Jump to content

Upgrade to Https


Joss
 Share

Recommended Posts

I thought I would ask this general question if, for no other reason, so that there is a definitive answer kicking around for anyone else.

I have an existing PW site with no certificate.

I want to upgrade it using the Let's Encrypt free certificate available through CPanel on my hosting provider. (This is an ordinary site, not a shop or anything).

Once I hit the button, what should I change in my existing PW installation (configuration)?

And what should I add to the htaccess file to redirect all the existing http incoming links?

Joss

Link to comment
Share on other sites

 

Danke, Herr Kobrakai! :) 

That is good to hear.

With the recent updates in Chrome browser and the way that search engines prioritise https (sort of), this is becoming more of an issue for everyone, not just those running more obviously secure web applications.

Also interested to hear from others whether going SSL, even with lower security free solutions, should be pretty much automatic now. Should PW be promoting this?

I sometimes think that software providers should not only be offering good, secure software (and Ryan, yours is one of the best) but should probably be promoting best practice too, now. 

Link to comment
Share on other sites

Loving my host so much -- they automatically enabled LetsEncrypt for every single one of their clients on shared and reseller hosting with automated renewals. Interesting thing is that they didn't announce it or place a readme in the skeleton directory for new accounts. Nonetheless, it's there, and it works really well. All I have to do is force HTTPS.

??

  • Like 3
Link to comment
Share on other sites

If you're moving to HTTPS, please note that Google considers your HTTPS and HTTP sites as 2 different sites.

Get all your Search Console verifications set up for www, non www, https, http etc etc and monitor closely. Lots of great articles out there on making the switch without killing your rankings.

  • Like 1
Link to comment
Share on other sites

On 23/01/2017 at 5:36 PM, Mike Rockett said:

Loving my host so much -- they automatically enabled LetsEncrypt for every single one of their clients on shared and reseller hosting with automated renewals.

That sounds great. Who do you host with, and do they publicly promote this on their website? Are they a cPanel host running the Let's Encrypt plugin?

Am going to try and convince my host to do the same, and may consider moving host if they won't play ball.

Link to comment
Share on other sites

@Robin S - I'm using a local hosting company called Elitehost here in SA. They told me Let's Encrypt is built into their WHM/cPanel instances (v60) on all servers. My only gripe is with regards to subdomains. The LE system auto-issues certificates once per day, so I have to wait after having created a subdomain. If it's urgent, though, then someone on the support team will do it manually for me.

  • Like 1
Link to comment
Share on other sites

@Mike Rockett, thanks for the info.

I asked my host about Let's Encrypt certificates and they said they been providing free SSL certificates for all accounts for the last three months. Must have missed the announcement.

Looks like the certificate is by Comodo via cPanel. Not sure what the pros and cons are versus a Let's Encrypt certificate but a check on SSL Labs gave it an "A" so sounds good enough to me.

  • Like 1
Link to comment
Share on other sites

Considering how costly and time consuming installing a security cert was up to only quite recently, it is so much better now.

On my blog, I use a CloudFlare free account which comes with free https as well, which is one way of doing it. Recently I signed up with the same hoster that I use for the blog, to host an intranet I'm building for my current employer, and it turns out they now offer 1-click Let's Encrypt certificates. And it really is that easy - one click, wait a few seconds, and it just works. Not been live long enough to see how renewing the cert goes, but I don't anticipate any issues. FYI the host is Vidahost, with their 'cloud hosting' packages. (They also offer one-click PHP version change - the intranet is running on this week's latest PW version under PHP 7.1, and it all works great!)

  • Like 2
Link to comment
Share on other sites

I use Kualo in the UK for hosting. Actually, I have found them generally very good overall and normally nice and fast.

They supply Let's Encrypt on their shared servers via CPanel, and it automatically renews. It takes seconds to set up - just hit the enable button for the domain or addon domain.

https://www.kualo.co.uk/blog/lets-encrypt

 

  • Like 3
Link to comment
Share on other sites

3 hours ago, Joss said:

I use Kualo in the UK for hosting. Actually, I have found them generally very good overall and normally nice and fast.

