Сайт доступен по HTTPS и HTTP, но проверку SSL в настройках безопасности не проходит


#1

Добрый

Хостинг hoster.by
Версия 4.4.2.SP2

Установили сертификат
http://werkel-shop.by/
https://werkel-shop.by/
Вроде все с сертификатом открывается

Но в настройках безопасности, не проходит проверка SSL. Ошибка

Не удалось проверить защищенное соединение. Пожалуйста, убедитесь, что на вашем сервере установлен сертификат SSL. Подробную информацию ищите в Базе знаний.

И как результат все 301 редиректы и sitemap не перенастраиваются на https

Не пойму куда рыть?

config.local.php проверил

сайт залит в public_html

htaccess прилагаю

DirectoryIndex index.html index.php

<IfModule mod_deflate.c>
	# Compress HTML, CSS, JavaScript, Text, XML, fonts
	AddOutputFilterByType DEFLATE application/javascript application/x-javascript text/javascript application/json
	AddOutputFilterByType DEFLATE application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf font/opentype font/otf font/ttf application/x-woff application/x-font-woff
	AddOutputFilterByType DEFLATE text/css text/html text/plain

	<IfModule mod_headers.c>
		# Remove browser bugs (only needed for really old browsers)
		BrowserMatch ^Mozilla/4 gzip-only-text/html
		BrowserMatch ^Mozilla/4\.0[678] no-gzip
		BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
		Header append Vary User-Agent
	</IfModule>
</IfModule>

<IfModule mod_headers.c>
	<FilesMatch "\.(ttf|ttc|otf|eot|woff|css|png|gif|ico|jpe?g)$">
		Header set Access-Control-Allow-Origin "*"
	</FilesMatch>
</IfModule>

# Cache all images for 2 weeks
<IfModule mod_expires.c>
	<FilesMatch "\.(jpg|jpeg|png|gif|tiff|bmp|js|css)$">
	    ExpiresActive on
	    ExpiresDefault "access plus 2 weeks"
	</FilesMatch>
</IfModule>

<IfModule mod_headers.c>
	<filesMatch "\.(gif|png|jpg|jpeg|ico|js|css)$">
		Header set Cache-Control "max-age=1209600"
	</filesMatch>
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine on
# Please note that RewriteBase setting is obsolete use it only in case you experience  some problems with SEO addon.
# Some hostings require RewriteBase to be uncommented
# Example:
# Your store url is http://www.yourcompany.com/store/cart
# So "RewriteBase" should be:
# RewriteBase /store/cart
# RewriteBase /

# test
# RewriteCond %{HTTPS} !=on
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# RewriteCond %{SERVER_PORT} !^443$
# RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# test

Options -MultiViews

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

RewriteCond %{REQUEST_URI} ^api/(.*)$ [or]
RewriteCond %{REQUEST_URI} .*/api/(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .*api/(.*)$ api.php?_d=$1 [L,QSA]

RewriteCond %{REQUEST_URI} \.(png|gif|ico|swf|jpe?g|js|css|ttf|svg|eot|woff|yml|xml)$ [NC,or]
RewriteCond %{REQUEST_URI} store_closed.html$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# start 
#RewriteRule ^(.*?)\/(.*)$ $2 [L]
#
RewriteRule ^(.*)\/(.*)$ $2 [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L,QSA]

</IfModule>

# This prevents possible problems when downloading files
<IfModule mod_php5.c>
    #php_flag zlib.output_compression Off
</IfModule>

#2

Попробуйте вот так:

RewriteRule ^(.*)$ https://site.ru/$1 [R=301,L]


#3

Это в каком месте месте поменять?


#4

Удалите блок:

test

RewriteCond %{HTTPS} !=on

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{SERVER_PORT} !^443$

RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

test

и пропишите там же

RewriteRule ^(.*)$ https://site.ru/$1 [R=301,L]


#5

Вообще ничего не работает

Так надо было?

DirectoryIndex index.html index.php

<IfModule mod_deflate.c>
	# Compress HTML, CSS, JavaScript, Text, XML, fonts
	AddOutputFilterByType DEFLATE application/javascript application/x-javascript text/javascript application/json
	AddOutputFilterByType DEFLATE application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf font/opentype font/otf font/ttf application/x-woff application/x-font-woff
	AddOutputFilterByType DEFLATE text/css text/html text/plain

	<IfModule mod_headers.c>
		# Remove browser bugs (only needed for really old browsers)
		BrowserMatch ^Mozilla/4 gzip-only-text/html
		BrowserMatch ^Mozilla/4\.0[678] no-gzip
		BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
		Header append Vary User-Agent
	</IfModule>
</IfModule>

