Installing SSL https on Joomla 3.6.5, Problems, and Solutions [solved]

General questions relating to Joomla! 3.x. Please consider the availability of third-party templates and extensions when deciding which Joomla version to use.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Locked
pintobuck
Joomla! Explorer
Joomla! Explorer
Posts: 286
Joined: Tue Mar 06, 2007 9:39 am

Installing SSL https on Joomla 3.6.5, Problems, and Solutions [solved]

Post by pintobuck » Wed Mar 01, 2017 10:21 pm

This has been my experience. I’m using Joomla 3.6,5, Gantry 5 template Framework with its Hydrogen template, and swMenuPro extension for menu styling. Everything is auto updated to the latest version.

I bought an SSL certificate from my large hosting service provider for $37 per year.

INITIAL PROBLEMS

No browser would display my website after I set Joomla to Force HTTPS.
(Joomla Administrator / System / Global Configuration / Server / Force HTTPS = Entire Site.)


Chrome browser said:
The backgroundsearch.com page isn’t working
backgroundsearch.com redirected you too many times.

Firefox browser said:
The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Internet Explorer browser said:
This page can’t be displayed
Make sure the web address https://backgroundsearch.com is correct

SOLUTIONS SO FAR

1) Get back into your website.
In Joomla’s Configuration.php file, find “public $force_ssl = '2';” and change the 2 to 0.
Log in as administrator.
Then set Joomla Administrator / System / Global Configuration / Server / Force HTTPS = None.

2) Backup your mysql database and your entire site. (It is best to back up before beginning any changes to your website.)

3) I exported the mysql database to my local computer as a .sql file. (Be sure to export. Do not dump.) I used C-Panel with phpmyadmin.

4) From the exported database, on my local computer, I deleted
http://www.backgroundsearch.com (notice www. and no trailing backslash)
and
http://backgroundsearch.com (notice no trailing backslash)
which should make all the remaining URLs relative.
Be sure to delete the first one first.
I used Find and Replace procedure, using a free program like EditPlus which can open an .sql file.
I found the character string, and Replaced All with nothing, which effectively deleted all copies of that character string from the exported database.

5) I used Filezilla FTP to upload the modifed database file from my local computer up to my server. This just gets the .sql file onto the server.

6) Back on the server, I emptied all the tables in the Joomla mysql database. (Be sure to emtpy. Do not dump.) I used C-Panel with phpmyadmin.

7) Then, I imported the .sql file (that I had uploaded with Filezilla FTP) into the Joomla mysql database, which I had just emptied. I used C-Panel with phpmyadmin.

8 ) An .htaccess file hack was necessary, because without it all browsers would not display the site due to too many redirects. The .htaccess hack is a workaround because otherwise Joomla (or the Gantry 5 template) put this code in the header:
<base href="http://backgroundsearch.com/" />
and no browsers would display my site. The objective of the .htaccess hack is to change http in that one line of code to https. Hopefully, Joomla or Gantry 5 will take notice and make this hack unneccessary. The .htaccess hack is:

####### ---- begin HACK TO CHANGE HTTP TO HTTPS IN
####### <base href="http://backgroundsearch.com/" />
<IfModule mod_env.c>
SetEnv HTTPS on
</IfModule>
######## ------- end HACK TO CHANGE HTTP TO HTTPS

(This .htaccess hack was suggested by http://stackoverflow.com/questions/1973 ... d-of-https )

9) Edit this line of code in your Joomla Configuration.php file. (Always back up the file first.)
Change
$live_site = 'http://backgroundsearch.com';
To
$live_site = 'https://backgroundsearch.com';

The change to https was necessary in Joomla’s Configuration.php file, because otherwise some of my template and swMenuPro CSS styling would not display properly.

10) Enable Force HTTPS in Joomla.
( Joomla Administrator / System / Global Configuration / Server / Force HTTPS = Entire Site)

RESULTS

SSL https is working for my entire site with all three browsers (Chrome, Firefox, and Internet Explorer).