They supply Let's Encrypt on their shared servers via CPanel, and it automatically renews. It takes seconds to set up - just hit the enable button for the domain or addon domain.

https://www.kualo.co.uk/blog/lets-encrypt

 

I use a Kualo reseller account & they have been fantastic so far. All accounts I create have their own hosting account/cpanel login, the whole domain is https and good to go, with the option of using letsencrypt (free) if you prefer to the already built in one. Literally couldn't be easier. You also have to make minimal changes in PW to get this working, I was quite surprised how effortless it was to migrate a site from http to https. Kualo support has been top notch too, with live chat on the site exceptionally fast and helpful.

Link to comment
Share on other sites

1 hour ago, SamC said:

I use a Kualo reseller account & they have been fantastic so far. All accounts I create have their own hosting account/cpanel login, the whole domain is https and good to go, with the option of using letsencrypt (free) if you prefer to the already built in one. Literally couldn't be easier. You also have to make minimal changes in PW to get this working, I was quite surprised how effortless it was to migrate a site from http to https. Kualo support has been top notch too, with live chat on the site exceptionally fast and helpful.

 

I have had two issues just today - the first was if I uncomment the https bit in the PW htaccess, it says it cant find the site.

The second was with enabling php7.1.1. The site seemed to work untill I tried to edit on particular page. It got confused and sent me to a 404. Next I knew was that the site froze and I recieved an email saying I had overused php requests.

Support realised it was a php compatability  issue and put me back onto 56 which has solved the problem.

That was a pain since I use php 7.1 locally and had no problems.

But I am not sure what was wrong. The error they saw was:

[Wed Feb 01 11:18:01.354468 2017] [core:error] [pid 20997] [client ipaddresshidden] End of script output before headers: index.php, referer:https://dancingbear.co.uk/dmin/page/edit/?id=1&s=1 

 

Link to comment
Share on other sites

1 hour ago, Joss said:

I have had two issues just today - the first was if I uncomment the https bit in the PW htaccess, it says it cant find the site.

The second was with enabling php7.1.1. The site seemed to work untill I tried to edit on particular page. It got confused and sent me to a 404. Next I knew was that the site froze and I recieved an email saying I had overused php requests.

Your site worked with https before you uncommented in the .htaccess? Did pages all redirect to https after manually typing out http address instead? What was your setup before you did anything?

I'm using PW v3.0.41 on a subdomain until the site is ready. All I did was uncomment:

  # -----------------------------------------------------------------------------------------------
  # 9. If you only want to allow HTTPS, uncomment the RewriteCond and RewriteRule lines below.
  # -----------------------------------------------------------------------------------------------
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

...and everything works fine. See screenshot of my cpanel php version, might help.

Screenshot 2017-02-01 17.12.46.png

I remember on one host, even after changing the PHP version, I still had to write:

AddType x-httpd-php7 .php

...at the top of .htaccess or the namespace wouldn't work. Threw an error as soon as:

//index.php
<?php namespace ProcessWire;

...was run. Probably unrelated but I thought I'd throw it out there.

 

*EDIT* I'm NOT using letsencrypt. The domain already has a already certificate. This is a quote from Kualo when I asked how my site works as https when I haven't installed anything:

"The server is configured with cpanel provided ssl.  Its free and when a hosting account is created, it gets installed automatically.  The other one I mentioned i.e. Let's Encrypt SSL is optional.  You can use any of the two but the one that get installed automatically as is on your account now should help."

Link to comment
Share on other sites

15 hours ago, Joss said:

Thanks, Sam, I will look through this later.

Also, I just got another message from support about the default .htaccess (located in public_html in a fresh kualo hosting account) which cleared something up for me.

When your hosting is first set up, there is an .htaccess file already in there (with a few rules, one of which is to do with comodo certificate - the default one installed on your kualo domain). Regarding the rules inside there, they need to also be copied into the .htaccess you use for processwire.

i.e. you may have problems if you simply replace the (already in there) .htaccess in publc_html with the processwire one.

  • Like 1
Link to comment
Share on other sites

18 minutes ago, SamC said:

Also, I just got another message from support about the default .htaccess (located in public_html in a fresh kualo hosting account) which cleared something up for me.

When your hosting is first set up, there is an .htaccess file already in there (with a few rules, one of which is to do with comodo certificate - the default one installed on your kualo domain). Regarding the rules inside there, they need to also be copied into the .htaccess you use for processwire.

i.e. you may have problems if you simply replace the (already in there) .htaccess in publc_html with the processwire one.

 

I haven't seen that, but then I have had this shared hosting for several years.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...