Enabling SSL with WordPress

[Tadpole Collective]

Hi,

We are having challenges getting SSL enabled within CiviCRM. The WP website is https setup, the certificate installed on server and working without errors. But when we go to Resource URLs to save SSL it says:

Please correct the following errors in the form fields below:

    You need to set up a secure server before you can use the Force Secure URLs option

I did a bit of searching and found this post with similar issue, but does not seem to be resolved: http://forum.civicrm.org/index.php?topic=8819.0.

Any thoughts on what the issue could be?

Related to this the donate page loads when logged out but not logged in. Any thoughts on this would be appreciated too.

Thanks!

[nicolas]

In the Settings - Resource URLs screen, make sure you have https:// in from of all the URLs, select Yes on the 2 radio buttons and Save.

I have also found that:
  - putting 'define('FORCE_SSL_ADMIN', true);' greatly helps with not having to authenticate twice when accessing CiviCRM (one for the administration menu over http, then one for CiviCRM administration over https)
  - using Firefox gives a much better experience as Chrome and IE are reluctant about loading an https page with http items in it.

[Donald Lobo]

If CiviCRM is on SSL and all your urls within Civi are pointing to the https site, you do not need to enable "Force SSL" within CiviCRM

lobo

[Tadpole Collective]

Hey Lobo & nicolas,

That's where I am stuck. When I say yes to SSL on Resources URLs and I see all Resource URLs already listed have https in them, I save  it gives me the 'I need a secure server' notice and it seems to save it temporarily, but once I go back to it after clicking onto another page, it's set back to Resource URLs it didn't save. I can try define('FORCE_SSL_ADMIN', true); if there is no other option. The rest of the site is completely SSL, however it is a sub-domain on a cPanel that the main site is on and does not have SSL. Could that be an issue? The certificate purchased was for the sub-domain, not main domain.

Thanks,

Dana

[Donald Lobo]

to check the SSL validity, civi make an ssl call to the base url and requires a valid response

is your base url the sub-domain or main-domain? seems like it needs to be root od sub-domain for js/css to load properly?

lobo

[Tadpole Collective]

How does Civi determine the base URL? We have it installed on the sub-domain, not the main url. So it is installed on civiwp.domain.url, would civi read domain.url as the base domain?

[Donald Lobo]

i made a mistake, we switched to try and retrive the dashboard via SSL and see what happens. You can instrument the code here:

CRM/Utils/System.php, function checkURL

after u check force ssl and hit submit

ping us on irc if u need help. Would be good to figure and solve this one

lobo

[Tadpole Collective]

We went through the suggestions and still have some oddities.  Using WP 3.5.1 and CiviCRM 4.2.8, we are getting an error on resource urls.

The following images show:

Resource urls before force SSL is checked
The error when saving
The civi dashboard,showing the green lock icon in Chrome indicating that the certificate is vaild
a screen shot of an examination of the certificate from dnssstuff.com

I have also forced ssl via wp-config.php, and via .htaccess

Any suggestions on what to try next?

[Donald Lobo]

if everything is on SSL, is there a need to check "Force secure urls" (since all urls are ssl based)?

lobo
 
yes, there is a bug and we still need to figure out why we cannot detect the valid SSL. If you ping us on IRC, we can help you debug the site. I'll try and get my local WP on SSL in the next few days

lobo

[Donald Lobo]

i installed a self signed certificate and tried the below and got the same error

i spent a few hours on it and made some progress, but did not resolve it. Here are my findings:

1. The code that needs to be fixed/tweaked is: CRM_Utils_System::checkURL

2. the addCookie stuff is broken for > 1 cookie. With WP and SSL, i saw 3-5 cookies being set. We just need to iterate thru the cookie array and implode them with a '; ' separator and hand it to curl

3. Due to my self cert, i also had to set CURLOPT_SSL_VERIFYHOST to true

after the above changes, i was getting a timeout on curl_exec and had already spent way too much time on this. So i had to abort my investigations

dana: if u can make the above changes and see where it gets you that would be great

lobo

[Tadpole Collective]

Hey lobo,

I will get on IRC a bit later and in general, so we can figure out this issue. Kevin may find his way onto IRC before I do.

I just wanted to make a note of something we came across last night that could be related as it ties into the base url. We were trying to override the CiviCRM css by adding:

Code: [Select]

define( 'URL Preferences.customCSSURL', 'https://civicrm.tadpole.cc/wp-content/pligins/civicrm/css/' );
into the civicrm.settings.php file. It's basically a blank file with a couple minor CSS tweaks and the rest is intended to be taken over by theme stylesheet. Since the note at the top of the Resource URLs settings notes:

These settings define the URLs used to access CiviCRM resources (CSS files, Javascript files, images, etc.). Default values will be inserted the first time you access CiviCRM - based on the CIVICRM_UF_BASEURL specified in your installation's settings file (civicrm.settings.php).

I was wondering if it could be related. Shouldn't the blank file in css/civicrm.css and css/extra.css now override the civicrm.css file in the core files?

If it's not related, I'll open a new forum post for this, but just wanted to note it given it ties to the base url.

Dana

[Donald Lobo]

seems a different topic, but the customCSSURL needs to be a complete url (with name of css file at the end of url0

lobo

[Tadpole Collective]

Just wanted to reference issue ticket: http://issues.civicrm.org/jira/browse/CRM-13227

[ericp]

I have found what seems to be a simple & effective solution to this issue, as follows:

In /wp-config.php at the top of the page put the lines:

define('FORCE_SSL_ADMIN', true);
$_SERVER['HTTPS']='on'; // (provided the SSL Certificate is working correctly)

Lower on the page (below the line/comments where "define('WP_DEBUG', false);" occurs) enter the following:

define('WP_SITEURL', "https://" . $_SERVER['HTTP_HOST'] . '/');
define('WP_HOME', "https://" . $_SERVER['HTTP_HOST'] . '/');

I've tested this on multiple browsers with success. However, our WP installations are highly customized, so I'd be interested in whether this works for others.

[Tadpole Collective]

Thanks Eric!

We have actually started using this plugin: http://wordpress.org/plugins/wordpress-https/ and managing it through WP. That way we have the option of making admin SSL and only pages that need SSL on the public facing site that way too. We were getting a weird iframed Civi page within a page when we tried to make a change like you noted to force SSL.

Hope that helps & keep us posted to on any new findings.