- Posts: 12
Before asking for help please read "How to request help" by clicking on that tab above here."
Question [SOLVED] How to use with an SSL Certificate with 1.7.9/10
- snakeeyes
- Topic Author
- Offline
- New Member
I am trying to figure out how to use an SSL certificate with my existing webtrees installation. When i create an .htaccess file to redirect everything on the site to https:// i get the following error as well the address for the site get rewritten to include port 80
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
I have another site where I am using an SSL certificate and was able to get it set up rather straight forwardly. The tech support at my hosting company is assuring me that what I am doing should be working, but that they have no idea why the port number is being automatically added, nor why the redirects are failing, aside from telling my that there must be something in the site causing the issue.
Does anybody have any experience with this? And if so can some please help me to figure out what I am missing?
Additionally, when i manually type in the https:// it will work, but I am getting the error message that some parts of the site are not secure. As far as I am aware, nothing is being served from a source other than my site.
Thank you
Andrew
Please Log in or Create an account to join the conversation.
- fisharebest
- Offline
- Administrator
webtrees needs to generate URLs.
It does this from information provided by the webserver. This link will show you how to see the information that webtrees uses.
www.webtrees.net/index.php/en/forum/help...dless-ssl-loop#66070
Your webserver is presumably telling PHP that it is fetching HTTP over port 433 (or HTTPS over port 80).
Therefore webtrees is generating URLs containing a port number.
webtrees 1.7 is pretty strict on this. It will assume your server config is correct, and will generate URLs exactly as requested.
webtrees 2.0 uses an external library which is more tolerant. If you tell it you are using HTTP at port 443, it will ignore you and assume you really meant HTTPS, etc.
If this isn't enough help, can you post the output of the script I referenced above.
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- fisharebest
- Offline
- Administrator
www.webtrees.net/index.php/en/forum/help...n-menu-sign-in#66195
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
ERR_TOO_MANY_REDIRECTS
This error also happens if I have the https:// version of the address as well
but the redirect is rewriting the address to include the https now and it is not including the port number anymore so some progress.
Please Log in or Create an account to join the conversation.
- fisharebest
- Offline
- Administrator
If so, delete it.
If you can't access the control panel, look in the wt_site_setting table in the database
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- fisharebest
- Offline
- Administrator
Sorry - just read this.
Do not use this setting. It is removed in the next version, because it is frequently misused.
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
An error occurred during a connection to gene.alteredpixels.ca:80. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
my .htaccess file, which i took from another site of mine on the same host that is working properly for me.
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
with regards to the page you referred me to about HTTP_X_FORWARDED_PORT and it is showing both ports 80 & 443 already being in place, so i'm not sure if I should change anything there?
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
i commented out line 174 in /includes/session.php
// $port = Filter::server('SERVER_PORT', null, '80');
Now the redirect works, but I get a partial secure message when i click on the padlock in the address bar of my browser. How do I resolve this issue?
Please Log in or Create an account to join the conversation.
- fisharebest
- Offline
- Administrator
You would have been better setting X_FORWARDED_PORT in your apache config. I showed you how to do this earlier.
> How do I resolve this issue?
Use the browser's "developer tools". e.g. CTRL-SHIFT-I in firefox and chrome.
Or post the URL here so we can take a look.
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- mp
- Offline
- Senior Member
- no changes in .htaccess necessary
- Control panel > Sign-in and registration > Sign-in URL set from http to https
- Control panel > Website preferences > check "Website URL" is set to https
done
Martin - ffp.bauschaffen.de
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
for web site preferences I have gene.alteredpixels.ca/
with these two entries and the .htaccess file, on the main page ( gene.alteredpixels.ca/index.php?ctype=gedcom&ged=tree1 ) I get a partially secure message, wether I am logged in or not. On every other page I tested whether logged in or not, I got a properly secured message in the browser address bar.
With the .htacess file removed I get the same results as above.
If i uncomment line 174 in /includes/session.php ->$port = Filter::server('SERVER_PORT', null, '80'); including removing the .htaccess fle, but leaving the other two settings in place I get a ERR_TOO_MANY_REDIRECTS when i try to go to gene.alteredpixels.ca. However the redirect does seem to function correctly and not append port 80 fora random reason i cant understand. And it is showing as secure in the browser address bar
Please Log in or Create an account to join the conversation.
- kiwi
- Offline
- Platinum Member
snakeeyes wrote:
with these two entries and the .htaccess file, on the main page ( gene.alteredpixels.ca/index.php?ctype=gedcom&ged=tree1 ) I get a partially secure message, wether I am logged in or not. On every other page I tested whether logged in or not, I got a properly secured message in the browser address bar.
"Partially secure" usually means you are serving content that is not https on an https page. In your case, it is the image displayed via a link from www.irishsurnames.com . Either persuade the Irish Surnames site to update their site to https or (far better) store a copy of the image locally and use that instead.
Nigel
www.our-families.info
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
But I am still getting the ERR_TOO_MANY_REDIRECTS if i do not have line 174 in /includes/session.php commented out. This is with or without the .htaccess file
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
Please Log in or Create an account to join the conversation.
- fisharebest
- Offline
- Administrator
You almost certainly want to leave it blank. Same goes for the "server URL" setting.
(I removed these settings in webtrees 2.0, since they caused more problems than they solved. I'll probably remove them in the 1.7 branch as well).
Most problems with getting SSL to work are that your webserver config listens on 443/HTTPS, but tells PHP that it is listening on port 80.
Create a phpinfo file - see www.webtrees.net/index.php/en/forum/help...dless-ssl-loop#66070 - and view it in your browser using your SSL configuration.
If there's nothing in here to indicated HTTPS and 443, then webtrees won't know about it.
You can set X_FORWARDED_PORT and X_FORWARDED_PROTO in your apache configuration to tell PHP/webtrees exactly what to use.
Greg Roach - greg@subaqua.co.uk - @fisharebest@phpc.social - fisharebest.webtrees.net
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
for reference here is the .htaccess file i am using
Please Log in or Create an account to join the conversation.
- snakeeyes
- Topic Author
- Offline
- New Member
- Posts: 12
Please Log in or Create an account to join the conversation.