<IfModule mod_headers.c>
	<FilesMatch "\.(ttf|ttc|otf|eot|woff|css|png|gif|ico|jpe?g)$">
		Header set Access-Control-Allow-Origin "*"
	</FilesMatch>
</IfModule>

# Cache all images for 2 weeks
<IfModule mod_expires.c>
	<FilesMatch "\.(jpg|jpeg|png|gif|tiff|bmp|js|css)$">
	    ExpiresActive on
	    ExpiresDefault "access plus 2 weeks"
	</FilesMatch>
</IfModule>

<IfModule mod_headers.c>
	<filesMatch "\.(gif|png|jpg|jpeg|ico|js|css)$">
		Header set Cache-Control "max-age=1209600"
	</filesMatch>
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine on
# Please note that RewriteBase setting is obsolete use it only in case you experience  some problems with SEO addon.
# Some hostings require RewriteBase to be uncommented
# Example:
# Your store url is http://www.yourcompany.com/store/cart
# So "RewriteBase" should be:
# RewriteBase /store/cart
# RewriteBase /

RewriteRule ^(.*)$ https://werkel-shop.by/$1 [R=301,L]

Options -MultiViews

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]


RewriteCond %{REQUEST_URI} ^api/(.*)$ [or]
RewriteCond %{REQUEST_URI} .*/api/(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .*api/(.*)$ api.php?_d=$1 [L,QSA]

RewriteCond %{REQUEST_URI} \.(png|gif|ico|swf|jpe?g|js|css|ttf|svg|eot|woff|yml|xml)$ [NC,or]
RewriteCond %{REQUEST_URI} store_closed.html$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# start 
# RewriteRule ^(.*?)\/(.*)$ $2 [L]
 RewriteRule ^(.*)\/(.*)$ $2 [L]



RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L,QSA]

</IfModule>

# This prevents possible problems when downloading files
<IfModule mod_php5.c>
    #php_flag zlib.output_compression Off
</IfModule>

#6

Хром говорит, что все нормально


#7

Тоже вижу все норм вроде


#8

Так я вернул старый htaccess
с изменениями вообще ничего не открывалось

проблема пока не решена


#9

Так как вы включили настройку, если проверка не проходит?


#10

Так настройка и не включается


#11

Проблема в этой функции и настройках сервера

public static function detectHTTPS($server)
{
    if (
        (isset($server['HTTPS']) && (strcasecmp($server['HTTPS'], 'on') === 0 || $server['HTTPS'] == '1')) ||
        (isset($server['HTTP_X_FORWARDED_SERVER']) && (strcasecmp($server['HTTP_X_FORWARDED_SERVER'], 'secure') === 0 || $server['HTTP_X_FORWARDED_SERVER'] == 'ssl')) ||
        (isset($server['SCRIPT_URI']) && (strpos($server['SCRIPT_URI'], 'https') === 0)) ||
        (isset($server['HTTP_HOST']) && (strpos($server['HTTP_HOST'], ':443') !== false)) ||
        (isset($server['HTTP_X_FORWARDED_HTTPS']) && (strcasecmp($server['HTTP_X_FORWARDED_PROTO'], 'on') || $server['HTTP_X_FORWARDED_PROTO'] == '1')) ||
        (isset($server['HTTP_X_FORWARDED_PROTO']) && $server['HTTP_X_FORWARDED_PROTO'] == 'https') ||
        (isset($server['HTTP_X_HTTPS']) && (strcasecmp($server['HTTP_X_HTTPS'], 'on') === 0 || $server['HTTP_X_HTTPS'] == '1')) ||
        (isset($server['SERVER_PORT']) && $server['SERVER_PORT'] == 443)
    ) {
        return true;
    }

    return false;
}

Покажите ее хостеру - они поймут, у вас не передается какой то из этих заголовков и скрипт просто не видит включенный HTTPS.


#12

Да ничего они понимать не хотят
Я так понимаю, что из этой функции, хотя бы одно условие должно выполниться?
А какой механизм вызова этой функции

При нажатии кнопки из админки из под HTTP в переменную $server передаются параметры окружения какого сервера?
защищенного или нет?
Хочу симмитировать


#13

Добавил в функцию detectHTTPS строку:

file_put_contents('detecthttps.log', print_r($server, TRUE), FILE_APPEND);

Вот что записало в файл при нажатии “Определить SSL”

