SSL Aktivieren - unschöne Abfrage

[r3LaXeD]

Hallo zusammen.
Hab mittels dieser Anleitung SSL Aktiviert.
https://www.modified-shop.org/forum/index.php?topic=33524.msg347912#msg347912

Bei meinem Provider ist das Zertifikat erststellt und es sollte alles passen.

Nachdem ich nun die htacces aktiviert habe, kommt die folgende Sicherheitsabfrage:
https://ibb.co/vcw1HL4

Warum kommt diese?
Wo liegt mein Problem und wie kann ich es beheben?

mein shop:    https://tinyurl.com/yp8dy26k

Danke vorab

Linkback: https://www.modified-shop.org/forum/index.php?topic=42991.0

[hpzeller]

Die Sache scheint eindeutig zu sein, dein Zertifikat ist ungültig!
Helfen muss dir dein Hosting-Provider.
[ Für Gäste sind keine Dateianhänge sichtbar ]

Gruss
Hanspeter

[MarcoMG]

Ich Klinge mich hier mal ein, nach dem ich diwsn Teil aus der Anleitung.

.htaccess

Code: PHP  [Auswählen]

##-- redirect to https www-domain, when www is missing and no subdomain given and not using an ssl-proxy
 #RewriteCond %{HTTP_HOST} !^www\. [NC]
 #RewriteCond %{HTTP_HOST} !\.(.*)\. [NC]
 #RewriteCond %{HTTP_HOST} !^localhost [NC]
 #RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 #RewriteCond %{SERVER_PORT} !^443$
 #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 

Code: PHP  [Auswählen]

##-- redirect to https non-www-domain, when no subdomain given and not using an ssl-proxy
 #RewriteCond %{SERVER_PORT} !^443$ [OR]
 #RewriteCond %{HTTP_HOST} ^www\. [NC]
 #RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
 #RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

  Zu diesem geändert habe ist mein Shop nicht mehr zu erreichen.

Code: PHP  [Auswählen]

  ##-- redirect to https www-domain, when www is missing and no subdomain given and not using an ssl-proxy
 RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !\.(.*)\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost [NC]
  RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

bzw.:

Code: PHP  [Auswählen]

  ##-- redirect to https non-www-domain, when no subdomain given and not using an ssl-proxy
 RewriteCond %{SERVER_PORT} !^443$ [OR]
  RewriteCond %{HTTP_HOST} ^www\. [NC]
  RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
  RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

  Es wir folögendes angezeigt.

  Fehler: Umleitungsfehler

Beim Verbinden mit schnaeppchen-kiste.eu trat ein Fehler auf.

    Dieses Problem kann manchmal auftreten, wenn Cookies deaktiviert oder abgelehnt werden.

[karsta.de]

@r3LaXeD

Hinweis:
Bekommt man in deinem Shop Silber bzw. Gold, wenn das zur Auswahl steht oder nur silberfarbene und goldfarbene Verschlüsse. Ich würde da wirklich aufpassen. Die Konkurrenz schläft nicht. Und die falsche Auswahl der Formulierung kann bei Abmahnung sehr teuer werden. (Da hilft dann auch nicht die Bedeutung der Steine zum jeweiligen Produkt.)

BG Karsta

[r3LaXeD]

@Karsta, danke für den Tip.

Jetzt nach demdem beim Provider das SSL Zertifikat eingerichtet ist, leider bei mir selbe Fehlermeldung wie beim Kollege oben:

Fehler: Umleitungsfehler
Beim Verbinden mit schnaeppchen-kiste.eu trat ein Fehler auf.
Dieses Problem kann manchmal auftreten, wenn Cookies deaktiviert oder abgelehnt werden.

Woher kommt das und was können wir zum beheben unternehmen??

[awids]

Lade(t) mal den kompletten Inhalt deiner/eurer .htaccess in Code-Tags hoch.