REMAINING PROBLEM

When I enabled Joomla’s Force HTTPS = Entire Site, it made all the https URLs function properly (which is good), but now Joomla does not actually force http URLs to become https URLs. Both types of URLS are still working on the website. I think this is because of the .htaccess hack required in Item #8, above.

WARNINGS AND INFO

1) Do not replace any mysql character strings beginning in href. When I did that, the website would not display in the browsers due to “Could not find template.”

2) After making these changes, Joomla Administrator may have to login from an https url (notice the https).

3) If Chrome Browser is not displaying images, clear Chrome’s browsing history, local data, and cookies.

SUGGESTIONS & REQUESTS

Perhaps some Joomla experts or Gantry 5 template experts could offer help with:

1) Template suggestion

per http://www.inmotionhosting.com/support/ ... e-base-tag
You can remove the base tag
<base href="http://YourDomainName.com/" />
If you don't use the base tag and simply want to remove it, you can easily do so. This base tag is stored in $doc / $document. You can use unset, as in the following example, to remove the base tag:

$doc = JFactory::getDocument();
unset($doc->base);

Or offer a manual or automatic method to change the base tag from http to https when Joomla Force HTTPS is enabled for the Entire Site.

That would eliminate the need for the .htaccess hack in Item #8, above. (I think.)

2) Offer a manual or automatic method to change
$live_site = 'http://backgroundsearch.com';
To
$live_site = 'https://backgroundsearch.com';
when Joomla Force HTTPS is enabled for the Entire Site.

CONCLUSON

This has been my experience. Hopefully this will help someone, and someone will offer guidance on the remaining problem and suggestions.
Last edited by mandville on Wed Apr 25, 2018 10:39 pm, edited 2 times in total.
Reason: marked solved as per op - Since the topic was created, the webhosting environment has changed, J! has been updated, and the problems have disappeared.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 35249
Joined: Sat Apr 05, 2008 9:58 pm

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by Webdongle » Wed Mar 01, 2017 11:04 pm

Either you haven't set up the cert correctly or the problem is with your Template because Joomla’s Force HTTPS = Entire Site works OK

Don't give a value to $live_site that will cause problems

If you move your site to localhost don't do it bit by bit ... use Akeeba.

http://forum.joomla.org/viewtopic.php?f=621&t=582860 please
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19044
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by leolam » Thu Mar 02, 2017 5:50 am

If you use the default htaccess file as distributed with Joomla and set to force https side-wide the SSL should work properly with any template or module since these cannot influence this (unless hard coded links but that is with Gantry not the case). If it does not work your SSL-certificate is incorrect installed by your provider (SSL is expensive....you can buy at Namecheap a Commodo positive SSL for USD$ 9,95 btw) and you need to connect with your hosting provider. Do not change code since that is wrong. This works out of the box in any Joomla site and by starting to wobble with code in core files you only make things unworkable with upgrades to mention one of the many things that will go wrong . You can check if your site is correctly installed https://www.sslshopper.com/ssl-checker.html

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team

pintobuck
Joomla! Explorer
Joomla! Explorer
Posts: 286
Joined: Tue Mar 06, 2007 9:39 am

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by pintobuck » Thu Mar 02, 2017 1:21 pm

pintobuck wrote: 4) From the exported database, on my local computer, I deleted
http://www.backgroundsearch.com (notice www. and no trailing backslash)
and
http://backgroundsearch.com (notice no trailing backslash)
which should make all the remaining URLs relative.
Be sure to delete the first one first.
I used Find and Replace procedure, using a free program like EditPlus which can open an .sql file.
I found the character string, and Replaced All with nothing, which effectively deleted all copies of that character string from the exported database.
Thank you to the 2 replies received already. I will try them out.

