Protect using SSL

[annomander]

Thank you for your reply. It is a good marketing angle, I think the only downside is extra processing for https connections, but I presume that not a issue for your server.

 

Thanks ago for the reassurence on the ssl issue.

[easyhosting]

Hello annomander,

 

If your custom pages do not transmit sensitive customer information over the internet, I believe you are good. WHMCS does forces secure (https) connection by default on registration page, shopping cart, and loggin page. The only reason this thread was started is because of mainly loggin fields on other unsecured pages and other forms that might transmit sensitive information on pages other than registration, shopping cart, and client loggin pages.

 

Besides that, in my personal case, as I set my website to force entire website over secure (https) connection, I began to like the idea of showing my customers that my website is secure. As every page of my website is transmitted over secure https connection, my customers are able to see and verify my SSL certificate at any time, while browsing any page of my website. It might not be that important to force entire website over https connection, but I believe that in times when online security is a big concern to online consumers, it is one of the steps that I made, small but none the less reassuring one. Also, besides forcing entire website over https connection, I hosted entire website under subdomain https://secure.mydomain.com,'>https://secure.mydomain.com, so no matter on which page my customers are they always see https://secure...

 

Sincerely,

 

Serg

 

I agree, by making your whole site secure over https it gives all your customers piece of mind and shows that you take their security seriously

[annomander]

I've installed the ssl and yes, whmcs automatically puts you into secure mode if you visit

 

Login

Register

Contact

and

domain checker

 

To get out of https, I need to visit, home, knowledgebase or downloads

 

The problem is, unless you go to these first, my other pages stop with https

 

 

Now, the above few posts (hi), recommend that this is actually no big deal.

 

Should I change it so that it exits on my template pages aswell, or leave it?

 

Cheers.

[rdavis]

This script worked great right out the gate! An easy and quick way to run your WHMCS all in SSL, all but the Knowledgebase and Download area that is! I hope no other browsers will have issues running in SSL. Time will tell, so will our 404 error logs. Thanks for the script!

[dayv]

 

RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/whmcs/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} ^/whmcs/dl.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

 

How would i do this if WHMCS is installed on a subdomain and my website on main domain?

[dayv]

does anyone know how i can use this if whmcs is on a subdomain and main site on main domain?

[yourweb]

Just remove whmcs in /whmcs/ and /whmcs/dl.php and paste the .htaccess in the WHMCS dir.

[Erik]

I have my WHMCS on a subdomain and cannot get this to work.

 

I have added this into an .htaccess file to no avail. It gets stuck redirecting. It appears that WITH or WITHOUT an .htaccess file, that the WHMCS 4.1.1 system has a mind of its own and converts the https:// to http:// on its own on the root folder (of course, unless someone select a page that requires https:// )

 

Anyone find similar results or am I just in left field here?

[kyri]

I have the same issue,

 

my whmcs site is hosted at

 

secure.domain.com

 

and I need apache to redirect to

 

https://secure.domain.com

 

in-case the user has not typed the https prefix in the address bar.

 

Right now I'm getting a re-direct loop error.

 

Any help would be appreciated.

[faiz]

Is there non who can tell me (and others) how this can be done with a sub domain...?

[RPS]

Sorry, I don't have a way to test it, try this code for the sub domain:

 

RewriteEngine on

Options +FollowSymlinks

 

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file

RewriteCond %{REQUEST_URI} !^/whmcs/dl.php [NC]

RewriteCond %{REQUEST_URI} ^/whmcs/ [NC]

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://sub.domain.com/$1 [R=301,L]

 

#Rewrite the URL for WHMCS dl area to always use http

RewriteCond %{REQUEST_URI} ^/whmcs/dl.php [NC]

RewriteCond %{SERVER_PORT} !^80$

RewriteRule ^(.*)$ http://sub.domain.com/$1 [R=301,L]

[kathrin]

I just set System URL and SSL URL both to

 

https://subdomain.domain.com

 

And it never leaves SSL in the first place.

[awebpro]

I've tried everything suggested in the previous post to get the SSL to function properly with whmcs.

 

I'm trying to get the function to work with the following example.

 

https://www.hosting.com/clients

 

Each time I receive the dreaded 500 Internal Server Error message

 

Any ideas anyone?

 

Thanks,

 

Dwayne

[bphippen]

With the current way WHMCS handles SSL, your clients can log in on pages that are not via SSL. There are also other areas that WHMCS forces to use http instead of https (I believe the announcements and knowledgebase are both without https).

 

You can use .htaccess to force everything to happen via https, however, file downloads will NOT work if this is the case.

 

When you try to download a file using rewrite rules that forces your URL to be https, IE has an issue with downloading files (in this case, the downloads page).

 

Open 'Configuration' -> 'General Configuration'

Set WHMCS System URL to https://www.domain.com/whmcs/ (note the s within https)

Set WHMCS SSL System URL to empty

 

The follow code (which you should place inside your .htaccess file), will force all requests to the WHMCS folder to be done via https, unless it is the whmcs/dl.php file.

 

The code after, will force the whmcs/dl.php to redirect from https to http.

 

RewriteEngine on
Options +FollowSymlinks

#Rewrite the URL for WHMCS to always use https except for the whmcs/dl.php file
RewriteCond %{REQUEST_URI} !^/whmcs/dl.php [NC]
RewriteCond %{REQUEST_URI} ^/whmcs/ [NC]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

#Rewrite the URL for WHMCS dl area to always use http
RewriteCond %{REQUEST_URI} ^/whmcs/dl.php [NC]
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

 

This worked perfectly...I cannot explain how satisfied and grateful I am that you have put this here. I was getting partial errors in chrome and IE, but not firefox or safari and this tweak to the .htaccess worked great. I followed your instructions exactly. Many many thanks!

[Vario]

works just like a charm )) thanks dude

[RPS]

Undo your changes and then start over.

[twallden]

thank you, works great.

[AimyThomas]

Agree with (JasonO ) "Maybe when he said he was his own host, he meant he was only a reseller?"

[crazyone]

This did not work for me. it wont secure all the pages in ssl just the standard ones that are already done by whmcs. I think my problem might be that i am using whmcs in a sub domain.

[RPS]

I haven't tried it in the new version, so I'm not sure. The best thing to do is see how WHMCS acts before you install it, if it acts the same, then install the mod and report back.

[wrighty8529]

Hi can anyone help me ive been tryin do my ssl all day and still not got it to work all ime geting is Internal Server Error

 

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator, webmaster@one-we and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. thanks

[RPS]

Double check the directions/steps and make sure you followed everything.

[mrazhost]

Thank you for this as this is the only method that allow me to run my whmcs client area in SSL.

 

Just by using default switcher does not work for me as it keeps redirecting the page to the non-ssl version

 

Tested on v5.1.2

 

Cheers!

[WHMCS Chris]

Hi can anyone help me ive been tryin do my ssl all day and still not got it to work all ime geting is Internal Server Error

 

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator, webmaster@one-we and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. thanks

 

This indicates that you've installed the SSL as the user "nobody" and are running SuPHP which is restricting Apache's ability to run PHP scripts as 'nobody' as you attempt to parse them over the SSL. This is not something that we can actually assist with unfortunately. You will need to have your Host take a look.

[bear]

This indicates that you've installed the SSL as the user "nobody" and are running SuPHP which is restricting Apache's ability to run PHP scripts as 'nobody' as you attempt to parse them over the SSL.

How does one install an SSL certificate as "nobody"? Generally it's done as a user on the system, be it root, reseller or end user, so that's confusing.

I've seen certs fail when they don't have the right chain, but never "nobody" ownership. Can you clear that up for me?