[r3LaXeD]

Code: XML  [Auswählen]

##-- $Id: _.htaccess 12989 2020-12-02 11:33:27Z GTB $

##-- Default charset
#AddDefaultCharset UTF-8
AddDefaultCharset ISO-8859-15

##-- Disable the server signature
ServerSignature Off

##-- Turn off ETags in HTTP-header (use both directives)
<IfModule mod_headers.c>
  Header unset ETag
  RequestHeader unset Proxy
</IfModule>
FileETag None

##-- When caching of gzipped JS and CSS files is used, enable this setting
<IfModule mod_headers.c>
  Header set Vary Accept-Encoding
</IfModule>

##-- when using Provider 1&1 set the following lines to activate PHP5
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php

##-- Add Mime Types
<IfModule mod_mime.c>
 AddType application/font-woff2 .woff2
</IfModule>

# Disable directory browsing (disabled by default as this causes problems on some servers because they don't allow AllowOverride Directive for Options)
#Options -Indexes

##-- Enable the compression for any type of content
<IfModule mod_deflate.c>
 <FilesMatch "(\.js|\.css|\.html|\.htm|\.php|\.xml|\.ico|\.jpg|\.jpeg|\.png|\.gif|\.svg|\.woff|\.woff2|\.ttf|\.otf|\.eot|\.JS|\.CSS|\.HTML|\.HTM|\.PHP|\.XML|\.ICO|\.JPG|\.JPEG|\.PNG|\.GIF|\.SVG|\.WOFF|\.WOFF2|\.TTF|\.OTF|\.EOT)$">
   SetOutputFilter DEFLATE
 </FilesMatch>
</IfModule>

##-- Customization of HTTP request and response headers
<IfModule mod_headers.c>
 <FilesMatch "(\.ico|\.jpg|\.jpeg|\.png|\.gif|\.swf|\.flv|\.svg|\.ICO|\.JPG|\.JPEG|\.PNG|\.GIF|\.SWF|\.FLV|\.SVG)$">
   Header set Cache-Control "max-age=2592000, public, must-revalidate"
 </FilesMatch>
 <FilesMatch "(\.woff|\.woff2|\.ttf|\.otf|\.eot|\.WOFF|\.WOFF2|\.TTF|\.OTF|\.EOT)$">
   Header set Cache-Control "max-age=2592000, public, must-revalidate"
 </FilesMatch>
 <FilesMatch "(\.css|\.js|\.CSS|\.JS)$">
   Header set Cache-Control "max-age=604800, private, must-revalidate"
 </FilesMatch>
 <FilesMatch "(\.xml|\.txt|\.XML|\.TXT)$">
   Header set Cache-Control "max-age=604800, public, must-revalidate"
 </FilesMatch>
 <FilesMatch "(\.html|\.htm|\.php|\.HTML|\.HTM|\.PHP)$">
   Header set Cache-Control "max-age=1, private, must-revalidate"
 </FilesMatch>
</IfModule>

##-- Generation of Expires and Cache-Control HTTP headers
<IfModule mod_expires.c>
 ExpiresActive On
 ExpiresDefault "access plus 1 seconds"
 ExpiresByType image/gif "access plus 2592000 seconds"
 ExpiresByType image/jpg "access plus 2592000 seconds"
 ExpiresByType image/jpeg "access plus 2592000 seconds"
 ExpiresByType image/png "access plus 2592000 seconds"
 ExpiresByType image/svg+xml "access plus 2592000 seconds"
 ExpiresByType text/html "access plus 1 seconds"
 ExpiresByType text/css "access plus 604800 seconds"
 ExpiresByType text/javascript "access plus 604800 seconds"
 ExpiresByType application/x-javascript "access plus 604800 seconds"
 ExpiresByType application/javascript "access plus 604800 seconds"
 ExpiresByType text/x-component "access plus 604800 seconds"
 ExpiresByType font/truetype "access plus 604800 seconds"
 ExpiresByType font/opentype "access plus 604800 seconds"
 ExpiresByType application/x-font-ttf "access plus 604800 seconds"
 ExpiresByType application/x-font-woff "access plus 604800 seconds"
 ExpiresByType application/font-woff "access plus 604800 seconds"
 ExpiresByType application/vnd.ms-fontobject "access plus 604800 seconds"
 ExpiresByType image/x-icon "access plus 604800 seconds"

