1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 SSL not working?

Discussion in 'Troubleshooting and Problems' started by HazedOff, Mar 22, 2015.

  1. HazedOff

    HazedOff Member

    my site loads fine at http://forbiddense.com/

    but even though I've installed the SSL certificate and everything else, re-issued it to the new VPS I'm on, etc. it won't work? its saying xenforo is trying to load mixed content, but the board urls are set to https:// and we're coming from a backup from a previous VPS where https:// was working fine?

    this is the page result when loading via SSL;

    [​IMG]

    Any ideas?
     
  2. Arkshine

    Arkshine Active Member

    Did you change forum url in the XF options to change http to https?

    Console says:

    Code:
    Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://forbiddense.com/css.php?css=xenforo,form,public&style=15&dir=LTR&d=1427058959'. This request has been blocked; the content must be served over HTTPS.
    (index):31 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://forbiddense.com/css.php?css=genesis,nat_public_css,node_category,node_link,node_list,node_page,wf_default&style=15&dir=LTR&d=1427058959'. This request has been blocked; the content must be served over HTTPS.
    (index):286 Mixed Content: The page at 'https://forbiddense.com/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://forbiddense.com/login/login'. This endpoint should be made available over a secure connection.
    (index):362 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/data/avatars/s/0/3.jpg?1425223938'. This content should also be served over HTTPS.
    (index):370 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/data/avatars/s/0/1.jpg?1425555532'. This content should also be served over HTTPS.
    (index):641 Mixed Content: The page at 'https://forbiddense.com/' was loaded over HTTPS, but requested an insecure image 'http://forbiddense.com/styles/Ideal/xenforo/logofse2.png'. This content should also be served over HTTPS.
     
  3. HazedOff

    HazedOff Member


    [​IMG]

    Yeah, its like I said, we're coming from a backup made on the old VPS where https was working fine. I've installed the SSL cert correctly and some users are able to load the site fully via HTTPS but me and other users and clearly yourself aren't able too for some reason.
     
  4. melbo

    melbo Well-Known Member

    Do you have to change anything in cloudflare settings?
     
  5. HazedOff

    HazedOff Member

    I have cloudflare services paused at the moment to completely eliminate the chance of it being a cloudflare related issue.
     
  6. melbo

    melbo Well-Known Member

    I was just blocked by a cloud flare captcha page when accessing through TOR.
     
  7. melbo

    melbo Well-Known Member

    Path to images correct?
     
  8. HazedOff

    HazedOff Member

    Yes, as I said its working for some people through HTTPS and then for others like myself it isn't.
     
  9. Brogan

    Brogan XenForo Moderator Staff Member

    Your site is still actually available at http too, as well as www and non-www.
    The FAQ in my signature explains how to resolve that.

    With regards to the error, if it's working for some and not others, that sounds like a caching issue.
     
  10. melbo

    melbo Well-Known Member

    Working for me now (with images) on Chrome and FF on a Linux box
     
  11. HazedOff

    HazedOff Member

    Struggling to find anything in relation to what you mentioned in your signature.
     
  12. Brogan

    Brogan XenForo Moderator Staff Member

  13. HazedOff

    HazedOff Member

    Also when I implement;

    Code:
    #RewriteEngine On
    #RewriteCond %{HTTPS} !=on
    #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    without the # it gives me this error;

     
  14. melbo

    melbo Well-Known Member

    Is this syntax correct?
    Code:
    RewriteCond %{HTTPS} !=on
     
  15. HazedOff

    HazedOff Member

    Yes thats correct but if I uncomment it in the .htaccess it causes the re-direct loop.
     
  16. Brogan

    Brogan XenForo Moderator Staff Member

  17. leperwdup

    leperwdup New Member

    I had the same problem on AWS ELB. Thanks to https://bharatikunal.wordpress.com/2010/12/03/howto-forcing-traffic-to-https/ -

    Do not use this:

    Code:
    RewriteCond %{HTTPS} !=on
    ...if you route HTTPS to HTTP on a load balancer. Instead, use:

    Code:
    RewriteCond %{HTTP:X-Forwarded-Proto} !https

    That gets around the re-direct loop. But there's still a problem, in that may start to get errors like this:

    Code:
    Mixed Content: The page at 'https://www.example.com/forum/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.example.com/forum/css.php?css=xenforo,form,public&style=3&dir=LTR&d=1447310859'. This request has been blocked; the content must be served over HTTPS.
    This seems to be due to something in XenForo not presenting the https://... properly. The fix is edit library/config.php, and add this at the very beginning:

    Code:
    $_SERVER['HTTPS'] = 'on';
     
    Qhiliqq likes this.
  18. brucey

    brucey Member

    Amazing! Been trying to fix this for ages.

    I think this is because I am using cloudflare to serve the https
     

Share This Page