Support

Hello Akeeba

This is the message I go from my hoster this morning:

The validation required 1 HTTP redirect, but the AutoSSL provider “cPanel (powered by Comodo)” does not permit HTTP redirects. When the system accessed the “http://finalbug.net/.well-known/pki-validation/010C52613A0D00BE5E109589192C153B.txt” URL, it redirected to the “https://finalbug.net/.well-known/pki-validation/010C52613A0D00BE5E109589192C153B.txt” URL.

If I am not mistaken this is because I have a setting in Admin tools that redirects all http addresses to https addresses.

Is this correct?
Is this normal that i get a message like this from my hoster?
Do I have to turn this setting of?
Or is there another solution?

thanks

Paul

ps maybe I just need to think the other way around and get the hoster just to validate https but frankly I am a little lost!?!

Hi Nicholas

Thank you for your fast reply...

If you expect the automatic validation to run on a schedule (e.g. every 3 months) it might be better

Not sure but I expect that they have some clever system set up that does something like this.

Ok going here:

HSTS Header (for HTTP-only sites)



Assuming that you have a site which is only supposed to be accessed over HTTPS, your visitor's web browser has no idea that the site should not be ever accessed over HTTP. Joomla! offers a Global Configuration setting to force SSL throughout the entire site, but this is merely a workaround: if it sees a request coming through HTTP it will forward it to HTTPS.

I am setting this to no!

And clicking "Save and create .htaccess"

Question on the side this will only save the change that I have just made right.
eg other changes/modifications from my hoster remain intact right?
Sorry about being paranoid ;-)

Moreover, go to your Joomla Global Configuration and set "Use SSL (HTTPS)" to "Entire site". This has a similar effect to the .htaccess Maker feature, it's just slightly slower for the very first non-HTTPS request made by a browser.

That is this item here

Global Config>Server>"Force HTTPS" which was set to "Entire Site" and I have left it so.

Again being paranoid could this doubling up of HTTP/HTTPS redirects potentially caused any issues.

Last but by no means least I guess i need to contact my hoster and get them to ru the test again to double check that all is well!

thanks

Paul

Hi Nicholas

As always thank you for your detailed and clear replies.
I got this mail from my hoster today so all appears to be well after following your instructions:

Good news, AutoSSL has successfully renewed the Domain Validated (DV) certificate for “finalbug.net”. This does not require any further action by you.

thanks again

Paul

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.