Most immediately, I think do not do step #4 as quoted above. That will leave you with some empty href specifically href="". Step #4 needs more testing. I will post again.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 35249
Joined: Sat Apr 05, 2008 9:58 pm

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by Webdongle » Thu Mar 02, 2017 3:40 pm

pintobuck wrote:
pintobuck wrote:...
Most immediately, I think do not do step #4 as quoted above. That will leave you with some empty href specifically href="". Step #4 needs more testing. I will post again.
Create a localhost on your PC and use Akeeba to move the whole site. Then edit that not the live site !!!
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

pintobuck
Joomla! Explorer
Joomla! Explorer
Posts: 286
Joined: Tue Mar 06, 2007 9:39 am

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by pintobuck » Mon Mar 06, 2017 8:01 pm

Solution Version 2 - A solution that worked for me.

This method is different than my first post above, so I'm starting this post over again from the beginning.

I returned my Joomla website to all of its previous settings from before I started working on SSL https.

I’m using Joomla 3.6,5, Gantry 5 template Framework with its Hydrogen template, and swMenuPro extension for menu styling. Everything is auto updated to the latest version.

I bought an SSL certificate from my large hosting service provider for $37 per year.

Initial Problems

I set Joomla to Force HTTPS = Entire Site, and no browser would display my website.
(Joomla Administrator / System / Global Configuration / Server / Force HTTPS = Entire Site.)

Chrome browser said:
The backgroundsearch.com page isn’t working
backgroundsearch.com redirected you too many times.

Firefox browser said:
The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Internet Explorer browser said:
This page can’t be displayed
Make sure the web address https://backgroundsearch.com is correct

Solution

1) Get back into your website.
In Joomla’s Configuration.php file, find “public $force_ssl = '2';” and change the 2 to 0.
Also, log in as administrator and confirm that System / Global Configuration / Server / Force HTTPS = None.

2) Backup your mysql database and your entire site. (It is best to back up before beginning any changes to your website. Better yet, work on a test site, as recommended Webdongle. A test site might require its own SSL certificate, but they can be bought for $9.95 as mentioned by Leolam.

New Method

I gave up on trying to make Joomla Force HTTPS = Entire site. In my humble opinion, it has a problem which I could only partially resolve with a modification to the .htaccess file.

My website is running on a shared hosting service of a very large company. I bought my SSL certificate from them, and their server offers a feature to force HTTP > HTTPS, so I enabled that feature and adapted Joomla accordingly. I left Joomla Force HTTPS = none.

Additional Info: After the fact, I checked Joomla.org documentation. A page called "Switching between HTTP and HTTPS" is under construction. That page says " For setting up the certificate, the simplest way is to get your host to do it for you. Once you've bought a Dedicated IP and SSL certificate, simply ask your host to help and they will get it signed and install it in the correct location for you." However, that page does not yet address the problems that I experienced.


.htaccess modification

Before I modified Joomla in any way, I looked at my displayed page using my browser (right click) View Page Source, and I saw:
<base href="http://backgroundsearch.com/" />
Notice it shows http and not https. Based on my experiments, this is the single item that caused web browsers to refuse to display my website due to too many redirects when I set Joomla Force HTTPS = Entire Site.

Also, Joomla.org, itself, uses
<base href="http:s//joomla.org/" />
Notice the https.

The only way that I found to change my
<base href="http://backgroundsearch.com/" />
to
<base href="https://backgroundsearch.com/" />
was with the following addition to the top of my .htaccess file.

####### ---- begin MOD TO CHANGE HTTP TO HTTPS IN
####### <base href="http://backgroundsearch.com/" />
<IfModule mod_env.c>
SetEnv HTTPS on
</IfModule>
######## ------- end MOD TO CHANGE HTTP TO HTTPS


Joomla Adaptations

I discovered the following Joomla adaptations by going to Joomla.org, and using my browser (right click) View Page Source to see Joomla's code on their home page.

