Recent Topics

1 May 23, 2020 00:34    

Moving to SSL / HTTPS. Please help!

Hi everybody!

Hoping you are all save and healthy at home.
I have been wanting to move my site to https for a while, and today I bit the bullet.
I works fine for most of my sites but not with B2Evo.
The first problem was that I could not log into the back end (error message about getting encryption "salt" from server?), so I disabled https on the server and also removed a couple of lines of code (provided by my server host) I had included in .htacces.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I did the include that snippet of code after finding that the site was indeed running https, but was still labeled as insecure.
I found the URL settings page after reading through some B2Evo docs, but not more specifics, while support requests for SLL are either very old or are unanswered and I have searched for HTTPS as well, without results.
I am uncertain on how to proceed: as you can see from the attached screenshot, my site is currently set to allow both HTTP and HTTPS.
I suppose that if I were to set that to HTTPS the site would be labeled as save, but then again, maybe not.
What I am most concerned about, is that changing the settings might prevent me from logging into the back-end, and then I would be really fried!
Any suggestions or pointers to B2Evo docs treating the matter are very welcome.

Thanks & Cheers!
Gerard

6.11.5-stable released on 02/11/20
PHP version: 7.3.16

2 May 23, 2020 00:47

I found this as well, but still scared to make changes.
;)
Since the "salt" message had something to do with password hashing, I suppose I should turn that off?

3 May 23, 2020 10:00

Hi @gerardp

Regarding your second image first. I have the same settings on my new 7.1.5 and all is fine.

Regarding the initial query.

I had similar problems and will try and find the posts, but just to keep the topic alive ~

I have [Always use HTTPS] checked and am sure other options did raise issues. The biggest problem I had with [Always] is that the lock icon on the browser would be crossed or red or something if I had a live link to an HTTP URL like an image on another site.

I would try using the default htaccess and add your bits again later

5 May 23, 2020 15:30

Since the "salt" message had something to do with password hashing, I suppose I should turn that off?

If you're going to use https, then yes. In that case you don't need extra hashing any more.

This post has 3 feedbacks awaiting moderation...


Form is loading...