Today I wasted nearly a full day setting up SSL on easyscraps.com since we now have a new cart system (basically a new site). If any of you are planning on setting up SSL on your site, read on…
What a pain!! I, at least understand the terms, but I had never actually performed the process before and the process is crazy! And so I set it up wrong, and had to go through my site trying to change/fix things so they would work with the new setup for HTTPS on our new cart. If any of you are going to set up an SSL certificate, make sure your certificate is for the domain that your web site typically runs under. In non-geek speak, if you run your site as www.zzzz.com that is not the same as zzzz.com (without the www) when you go to apply for an SSL certificate. Unfortunately, the program I used to set it all up, defaulted to zzzz.com as the choice for the domain on which to set up the SSL certificate. So that’s what I went with. After I installed everything, and tested going too https: using www.easyscraps.com, I got a very ominous warning. After hours of reading, I was unable to figure out a way to make that certificate I set up for easyscraps.com work using HTTPS with www.easyscraps.com.
So, I basically re-worked a lot of the site to force you to just easyscraps.com. If you get to our store through the web site (which is basically how it should work) we are fine. Hopefully I caught all the places, and closed all the loops.
So- beware! Double check your domain BEFORE you order an SSL certificate!!
Note, also that if you use Chrome, trying to access an HTTPS page which references or links to other items using HTTP, then Chrome will force you back to HTTP, and you will see HTTPS crossed out in the browser. This makes no sense to me! Why would forcing a user back to HTTP, and potentially (if this is a login page) forcing a user to log in and send their information in the clear, be better than just popping up a warning (however annoying it is) like IE does??!!! Anyway, some potentials for causes of this conflict are:
- images
- CSS files
- fonts
- javascript files
- twitter or facebook feeds or plugins
The best bet, is to strip down your login pages, or anything you want to serve over HTTPS to the bare minimum and to serve images etc, using relative paths (without the http://www.zzz.com/ bit) to external files, in order to avoid the warnings. Anyway, hopefully you won’t run into any of the issues I did!!