Joomla Adaptation #1 - Joomla.org home page code shows:
<base href="https://joomla.org/" />
Notice the https. I made the necessary https change to my website by using the .htaccess modification described above.

Joomla Adaptation #2 - Joomla.org home page uses .png images

After I forced HTTPS (either through Joomla Force HTTPS or through my web hosting provider), all of my web site images disappeared, including images in the template and other content images. This was true even when I used the Joomla's Beez template.

In Joomla.org's page code, I noticed that all of the images were .png files (not .jpg or .gif).
Also, all of the template images were in the directory /templates/Your-Template-Name/images .
So, I converted my template images to .png files, put them in that directory, and the images showed up on my website again. Notice that the template images had to be both .png files and in the stated directory. It was ok for me to created subdirectories in /templates/Your-Template-Name/images, if I wanted to.

Changing the template image location was particularly pertinent for my Gantry 5 Hydrogen template, because the Gantry 5 template defaulted to a different image location and path.

Article content images also had to be changed to .png images before they would display on my website. It was ok for them to stay in their original directory.

Notice that every path to the images had to be revised accordingly, even if only to change the file name extension to .png .

Additional Info: Joomla.org's home page code linked to some .jpg images, but all the .jpg links seemed to use full domain name links to other subdomains or other websites.

Results

SSL https is working for my entire site with all three browsers (Chrome, Firefox, and Internet Explorer), without the remaining problems that I discussed in my first post on this thread. All of my .png images are displaying properly.

Suggestions and Requests, Please

1) Joomla could offer a method to change the base tag:
<base href="http://Your-Domain-Name.com/" />
to
<base href="https://Your-Domain-Name.com/" /> (notice the https)
without requiring the .htaccess modification shown above.

2) Joomla could address or explain the apparent requirement for images to be .png files.

3) Joomla and/or Gantry 5 could address or explain the apparent requirement for template images to be exclusively in the directory: /templates/Your-Template-Name/images

4) Joomla Documentation will probably complete their SSL instruction page.

pintobuck
Joomla! Explorer
Joomla! Explorer
Posts: 286
Joined: Tue Mar 06, 2007 9:39 am

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by pintobuck » Tue Mar 14, 2017 4:59 pm

Version 3 - A solution that worked for me.

Mahagr (from github.com, Gantry 5 project) suggested that I use mod_rewrite in the .htaccess file.
So, I went back and looked at Joomla forum post, which used that technique. See:
viewtopic.php?f=708&t=946296&p=3458385& ... t#p3458385

Good Result for Version 3 -- is that I could use jpg and gif images, which I could not use in Version 2. Also, Version 3 allowed me to use my original path to the images, for example Gantry 5 templates' default path to template images.


This Version 3 is almost the same as my Version 2, in that I'm having my web site hosting service force HTTP > HTTPS.

The only change I made was to my modification in the .htaccess file.
For newer people, any line that starts a # sign is just a comment in the .htaccess file. You don't really need them, but I left a lot of comments in my modification so that I can remember what I did.

So, in .htaccess, look for
RewriteEngine On

Underneath that, I inserted:

### -- begin HTACCESS MODIFICATION FOR JOOMLA SSL/TLS HTTS
### 1. ENABLE WEBSITE HOSTING SERVICE SSL TO FORCE HTTP > HTTPS.
### Following info is from Joomla.org Forum:
### viewtopic.php?f=708&t=946296&p=3458385& ... t#p3458385
### 2. - DO NOT set "Force SSL" in Joomla config, just leave it as "none"
### 3. - SET or NOT live site url in configuration.php file to https://Your_Domain_Name.com - it worked in both ways for him
### 4. - insert the following rules in .htaccess as needed for your situation.
###
### Force https in all pages
#RewriteCond %{HTTP:X-Forwarded-Proto} !https <-- COMMENTED OUT BECAUSE
### MY WEB HOSTING SERVICE IS DOING IT. (See Item #1, above.)
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] <-- COMMENTED OUT BECAUSE
### MY WEB HOSTING SERVICE IS DOING IT. (See Item #1, above.)
###
### Redirect http://www.Your_Domain_Name.com to https://Your_Domain_Name.com
### (Notice the www. Add only if needed. Also, change Your_Domain_Name.com to your own domain.)
RewriteCond %{HTTP_HOST} ^www\.(Your_Domain_Name\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
###
### Upgrade internal requests to https, insert if your site layout breaks when visiting the site via https.
Header set Content-Security-Policy "upgrade-insecure-requests"
###
### Modification author was not sure what this below does exactly; his hosting provider added it to
### his .htaccess because ajax was not working when visiting the site via https
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin https://Your_Domain_Name.com
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Headers "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
</IfModule>
### -- end .HTACCESS MODIFICATION FOR JOOMLA SSL/TLS HTTPS