 <IfModule mod_headers.c>
   Header append Cache-Control "public"
 </IfModule>
</IfModule>

##-- Configure php_flags if necessary
##-- BEGIN - use IfModule clause if PHP runs in CGI mode, otherwise just uncomment the lines with php_flag...
#<IfModule mod_php.c>

 ##-- Warn when arguments are passed by reference at function call time (from PHP5 allow_call_time_pass_reference is deprecated)
 #php_flag allow_call_time_pass_reference on

 ##-- Disable transparent sid support PHP-default is off (XTC Session only on first visit)
 #php_flag session.use_trans_sid off

 ##-- set suhosin flags because of errors with attributes (for webhosters with suhosin hardening patch enabled)
 #php_value suhosin.post.max_array_depth 0
 #php_value suhosin.post.max_array_index_length 0
 #php_value suhosin.post.max_vars 0
 #php_value suhosin.request.max_array_depth 0
 #php_value suhosin.request.max_array_index_length 0
 #php_value suhosin.request.max_vars 0

 ##-- set suhosin flags to have unencrypted session data, affecting "whos_online" & "shopping cart" (for webhosters with suhosin hardening patch enabled)patch enabled
 #php_value suhosin.session.encrypt Off
 #php_value suhosin.session.cryptkey ''

##-- END - use IfModule clause if PHP runs in CGI mode, otherwise just uncomment the lines with php_flag...
#</IfModule>

##-- Redirect error pages to Sitemap
##-- set the correct Path to ErrorDocument
ErrorDocument 400 /sitemap.html?error=400
ErrorDocument 401 /sitemap.html?error=401
ErrorDocument 402 /sitemap.html?error=402
ErrorDocument 403 /sitemap.html?error=403
ErrorDocument 404 /sitemap.html?error=404
ErrorDocument 500 /sitemap.html?error=500

##-----------------------------------------
##- SEO Shopstat Modul (Hartmut Koenig)
##-----------------------------------------
<IfModule mod_rewrite.c>
 ##-- Initialize and enable rewrite engine
 ##-- Documentation http://httpd.apache.org/docs/misc/rewriteguide.html
 RewriteEngine On

 ##-- EXAMPLE: If your shop is located at "http://www.yourdomain.com/shop",
 ##-- set the following line like e.g.: RewriteBase /shop/
 RewriteBase /

 ##-- disallow access to dotfiles (.htaccess, .svn, .git, etc.)
 #RedirectMatch 403 /\.

 ##-- Use canonical URLs
 ##-- Use SSL-Proxy
 ##-- HostEurope
 #RewriteCond %{HTTP:X-Forwarded-Server} !^ssl\.webpack\.de$ [NC]
 ##-- 1und1
 #RewriteCond %{HTTP:X-Forwarded-Server} !^ssl\.kundenserver\.de$ [NC]
 ##-- domainFACTORY
 #RewriteCond %{HTTP:X-Forwarded-Server} !^sslsites\.de$ [NC]
 ##-- All-Inkl
 #RewriteCond %{HTTP:X-Forwarded-Server} !^ssl-account\.com$ [NC]
 ##-- Strato
 #RewriteCond %{HTTP:X-Forwarded-Server} !^www\.ssl-id\.de$ [NC]

 ##-- redirect to http www-domain, when www is missing and no subdomain given and not using an ssl-proxy
 #RewriteCond %{HTTP_HOST} !^www\. [NC]
 #RewriteCond %{HTTP_HOST} !\.(.*)\. [NC]
 #RewriteCond %{HTTP_HOST} !^localhost [NC]
 #RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 ##-- redirect to https www-domain, when www is missing and no subdomain given and not using an ssl-proxy
 RewriteCond %{HTTP_HOST} !^www\. [NC]
 RewriteCond %{HTTP_HOST} !\.(.*)\. [NC]
 RewriteCond %{HTTP_HOST} !^localhost [NC]
 RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 RewriteCond %{SERVER_PORT} !^443$
 RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 ##-- redirect to https non-www-domain, when no subdomain given and not using an ssl-proxy
 RewriteCond %{SERVER_PORT} !^443$ [OR]
 RewriteCond %{HTTP_HOST} ^www\. [NC]
 RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
 RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

