maicol07 Posted July 20, 2019 Share Posted July 20, 2019 (edited) Hi,I've created a new subdomain (updates.maicol07.it) where I installed OctoberCMS from Softaculous. CPanel issued a self-signed certificate that expires next year but if you try to open https://updates.maicol07.it it says: Ahoy! You're seeing this page because you've reached a website on our service that's not configured to accept secure connections (HTTPS). If you're a visitor, try visiting this site again, removing the "https" in front of the website domain. Please note that your connection to this user's website will not be secure. If you're the webmaster of this site, we recommend you take a few minutes to set up SSL so your visitors can connect securely. You can do this from your control panel. If you need assistance, please visit our support forums or Wiki. Thanks for choosing HelioHost! Sincerely, What should I do? Wait for AutoSSL? Note that some days ago I've set up Cloudflare.Thanks Edited July 20, 2019 by maicol07 Quote Link to comment Share on other sites More sharing options...
Sn1F3rt Posted July 20, 2019 Share Posted July 20, 2019 Which server are you on? Quote Link to comment Share on other sites More sharing options...
maicol07 Posted July 20, 2019 Author Share Posted July 20, 2019 Which server are you on?Tommy Quote Link to comment Share on other sites More sharing options...
Sn1F3rt Posted July 20, 2019 Share Posted July 20, 2019 Then either remove Cloudflare association or ask an administrator to disable AutoSSL on your account. SInce Cloudflare SSL will be breaking AutoSSL so both can't exist together. Which one do you want to keep? Quote Link to comment Share on other sites More sharing options...
maicol07 Posted July 20, 2019 Author Share Posted July 20, 2019 Then either remove CLoudflare association or ask an administrator to disable AutoSSL on your account. SInce Cloudflare SSL will be breaking AutoSSL so both can't exist together. Which one do you want to keep?If I disable Cloudflare SSL option, will AutoSSL work? Quote Link to comment Share on other sites More sharing options...
Sn1F3rt Posted July 20, 2019 Share Posted July 20, 2019 Yep it will...you will need to wait for an Apache restart on Tommy(max 24 hours). Quote Link to comment Share on other sites More sharing options...
maicol07 Posted July 20, 2019 Author Share Posted July 20, 2019 This one, right? Quote Link to comment Share on other sites More sharing options...
Sn1F3rt Posted July 20, 2019 Share Posted July 20, 2019 Yep. Quote Link to comment Share on other sites More sharing options...
maicol07 Posted July 20, 2019 Author Share Posted July 20, 2019 What about HSTS and Automatic HTTPS rewrites from Cloudflare? Quote Link to comment Share on other sites More sharing options...
Sn1F3rt Posted July 20, 2019 Share Posted July 20, 2019 For https redirect: For HTML: (Add a meta tag)< meta http-equiv="Refresh" content="0;URL=https://www.example.com" />For PHP:< ?php function redirectTohttps() { if($_SERVER['HTTPS']!=”on”) { $redirect= “https://”.$_SERVER['HTTP_HOST].$_SERVER['REQUEST_URI'];header(“Location:$redirect”); } } ?> Quote Link to comment Share on other sites More sharing options...
maicol07 Posted July 20, 2019 Author Share Posted July 20, 2019 I've already set up redirects in .htaccess. So does those two Cloudflare options break AutoSSL? Quote Link to comment Share on other sites More sharing options...
Sn1F3rt Posted July 20, 2019 Share Posted July 20, 2019 Yes...they will break AutoSSL as wolstech said in : https://www.helionet.org/index/topic/36270-getting-error-while-opening-my-domain/ Quote Link to comment Share on other sites More sharing options...
maicol07 Posted July 20, 2019 Author Share Posted July 20, 2019 Yes...they will break AutoSSL as wolstech said in : https://www.helionet.org/index/topic/36270-getting-error-while-opening-my-domain/Also HSTS? Quote Link to comment Share on other sites More sharing options...
Sn1F3rt Posted July 20, 2019 Share Posted July 20, 2019 No...for HSTS add this to .htaccess : Header set Strict-Transport-Security "max-age=31536000" env=HTTPS Quote Link to comment Share on other sites More sharing options...
maicol07 Posted July 20, 2019 Author Share Posted July 20, 2019 (edited) Ok, so now my htaccess is like this and my site is broken by redirect error: Header set Strict-Transport-Security "max-age=31536000" env=HTTPS RewriteEngine On # This will enable the Rewrite capabilities # This checks to make sure the connection is not already HTTPS RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} # This rule will redirect users from their original location, to the same location but using HTTPS. # i.e. http://www.example.com/foo/ to https://www.example.com/foo/ RewriteCond %{HTTP_HOST} ^maicol07\.it$ [OR] RewriteCond %{HTTP_HOST} ^www\.maicol07\.it$ RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^status$ "https\:\/\/status\.maicol07\.ml\/" [R=301,L] Edited July 20, 2019 by maicol07 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.