pintobuck
Joomla! Explorer
Joomla! Explorer
Posts: 286
Joined: Tue Mar 06, 2007 9:39 am

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by pintobuck » Thu Mar 16, 2017 1:45 pm

Version 4 - A solution that worked for me

The change between Version 3 and Version 4, is that this version leaves out Ajax modifications to the .htaccess file. My understanding is that Ajax can be a security risk, so it is best not to modify it in the .htaccess file. Also, Joomla has an Ajax interface for Joomla module builders, if they need it.

So, in .htaccess, look for
RewriteEngine On

Underneath that, I inserted:

### -- begin HTACCESS MODIFICATION FOR JOOMLA SSL/TLS HTTPS
###
### 1. - At your web site hosting service, enable SSL Force HTTP > HTTPS.
### 2. - Do NOT set "Force SSL" in Joomla config, just leave it as "none"
### 3. - insert the following rules in .htaccess as needed for your situation.
###
### Force https in all pages
#RewriteCond %{HTTP:X-Forwarded-Proto} !https <-- COMMENTED OUT BECAUSE
### MY WEB HOSTING SERVICE IS DOING IT. (See Item #1, above.)
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] <-- COMMENTED OUT BECAUSE
### MY WEB HOSTING SERVICE IS DOING IT. (See Item #1, above.)
###
### Redirect http://www.Your_Domain_Name.com to https://Your_Domain_Name.com
### (Notice the www. Add only if needed. Also, change Your_Domain_Name.com to your own domain.)
RewriteCond %{HTTP_HOST} ^www\.(Your_Domain_Name\.com)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]
###
### Upgrade internal requests to https, insert if your site layout breaks when visiting the site via https.
Header set Content-Security-Policy "upgrade-insecure-requests"
###
### -- end .HTACCESS MODIFICATION FOR JOOMLA SSL/TLS HTTPS

JoaoTaleco
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Jul 20, 2010 11:37 am

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by JoaoTaleco » Thu Mar 08, 2018 12:59 pm

This worked for me:
1) set Joomla to Force HTTPS = Entire Site
(Joomla Administrator / System / Global Configuration / Server / Force HTTPS = Entire Site.)

2) go to configuration.php and set live_site empty: public $live_site = '';

pintobuck
Joomla! Explorer
Joomla! Explorer
Posts: 286
Joined: Tue Mar 06, 2007 9:39 am

Re: Installing SSL https on Joomla 3.6.5, Problems, and Solutions

Post by pintobuck » Wed Apr 25, 2018 9:36 pm

Now using: Joomla! 3.8.7 Stable, mysql 5.5.5-10.2.13-MariaDB-log, Apache webserver on a large shared hosting service based in the USA.

I was using a German web hosting service with the server in Germany when I started this thread about problems installating SSL https on Joomla 3.6.5.
Forcing SSL on Joomla continued to cause various problems for me through subsequent Joomla updates.

Recently, I moved my web site to a U.S. based hosting service, and Shazaam! all my SSL problems went away.


Locked

Return to “General Questions/New to Joomla! 3.x”