hello - a client has purchased an SSL certificate and I am trying to make the necessary changes to implement it. I have had problems in the past - https://www.couchcms.com/forum/viewtopic.php?f=4&t=11315&hilit=ssl&start=0

The site is using Couch version is 2.2.1 and I have amended the .htaccess file and the config file (and also turned off cache).

The .htaccess has the following as recommended by the webhost;

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://catbehaviour.solutions/$1 [R=301,L]

But I have also tried:

Code: Select all

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

and

Code: Select all

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://catbehaviour.solutions/$1 [R=301,L] 

The problem is that I cannot force the SSL certificate to take effect in all browsers/circumstances. If I type in the https:// in Firefox it will work OK, but not so in Chrome or Edge. If I go to the site via a search in Firefox the https:// is not present.

I'm now stuck for ideas ... any suggestions before I approach the webhost? Thanks!!

[KK]

Hi,

The expected behaviour for Couch, as of the current version, is to automatically enforce https-only access if the following directive in couch/config.php is uncommented and a URL with 'https://' is specified therein e.g. -

Code: Select all

// 1.
    // If neccesary, define the full URL of your site including the subdomain, if any.
    // V.IMP: Don't forget the trailing slash!
    define( 'K_SITE_URL', 'https://catbehaviour.solutions/' ); 

No addition should be needed in the .htaccess file.

Have you tried doing just that (i.e. remove all .htaccess directives you have put in and used only couch/config.php)?

Please let me know.

thanks for your response @kk - all OK now - I have changed the .htaccess file