that are being called with http. Everything, including scripts from external sources need to be https in order to get the green bar.

[vecamar]

Thank you for your answer! It works!
I had an image with "http". I changed it to "https".
Regards!

[Tadeusz]

Please help me install the SSL certificate step by step

[officeland]

Also if anybody interested in this information, after installing the ssl, all traffic should be redirected to the ssl site.

By adding this to .htaccess on top.

Code: [Select]

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]