Array
(
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [SCRIPT_NAME] => /index.php
    [REQUEST_URI] => /index.php?dispatch=products.quick_view&product_id=413&prev_url=index.php%3Fdispatch%3Dproducts.newest%26sort_by%3Dtimestamp%26sort_order%3Dasc%26layout%3Dproducts_multicolumns%26page%3D13&n_items=409%2C410%2C411%2C412%2C413%2C414%2C415%2C416%2C406%2C407%2C424%2C440
    [QUERY_STRING] => dispatch=products.quick_view&product_id=413&prev_url=index.php%3Fdispatch%3Dproducts.newest%26sort_by%3Dtimestamp%26sort_order%3Dasc%26layout%3Dproducts_multicolumns%26page%3D13&n_items=409%2C410%2C411%2C412%2C413%2C414%2C415%2C416%2C406%2C407%2C424%2C440
    [REQUEST_METHOD] => GET
    [SERVER_PROTOCOL] => HTTP/1.0
    [GATEWAY_INTERFACE] => CGI/1.1
    [REMOTE_PORT] => 29605
    [SCRIPT_FILENAME] => /home/werkelsh/public_html/index.php
    [SERVER_ADMIN] => webmaster@werkel-shop.by
    [DOCUMENT_ROOT] => /home/werkelsh/public_html
    [REMOTE_ADDR] => 54.36.148.22
    [SERVER_PORT] => 80
    [SERVER_ADDR] => 93.125.99.71
    [SERVER_NAME] => werkel-shop.by
    [SERVER_SOFTWARE] => Apache
    [SERVER_SIGNATURE] => 
    [HTTP_ACCEPT_ENCODING] => deflate, gzip
    [HTTP_ACCEPT] => */*
    [HTTP_USER_AGENT] => Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
    [HTTP_CONNECTION] => close
    [HTTP_X_FORWARDED_PROTO] => http
    [HTTP_X_FORWARDED_FOR] => 54.36.148.22
    [HTTP_X_CLIENT_IP] => 54.36.148.22
    [HTTP_X_REAL_IP] => 54.36.148.22
    [HTTP_HOST] => werkel-shop.by
    [HTTP_AUTHORIZATION] => 
    [UNIQUE_ID] => XYshD119Y0cAKvq8ZCQAAAAD
    [FCGI_ROLE] => RESPONDER
    [PHP_SELF] => /index.php
    [REQUEST_TIME_FLOAT] => 1569399055.873
    [REQUEST_TIME] => 1569399055
    [argv] => Array
        (
            [0] => dispatch=products.quick_view&product_id=413&prev_url=index.php%3Fdispatch%3Dproducts.newest%26sort_by%3Dtimestamp%26sort_order%3Dasc%26layout%3Dproducts_multicolumns%26page%3D13&n_items=409%2C410%2C411%2C412%2C413%2C414%2C415%2C416%2C406%2C407%2C424%2C440
        )

    [argc] => 1
)
Array
(
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [SCRIPT_NAME] => /wladmin.php
    [REQUEST_URI] => /wladmin.php?dispatch=settings_wizard.check_ssl&result_ids=ssl_checking&is_ajax=1
    [QUERY_STRING] => dispatch=settings_wizard.check_ssl&result_ids=ssl_checking&is_ajax=1
    [REQUEST_METHOD] => GET
    [SERVER_PROTOCOL] => HTTP/1.0
    [GATEWAY_INTERFACE] => CGI/1.1
    [REMOTE_PORT] => 29689
    [SCRIPT_FILENAME] => /home/werkelsh/public_html/wladmin.php
    [SERVER_ADMIN] => webmaster@werkel-shop.by
    [DOCUMENT_ROOT] => /home/werkelsh/public_html
    [REMOTE_ADDR] => 178.124.21.223
    [SERVER_PORT] => 80
    [SERVER_ADDR] => 93.125.99.71
    [SERVER_NAME] => werkel-shop.by
    [SERVER_SOFTWARE] => Apache
    [SERVER_SIGNATURE] => 
    [HTTP_COOKIE] => sid_admin_13d4f=5195a11a4dbf90bef6224ecf75f73330-0-A; sid_customer_0015a=dd5e21e159504c531c83c1e736c2cb75-1-C; _ym_d=1569273464; sid_customer_13d4f=crennm0bm3fnc0136o0kgo1dj0; _ym_uid=1569273464369530389
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_X_REQUESTED_WITH] => XMLHttpRequest
    [HTTP_ACCEPT_LANGUAGE] => ru-BY,ru;q=0.8,en-US;q=0.5,en;q=0.3
    [HTTP_ACCEPT] => application/json, text/javascript, */*; q=0.01
    [HTTP_CACHE_CONTROL] => max-age=0
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
    [HTTP_REFERER] => http://werkel-shop.by/wladmin.php?dispatch=settings_wizard.view
    [HTTP_CONNECTION] => close
    [HTTP_X_FORWARDED_PROTO] => http
    [HTTP_X_FORWARDED_FOR] => 178.124.21.223
    [HTTP_X_CLIENT_IP] => 178.124.21.223
    [HTTP_X_REAL_IP] => 178.124.21.223
    [HTTP_HOST] => werkel-shop.by
    [HTTP_AUTHORIZATION] => 
    [UNIQUE_ID] => XYshFV19Y0cAKl7Qwy8AAAAg
    [FCGI_ROLE] => RESPONDER
    [PHP_SELF] => /wladmin.php
    [REQUEST_TIME_FLOAT] => 1569399061.1925
    [REQUEST_TIME] => 1569399061
    [argv] => Array
        (
            [0] => dispatch=settings_wizard.check_ssl&result_ids=ssl_checking&is_ajax=1
        )

