Advertisement:

Author Topic: Let's Encrypt SSL  (Read 3782 times)

Aficionado

  • Guest
Let's Encrypt SSL
« on: April 21, 2016, 05:16:14 pm »
Today i got a new plugin on my Cpanel to use Let's Encrypt SSL (free).

I haven't done anything yet, i would like to ask what is the best way to do this on a live and well established website. I have NEVER installed ssl to anything and i have no knowledge on all that.

Thanks

Aficionado

  • Guest
Re: Let's Encrypt SSL
« Reply #1 on: April 21, 2016, 09:06:23 pm »
What i mean is what to do within Osclass.

_CONEJO

  • Administrator
  • Hero Member
  • *****
  • Posts: 4689
Re: Let's Encrypt SSL
« Reply #2 on: April 22, 2016, 01:37:07 pm »
Only change required it to modify your config.php

Change your WEB_PATH to reflect the https URL

From
Code: [Select]
define('WEB_PATH', 'http://yourdomain.com/');

To
Code: [Select]
define('WEB_PATH', 'https://yourdomain.com/');

With this change, all the internal links to your website will have the HTTPS proto.


SSL has nothing to do with Osclass or any other script you could run on your webserver, SSL is handle by the server (apache, nginx,...). I don't use CPanel, nor know about that plugin. Let's encrypt gives you a free SSL certificate that last 4 months (IIRC), the plugin may renew the certificate automatically (I imagine). Now, it depends on how you have configured your server and what you want to achieve, if you want to allow both HTTP and HTTPS connections, you need to modify a little more your config.php file.

Something like that will allow both connection
Code: [Select]
// this is in case you have a proxy and the connection proxy<-->server is not secure
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO'])=='https') {
    $_SERVER['HTTPS'] = "on";
}
// allow both connection
if(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']=='on' || $_SERVER['HTTPS']==1)) {
    define('WEB_PATH',  'https://yourdomain.com/');
} else {
    define('WEB_PATH',  'http://yourdomain.com/');
}
Warning: It depends on which server are you running, they may or may not send you the $_SERVER['HTTPS'] (some send a "1" value, others send a "on" value)
If you for example use nginx as a proxy, and the connection nginx-apache is not secure, $_SERVER['HTTPS'] will be empty/null but $_SERVER['HTTP_X_FORWARDED_PROTO'] will have a http/https value depending on which connection reach the proxy.

Aficionado

  • Guest
Re: Let's Encrypt SSL
« Reply #3 on: April 22, 2016, 02:55:29 pm »
Thanks Daniel.

I'm running LiteSpeed webserver and it is very compatible.

I will try to switch one Osclass site to SSL and see how it goes.


Aficionado

  • Guest
Re: Let's Encrypt SSL
« Reply #4 on: April 22, 2016, 04:57:56 pm »
That was very easy to do.

With Bender 100% ok, with OsclassWizards theme i use i get mixed content. I will try to find out what that could be.


Aficionado

  • Guest
Re: Let's Encrypt SSL
« Reply #5 on: April 22, 2016, 11:39:44 pm »
Also if anybody interested in this information, after installing the ssl, all traffic should be redirected to the ssl site.

By adding this to .htaccess on top.

Code: [Select]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]


Aficionado

  • Guest
Re: Let's Encrypt SSL
« Reply #6 on: April 25, 2016, 04:32:22 pm »
Does anybody know what happens if you have a a multi-country Osclass with countries as subdomains (wildcard DNS as documented in the Osclass blog) and you want to enable SSL ?

Thanks

_CONEJO

  • Administrator
  • Hero Member
  • *****
  • Posts: 4689
Re: Let's Encrypt SSL
« Reply #7 on: April 25, 2016, 05:33:02 pm »
As far as I know, Let's Encrypt does not allow for wildcard certificates.

If you have a finite number of different domains, you could set up your server and a finite number of different certificates. Let's say you have a 20 countries installation, you need 20 different certificates and 20 different configurations of apache/nginx/litespeed/whatever you are using.

For about 85€/year you could have a rapidSSL/Comodo wildcard certificate, that will only require to have  ONE configuration and ONE certificate, which is way less problematic to maintain.

Aficionado

  • Guest
Re: Let's Encrypt SSL
« Reply #8 on: April 25, 2016, 05:37:24 pm »
Thanks Daniel, i was afraid of that.

I will see how i will handle my situation, maybe i will disable that subdomain/country thing. Didn't offer me any rank anyway ....


vecamar

  • Newbie
  • *
  • Posts: 44
Re: Let's Encrypt SSL
« Reply #9 on: June 15, 2018, 08:40:53 pm »
Hi Conejo!
You said this:
Quote
With this change, all the internal links to your website will have the HTTPS proto.
It´s true, but what happen with home page? In my site in home page appears "https" but not "secure" and green bar like in internal links.
What can I do? Thanks!

p206ab

  • Sr. Member
  • ****
  • Posts: 344
Re: Let's Encrypt SSL
« Reply #10 on: June 15, 2018, 11:46:44 pm »
Hi Conejo!
You said this:
Quote
With this change, all the internal links to your website will have the HTTPS proto.
It´s true, but what happen with home page? In my site in home page appears "https" but not "secure" and green bar like in internal links.
What can I do? Thanks!
Check the console (inspect element), there are probably some images or scripts that are being called with http. Everything, including scripts from external sources need to be https in order to get the green bar.

vecamar

  • Newbie
  • *
  • Posts: 44
Re: Let's Encrypt SSL
« Reply #11 on: June 15, 2018, 11:57:08 pm »
Thank you for your answer! It works! ;D
I had an image with "http". I changed it to "https".
Regards!

Tadeusz

  • Newbie
  • *
  • Posts: 2
Re: Let's Encrypt SSL
« Reply #12 on: October 06, 2018, 10:51:01 pm »
Please help me install the SSL certificate step by step

officeland

  • Newbie
  • *
  • Posts: 15
Re: Let's Encrypt SSL
« Reply #13 on: January 28, 2019, 10:04:47 pm »
Also if anybody interested in this information, after installing the ssl, all traffic should be redirected to the ssl site.

By adding this to .htaccess on top.

Code: [Select]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourwebsite.com/$1 [R,L]