 ##-- Sitemap
 RewriteRule ^sitemap(.*)\.html$ shop_content.php?coID=8 [QSA,L]

 ##----------------------------------------------------------------------------------
 ##-- When working with SEO-Urls you can decide, whether to use a colon ":" or a dash "-" symbol
 ##-- (Windows Servers might have problems with colon as delimiter!)
 ##-- Change the delimiter symbol (SEO_SEPARATOR) also in file "/includes/extra/seo_url_mod/seo_url_shopstat.php"
 ##-- or create a new file "/includes/extra/configure/seo_separator.php"
 ##-- with the following content: <?php define('SEO_SEPARATOR','-'); ?>
  ##----------------------------------------------------------------------------------

  ##-- Use colon delimiter ":" for SEO-URLS (default setting)
  ##-- Categories (:::)
  RewriteRule ^([\/]?)([a-z]{2})\/(.*):::([_0-9]+):([_0-9]+)\.html$ index.php?cPath=$4&page=$5&language=$2 [QSA,L]
 RewriteRule ^([\/]?)([a-z]{2})\/(.*):::([_0-9]+)\.html$ index.php?cPath=$4&language=$2 [QSA,L]
 RewriteRule :::([_0-9]+):([_0-9]+)\.html$ index.php?cPath=$1&page=$2 [QSA,L]
 RewriteRule :::([_0-9]+)\.html$ index.php?cPath=$1 [QSA,L]

 ##-- Products (::)
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)::(.+)\.html$ product_info.php?products_id=$4&language=$2 [QSA,L]
 RewriteRule ::(.+)\.html$ product_info.php?products_id=$1 [QSA,L]

 ##-- Content (:_:)
 RewriteRule ([\/]?)([a-z]{2})\/(.*):_:([0-9]+)\.html$ shop_content.php?coID=$4&language=$2 [QSA,L]
 RewriteRule :_:([0-9]+)\.html$ shop_content.php?coID=$1 [QSA,L]

 ##-- Manufacturers (:.:)
 RewriteRule ^([\/]?)([a-z]{2})\/(.*):\.:([_0-9]+):([_0-9]+)\.html$ index.php?manufacturers_id=$4&page=$5&language=$2 [QSA,L]
 RewriteRule ^([\/]?)([a-z]{2})\/(.*):\.:([0-9]+)\.html$ index.php?manufacturers_id=$4&language=$2 [QSA,L]
 RewriteRule :\.:([_0-9]+):([_0-9]+)\.html$ index.php?manufacturers_id=$1&page=$2 [QSA,L]
 RewriteRule :\.:([0-9]+)\.html$ index.php?manufacturers_id=$1 [QSA,L]

 ##-- Use dash delimiter "-" for SEO-URLS (alternative setting i.e. for windows servers)
 ##-- Categories (---)
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)---([_0-9]+)-([_0-9]+)\.html$ index.php?cPath=$4&page=$5&language=$2 [QSA,L]
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)---([_0-9]+)\.html$ index.php?cPath=$4&language=$2 [QSA,L]
 RewriteRule ---([_0-9]+)-([_0-9]+)\.html$ index.php?cPath=$1&page=$2 [QSA,L]
 RewriteRule ---([_0-9]+)\.html$ index.php?cPath=$1 [QSA,L]

 ##-- Products (--)
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)--(.+)\.html$ product_info.php?products_id=$4&language=$2 [QSA,L]
 RewriteRule --(.+)\.html$ product_info.php?products_id=$1 [QSA,L]

 ##-- Content (-_-)
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)-_-([0-9]+)\.html$ shop_content.php?coID=$4&language=$2 [QSA,L]
 RewriteRule -_-([0-9]+)\.html$ shop_content.php?coID=$1 [QSA,L]

