XF 1.4 htaccess non www and SSL?

[FredC]

How to force both non www and https?

My forum is in a community folder and my htaccess looks like so... (forcing https)

#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://doberman-chat.com/community/$1 [R,L]

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /xenforo

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^.*$ - [NC,L]
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>

I also have a separate htaccess file in the root directory... (forcing non www)

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

So the question is how do i get these two rewrites to work together?
------------------------
Edit: I also have a rewrite someplace forcing all traffic from my root domain to the community folder. IE: mysite.com redirects to mysite.com/community

will i ever be able to get all these to play together?

 

[FredC]

right now my boards a mess. I have www. and non wwws and http and https all running.. This is gonna get dicey when members start posting links and the cookies start freaking out..

 

[FredC]

edit/edit... I also seem to have the ssl certificate configured wrong because the https:// doesn't appear green on the forum index page however it does on various thread pages.

 

[TPerry]

edit/edit... I also seem to have the ssl certificate configured wrong because the https:// doesn't appear green on the forum index page however it does on various thread pages.

That means you have unsecured links/images on the main index page.
What (and realize I haven't messed with Apache in ages) I think you have to do is rewrite your www to a non-www, then redirect that to the SSL site. You may be able to just do a catch all redirect of all inbound traffic to the SSL.

Have you remembered to change your URL in the ACP?
The unsecured content is (from looking at the source of the index page)
http://doberman-chat.com/imagehost/pics/d8f68434e51e278ac8b5675e6b89dd20.gif (and several other links to dog photos)
http://doberman-chat.com/community/login

 

[FredC]

That means you have unsecured links/images on the main index page.
What (and realize I haven't messed with Apache in ages) I think you have to do is rewrite your www to a non-www, then redirect that to the SSL site. You may be able to just do a catch all redirect of all inbound traffic to the SSL.

Have you remembered to change your URL in the ACP?
The unsecured content is (from looking at the source of the index page)
http://doberman-chat.com/imagehost/pics/d8f68434e51e278ac8b5675e6b89dd20.gif (and several other links to dog photos)
http://doberman-chat.com/community/login

Ahh yes i had forgot i had used to use my own image hosting software back in the vB days. Still cant really wrap my head around this SSL configuration stuff..

doberman-chat.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)

hmm that doesnt sound good..

 

[TPerry]

hmm that doesnt sound good..

Is your SSL a PostiveSSL or a RapidSSL?
There are some steps you have to take (with nginx at least) to concatenate them.

 

[FredC]

Is your SSL a PostiveSSL or a RapidSSL?
There are some steps you have to take (with nginx at least) to concatenate them.

Positive SSL

 

[TPerry]

Positive SSL

Have you followed the instructions at http://www.positivessl.com/ssl-certificate-support/cert_installation/apache-ssl.php?

Or are you using cPanel (or some other panel)?

 

[FredC]

i used Cpanel.. let me go give that link a read real quick.. Dang i didnt think it was going to be this complicated.. At any rate ill read their instructions and give this another shot and report back with the results..

 

[TPerry]

For cPanel, refer to http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/InstallCert.

 

[FredC]

I'm kinda stuck here i guess???

This SSL certificate was already installed.

The SSL website is now active and accessible via HTTPS on this domain:

• doberman-chat.com

The SSL certificate also supports this domain, but this domain does not refer to the SSL website mentioned above:

• www.doberman-chat.com

 

[FredC]

Ugh Im getting to old for this crap... Every browsers is throwing a warning page telling my guests to run away as fast as they can.. this is BS... I thought this certificate installation thing was supposed to be easy?

This Connection is Untrusted

You have asked Firefox to connect securely to doberman-chat.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

Possibly related the the CA Bundle (optional) field that was left empty?

 

[FredC]

try again tomorrow i suppose.. i better get some rest before i break something important like a laptop... I suppose i can just revert my .htaccess file for the time being..

 

[TPerry]

try again tomorrow i suppose.. i better get some rest before i break something important like a laptop... I suppose i can just revert my .htaccess file for the time being..

Part of the problem is this.
Notice that it is showing for your certificate to be issued to server2.doberman-chat.com and in mine it's showing servinglinux.com (which is my actual domain name that answers for the HTTP call). It almost looks like you are using a private SSL certificate created on the server itself.



and it should look similar to this

 

[FredC]

Part of the problem is this.
Notice that it is showing for your certificate to be issued to server2.doberman-chat.com and in mine it's showing servinglinux.com (which is my actual domain name that answers for the HTTP call). It almost looks like you are using a private SSL certificate created on the server itself.

View attachment 82356

and it should look similar to this

View attachment 82357

Hmm i dont have any idea where the heck that certificate came from possibly an auto generated self signed cert? my third party SSL Cert expires Aug/30/2019
Possibly because i deleted the third party certificate last night to start fresh today..

 

[FredC]

I hate anything that i have to work on inside the server.. it sucks i dont know crap about them and now my notebook is broke again.. I really have to learn to quit working on stuff that aggravates my anger issues..

 

[FredC]

Google can kiss my ass. What a load of nonsense.. now i just have to figure out how to delete all that crap from my server

 

[TPerry]

Are you on an actual VPS or server or shared hosting? It should be a simple matter of placing the certs on the server and then installing them via cPanel (just from a rough look).

 

[FredC]

i have my own dedicated server.. And yeah it supposed to be simple and i really don't know what im doing wrong.. But i just dont see the advantages of a headache like this just to appease the Google Gods.. I think we will pass on SSL ill just pay my client the 25 back they payed for the cert and explain the pros and cons i believe they will agree this is pretty stupid for a forum that doesn't process its own transactions the Google advantages are simply not worth the added headaches.

@Tracy Perry i would like to thank you for taking time out to try to work through this with me. however my technical skills relating to anything Server are almost ZERO!!! and i just don't have the patience for this kind of stuff anymore..

 

[TPerry]

Looks pretty simple (this is for a digicert certificate but they should all be similar)

1. Download the Intermediate and Primary Certificate to where you keep your certificates and key files on the server
2. Login to your cPanel control panel
   
3. Find and click on SSL/TLS Manager
   
4. Click on Generate, view, upload, or delete SSL certificates
5. Under the Upload a New Certificate section, click on the Browse button and find your Primary Certificate (yourdomain.crt) that you downloaded in the first step. Or if you have copied the contents of your primary certificate from the email, paste it in the box labeled: "Paste the crt below". To access the text version of your certificate, open it with a text editor. When copying and pasting your certificate, include the BEGIN and END tags.
6. Click the Upload button
7. Click Go Back and click Return to SSL Manager at the bottom of the page
   
8. Click on Setup a SSL certificate to work with your site. If this option is not available, your web host may have disabled it. You will need to contact them about how to install the Intermediate certificate
   
9. Select the domain you are using from the Domain drop down menu. The system will attempt to "Fetch" the SSL Certificate and private key for you. If this doesn't work, you may need to contact your web host
   
10. In the box labeled Ca Bundle paste the contents of the Intermediate certificate Click Install Certificate. Your SSL certificate should now be installed, and the website configured to accept secure connections. You or your web host may need to restart Apache before it will work