• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 SSL not working?

#1
my site loads fine at http://forbiddense.com/

but even though I've installed the SSL certificate and everything else, re-issued it to the new VPS I'm on, etc. it won't work? its saying xenforo is trying to load mixed content, but the board urls are set to https:// and we're coming from a backup from a previous VPS where https:// was working fine?

this is the page result when loading via SSL;



Any ideas?
 

Arkshine

Active member
#2
Did you change forum url in the XF options to change http to https?

Console says:

Code:
Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://forbiddense.com/css.php?css=xenforo,form,public&style=15&dir=LTR&d=1427058959'. This request has been blocked; the content must be served over HTTPS.
(index):31 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://forbiddense.com/css.php?css=genesis,nat_public_css,node_category,node_link,node_list,node_page,wf_default&style=15&dir=LTR&d=1427058959'. This request has been blocked; the content must be served over HTTPS.
(index):286 Mixed Content: The page at 'https://forbiddense.com/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://forbiddense.com/login/login'. This endpoint should be made available over a secure connection.
(index):362 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/data/avatars/s/0/3.jpg?1425223938'. This content should also be served over HTTPS.
(index):370 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/data/avatars/s/0/1.jpg?1425555532'. This content should also be served over HTTPS.
(index):641 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/styles/Ideal/xenforo/logofse2.png'. This content should also be served over HTTPS.
 
#3
Did you change forum url in the XF options to change http to https?

Console says:

Code:
Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://forbiddense.com/css.php?css=xenforo,form,public&style=15&dir=LTR&d=1427058959'. This request has been blocked; the content must be served over HTTPS.
(index):31 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://forbiddense.com/css.php?css=genesis,nat_public_css,node_category,node_link,node_list,node_page,wf_default&style=15&dir=LTR&d=1427058959'. This request has been blocked; the content must be served over HTTPS.
(index):286 Mixed Content: The page at 'https://forbiddense.com/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://forbiddense.com/login/login'. This endpoint should be made available over a secure connection.
(index):362 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/data/avatars/s/0/3.jpg?1425223938'. This content should also be served over HTTPS.
(index):370 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/data/avatars/s/0/1.jpg?1425555532'. This content should also be served over HTTPS.
(index):641 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/styles/Ideal/xenforo/logofse2.png'. This content should also be served over HTTPS.



Yeah, its like I said, we're coming from a backup made on the old VPS where https was working fine. I've installed the SSL cert correctly and some users are able to load the site fully via HTTPS but me and other users and clearly yourself aren't able too for some reason.
 

Brogan

XenForo moderator
Staff member
#9
Your site is still actually available at http too, as well as www and non-www.
The FAQ in my signature explains how to resolve that.

With regards to the error, if it's working for some and not others, that sounds like a caching issue.
 
#11
Your site is still actually available at http too, as well as www and non-www.
The FAQ in my signature explains how to resolve that.

With regards to the error, if it's working for some and not others, that sounds like a caching issue.
Struggling to find anything in relation to what you mentioned in your signature.
 
#13
Also when I implement;

Code:
#RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
without the # it gives me this error;

This webpage has a redirect loop
Reload
Hide details
The webpage at https://forbiddense.com/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Learn more about this problem.
Error code: ERR_TOO_MANY_REDIRECTS
 
#17
I had the same problem on AWS ELB. Thanks to https://bharatikunal.wordpress.com/2010/12/03/howto-forcing-traffic-to-https/ -

Do not use this:

Code:
RewriteCond %{HTTPS} !=on
...if you route HTTPS to HTTP on a load balancer. Instead, use:

Code:
RewriteCond %{HTTP:X-Forwarded-Proto} !https

That gets around the re-direct loop. But there's still a problem, in that may start to get errors like this:

Code:
Mixed Content: The page at 'https://www.example.com/forum/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/forum/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1447310859'. This request has been blocked; the content must be served over HTTPS.
This seems to be due to something in XenForo not presenting the https://... properly. The fix is edit library/config.php, and add this at the very beginning:

Code:
$_SERVER['HTTPS'] = 'on';
 
#18
Do not use this:

Code:
RewriteCond %{HTTPS} !=on
...if you route HTTPS to HTTP on a load balancer. Instead, use:

Code:
RewriteCond %{HTTP:X-Forwarded-Proto} !https

That gets around the re-direct loop.
Amazing! Been trying to fix this for ages.

I think this is because I am using cloudflare to serve the https