 ##-- Manufacturers (-.-)
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)-\.-([_0-9]+)-([_0-9]+)\.html$ index.php?manufacturers_id=$4&page=$5&language=$2 [QSA,L]
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)-\.-([0-9]+)\.html$ index.php?manufacturers_id=$4&language=$2 [QSA,L]
 RewriteRule -\.-([_0-9]+)-([_0-9]+)\.html$ index.php?manufacturers_id=$1&page=$2 [QSA,L]
 RewriteRule -\.-([0-9]+)\.html$ index.php?manufacturers_id=$1 [QSA,L]

 ##-- language
 RewriteCond %{SCRIPT_FILENAME} !-d
 RewriteCond %{SCRIPT_FILENAME} !-f
 RewriteRule ^([\/]?)([a-z]{2})\/(.*)([^.]*)$ $3?language=$2 [QSA,L]
</IfModule>

 

[Viol]

Solange Du Deinen Beitrag noch editieren kannst, nimm nicht die Zitatfunktion, sondern PHP oder XML..
Die Vorschau ist im übrigen eine sinnvolle Sache.

[r3LaXeD]

Erledigt, danke für den Hinweis...

[awids]

Wie ich es mir gedacht habe, wurden beide Umleitungen aktiviert:

Code: XML  [Auswählen]

  ##-- redirect to https www-domain, when www is missing and no subdomain given and not using an ssl-proxy
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !\.(.*)\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost [NC]
  RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  ##-- redirect to https non-www-domain, when no subdomain given and not using an ssl-proxy
  RewriteCond %{SERVER_PORT} !^443$ [OR]
  RewriteCond %{HTTP_HOST} ^www\. [NC]
  RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
  RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

Wenn die Domain mit WWW aufgerufen werden soll, greift diese Regel:

Code: XML  [Auswählen]

  ##-- redirect to https www-domain, when www is missing and no subdomain given and not using an ssl-proxy
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !\.(.*)\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost [NC]
  RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Ohne WWW greift diese Regel:

Code: XML  [Auswählen]

  ##-- redirect to https non-www-domain, when no subdomain given and not using an ssl-proxy
  RewriteCond %{SERVER_PORT} !^443$ [OR]
  RewriteCond %{HTTP_HOST} ^www\. [NC]
  RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
  RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

Kommentier(t) die nicht benötigte Regel also aus und schon sollte das klappen.

[r3LaXeD]

Danke für deine Antwort, leider weiss ich nicht was ich nun tun muss.

Wann ist welche der beiden notwenig?
Leider kann ich das nicht beurteilen?

Danke vorab

[awids]

Was steht in der configure.php bei:

Code: PHP  [Auswählen]

define('HTTP_SERVER', '...');
define('HTTPS_SERVER', '...');

Mit oder ohne WWW?

[r3LaXeD]

Code: XML  [Auswählen]

// server
  defined('HTTP_SERVER') or define('HTTP_SERVER', 'https://simis-perlentraum.de'); // eg, http://localhost - should not be empty for productive servers
  defined('HTTPS_SERVER') or define('HTTPS_SERVER', 'https://simis-perlentraum.de'); // eg, https://localhost - should not be empty for productive servers
 
 

[awids]

So muss das in deiner .htaccess aussehen:

Code: XML  [Auswählen]

  ##-- redirect to https www-domain, when www is missing and no subdomain given and not using an ssl-proxy
  #RewriteCond %{HTTP_HOST} !^www\. [NC]
  #RewriteCond %{HTTP_HOST} !\.(.*)\. [NC]
  #RewriteCond %{HTTP_HOST} !^localhost [NC]
  #RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
  #RewriteCond %{SERVER_PORT} !^443$
  #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  ##-- redirect to https non-www-domain, when no subdomain given and not using an ssl-proxy
  RewriteCond %{SERVER_PORT} !^443$ [OR]
  RewriteCond %{HTTP_HOST} ^www\. [NC]
  RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
  RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

Beim ersten Block sind alle Zeilen durch eine Raute/ein Hashtag (#) auskommentiert.

[r3LaXeD]

Danke dir, so funktioniert es.
Login etc. wieder möglich.

Was habe ich jetzt getan, dass ich zumindest dass "etwas" weiss.

Muss ich nun nach dem aktivieren des SSL etc. noch etwas machen?
Bzgl. Links oder Suchmaschinen ?

Danke vielmals vorab