1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 SSL does not work

Discussion in 'XenForo Questions and Support' started by Robby, Jul 9, 2013.

  1. Robby

    Robby Well-Known Member

  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    @Cala_Marie just got XenForo to run under SSL completely, however, I haven't messed with XenForo and SSL.
     
  3. Robby

    Robby Well-Known Member

    forums.digitalpoint.com is also on ssl so it must be possible...
    Any thaughts?
     
  4. Jeremy

    Jeremy XenForo Moderator Staff Member

    I have no more insight than what's already posted on the forums, unfortunately. @digitalpoint may also make his way here to comment.
     
  5. digitalpoint

    digitalpoint Well-Known Member

    It doesn't have anything to do with XenForo... XF doesn't care if it's SSL or not, it's your web server that you need to configure/install SSL cert on, not XenForo.
     
    caoanh204 and Jeremy like this.
  6. Robby

    Robby Well-Known Member

    That's allready done, see the homepage-->www.hidemychat.com
     
  7. digitalpoint

    digitalpoint Well-Known Member

    So I guess then what exactly is the issue/error you are getting when using XenForo on SSL?
     
    Robby likes this.
  8. Robby

    Robby Well-Known Member

    It's not showing it refers to http and not https
     
  9. Robby

    Robby Well-Known Member

    I'm asking my host for advice, maybe it's the crt that's only for domain and not subdomain?
     
  10. SneakyDave

    SneakyDave Well-Known Member

    Did you set your board URL to https://?

    You can try setting it to: //yoursite.com/xfroot

    Leaving off the http: or https:
     
  11. digitalpoint

    digitalpoint Well-Known Member

    Also, the certificate you have installed for the forums sub-domain is only intended for the www sub-domain, so you get an invalid certificate error.
     
    Robby and SneakyDave like this.
  12. SneakyDave

    SneakyDave Well-Known Member

    It looks like perhaps your web server isn't rewriting your SSL files correctly. You may have to copy your setup for non-SSL to match SSL. I think all of your SSL files are being rewritten to your wordpress installation.
     
  13. Cala_Marie

    Cala_Marie New Member

    For whatever it's worth, this is the .htaccess file I have in my web root (public_html or www most of the time):
    Code:
    # Set default error pages
    ErrorDocument 401 default
    ErrorDocument 403 default
    ErrorDocument 404 default
    ErrorDocument 500 default
    
    <IfModule mod_rewrite.c>
    RewriteEngine on
            # Remove www prefix
            RewriteCond %{HTTP_HOST} ^www.*REMOVED*.net$ [NC]
            RewriteRule ^(.*)$ https://*REMOVED*.net/$1 [R,L]
    
            # Force SSL
            RewriteCond %{HTTPS} !=on
            RewriteRule ^/?(.*) https://*REMOVED*.net/$1 [R,L]
    
            # xenForo rules
            RewriteCond %{REQUEST_FILENAME} -f [OR]
            RewriteCond %{REQUEST_FILENAME} -l [OR]
            RewriteCond %{REQUEST_FILENAME} -d
            RewriteRule ^.*$ - [NC,L]
            RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
            RewriteRule ^.*$ index.php [NC,L]
    
            # Prevent direct usage of resources on other websites
            RewriteCond %{HTTP_REFERER} !^$
            RewriteCond %{HTTP_REFERER} !^http://*REMOVED*.net/.*$      [NC]
            RewriteCond %{HTTP_REFERER} !^http://*REMOVED*.net$      [NC]
            RewriteCond %{HTTP_REFERER} !^http://www.*REMOVED*.net/.*$      [NC]
            RewriteCond %{HTTP_REFERER} !^http://www.*REMOVED*.net$      [NC]
            RewriteRule .*\.(jpg|jpeg|gif|png|bmp|woff|eot|svg|ttf|otf|mp3|ogg|wav|flac)$ - [F,NC]
    </IfModule>
    
    # Other stuff
    Options -Indexes
    
    The only xF settings that I've had to change are URLs. Do you have access to your web server's (Apache, nginx, etc.) log files? You could check them for errors. If you can't you should have your host's support staff take a gander at them.
     
    Robby likes this.
  14. Robby

    Robby Well-Known Member

    Hello,

    I think i know what the ^problem is:

    The ssl certificate was clearly only for the primary domain and not for the subdomain.
    I thaught it was for all subdomain also.
    So i think i have to buy another certificate.
     
  15. SneakyDave

    SneakyDave Well-Known Member

    There are some certificates you can by that can be used for the whole domain, but I can't recall which companies sell them.
     
  16. SneakyDave

    SneakyDave Well-Known Member

  17. Robby

    Robby Well-Known Member

    Hello,

    I found a better solution, i just moved the pad of the forums so no longer a subdomain.
    Works like a charm.
    Thanks for all responses.
     
    SneakyDave likes this.

Share This Page