XF 1.2 SSL does not work


Well-known member
It looks like perhaps your web server isn't rewriting your SSL files correctly. You may have to copy your setup for non-SSL to match SSL. I think all of your SSL files are being rewritten to your wordpress installation.


New member
For whatever it's worth, this is the .htaccess file I have in my web root (public_html or www most of the time):
# Set default error pages
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
RewriteEngine on
        # Remove www prefix
        RewriteCond %{HTTP_HOST} ^www.*REMOVED*.net$ [NC]
        RewriteRule ^(.*)$ https://*REMOVED*.net/$1 [R,L]

        # Force SSL
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://*REMOVED*.net/$1 [R,L]

        # xenForo rules
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
        RewriteRule ^.*$ index.php [NC,L]

        # Prevent direct usage of resources on other websites
        RewriteCond %{HTTP_REFERER} !^$
        RewriteCond %{HTTP_REFERER} !^http://*REMOVED*.net/.*$      [NC]
        RewriteCond %{HTTP_REFERER} !^http://*REMOVED*.net$      [NC]
        RewriteCond %{HTTP_REFERER} !^http://www.*REMOVED*.net/.*$      [NC]
        RewriteCond %{HTTP_REFERER} !^http://www.*REMOVED*.net$      [NC]
        RewriteRule .*\.(jpg|jpeg|gif|png|bmp|woff|eot|svg|ttf|otf|mp3|ogg|wav|flac)$ - [F,NC]

# Other stuff
Options -Indexes
The only xF settings that I've had to change are URLs. Do you have access to your web server's (Apache, nginx, etc.) log files? You could check them for errors. If you can't you should have your host's support staff take a gander at them.


Well-known member

I think i know what the ^problem is:

The ssl certificate was clearly only for the primary domain and not for the subdomain.
I thaught it was for all subdomain also.
So i think i have to buy another certificate.