    [argc] => 1
)
Array
(
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [SCRIPT_NAME] => /wladmin.php
    [REQUEST_URI] => /wladmin.php?dispatch=index.index&check_https=Y
    [QUERY_STRING] => dispatch=index.index&check_https=Y
    [REQUEST_METHOD] => GET
    [SERVER_PROTOCOL] => HTTP/1.0
    [GATEWAY_INTERFACE] => CGI/1.1
    [REMOTE_PORT] => 53800
    [SCRIPT_FILENAME] => /home/werkelsh/public_html/wladmin.php
    [SERVER_ADMIN] => webmaster@werkel-shop.by
    [DOCUMENT_ROOT] => /home/werkelsh/public_html
    [REMOTE_ADDR] => 93.125.99.71
    [SERVER_PORT] => 443
    [SERVER_ADDR] => 93.125.99.71
    [SERVER_NAME] => werkel-shop.by
    [SERVER_SOFTWARE] => Apache
    [SERVER_SIGNATURE] => 
    [HTTP_ACCEPT] => */*
    [HTTP_CONNECTION] => close
    [HTTP_X_FORWARDED_PROTO] => https
    [HTTP_X_FORWARDED_FOR] => 93.125.99.71
    [HTTP_X_CLIENT_IP] => 93.125.99.71
    [HTTP_X_REAL_IP] => 93.125.99.71
    [HTTP_HOST] => werkel-shop.by
    [HTTP_AUTHORIZATION] => 
    [HTTPS] => on
    [UNIQUE_ID] => XYshFV19Y0cAKsanIxkAAAAS
    [FCGI_ROLE] => RESPONDER
    [PHP_SELF] => /wladmin.php
    [REQUEST_TIME_FLOAT] => 1569399062.3795
    [REQUEST_TIME] => 1569399062
    [argv] => Array
        (
            [0] => dispatch=index.index&check_https=Y
        )

    [argc] => 1
    [HTTP_USER_AGENT] => 
)

#14

Походу в этой части проверяет
Вроде все ок тут
Array
(
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SCRIPT_NAME] => /wladmin.php
[REQUEST_URI] => /wladmin.php?dispatch=index.index&check_https=Y
[QUERY_STRING] => dispatch=index.index&check_https=Y
[REQUEST_METHOD] => GET
[SERVER_PROTOCOL] => HTTP/1.0
[GATEWAY_INTERFACE] => CGI/1.1
[REMOTE_PORT] => 53800
[SCRIPT_FILENAME] => /home/werkelsh/public_html/wladmin.php
[SERVER_ADMIN] => webmaster@werkel-shop.by
[DOCUMENT_ROOT] => /home/werkelsh/public_html
[REMOTE_ADDR] => 93.125.99.71
[SERVER_PORT] => 443
[SERVER_ADDR] => 93.125.99.71
[SERVER_NAME] => werkel-shop.by
[SERVER_SOFTWARE] => Apache
[SERVER_SIGNATURE] =>
[HTTP_ACCEPT] => /
[HTTP_CONNECTION] => close
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_X_FORWARDED_FOR] => 93.125.99.71
[HTTP_X_CLIENT_IP] => 93.125.99.71
[HTTP_X_REAL_IP] => 93.125.99.71
[HTTP_HOST] => werkel-shop.by
[HTTP_AUTHORIZATION] =>
[HTTPS] => on
[UNIQUE_ID] => XYshFV19Y0cAKsanIxkAAAAS
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /wladmin.php
[REQUEST_TIME_FLOAT] => 1569399062.3795
[REQUEST_TIME] => 1569399062
[argv] => Array
(
[0] => dispatch=index.index&check_https=Y
)

    [argc] => 1
    [HTTP_USER_AGENT] => 
)

#15

Параметры действительно есть, надо уже на месте разбираться.


#16

Из моего скриншота видно, что сайта работает на https и сертификат валиден. Значит CS-Cart где-то косячит