We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 44314
    • 44 Posts
    Hi,

    I'm trying to switch a MODx installation to use SSL (revo 2.5.1) but not having any success. I've tried everything i could find on the web but can't seem to find anything that resolves this for me.

    As i understand it, i need to change / add some entries in the .htaccess file. currently it reads-

    RewriteCond %{HTTP_HOST} !^(.*)\.mywebsite\.com$ [NC]
    RewriteRule ^(.*)$ http://www.mywebsite.com/$1 [R=301,L]


    And this serves the pages over standard HTTP and redirects the non www version of the url to the www version.

    I've tried the following in order to make the whole site run on HTTPS but in doing so, the whole website didn't render correctly, and also the green padlock in the address bar didn't appear, it still stated that the page(s) where insecure..

    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://mywebsite.com/$1 [R=301,L]
    


    Any help or suggestions would be greatly appreciated!
      • 36818
      • 119 Posts
      Hi bolero,

      worked for me:
      RewriteCond %{HTTPS} off
      # First rewrite to HTTPS:
      # Don't put www. here. If it is already there it will be included, if not
      # the subsequent rule will catch it.
      RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
      # Now, rewrite any request to the wrong domain to use www.
      RewriteCond %{HTTP_HOST} !^www\.
      RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


      And put the system setting
      server_protocol
      to https.
        • 3749
        • 24,544 Posts
        Also, set the link_tag_scheme System Setting to https as well.
          Did I help you? Buy me a beer
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/modx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
          • 53149
          • 2 Posts
          So the problem I had is that the base href is pointing to an insecure URL (http://...), which means all of the head-inserted CSS and script files get called using that base href even if the page itself is called from a secure URL (https://...). Most browsers seem to accept the mixed-security situation, but Chrome pitches a fit and blocks all of the "insecure" content -- which means no CSS, scripts, etc. After deconstructing the variables in config.inc.php, I discovered the server_protocol system setting. Set that to https and problem solved! Much neater than other suggestions of forcing https in config.inc.php or manually editing base href in the template head.

          Surprisingly, this thread didn't come up in my extensive googling of the situation, so I'm adding my story in hopes that it gets indexed and helps others.
            • 3749
            • 24,544 Posts
            Usually, the base href statement in all your Templates should look like this:

            <base href="[[!++site_url]]" />


            Set like that, it's not biased toward either http or https.
              Did I help you? Buy me a beer
              Get my Book: MODX:The Official Guide
              MODX info for everyone: http://bobsguides.com/modx.html
              My MODX Extras
              Bob's Guides is now hosted at A2 MODX Hosting