I think I'm going to make a guide soon on how to move to HTTPS on a fresh vBulletin installation. (latest vB4 version) I'll see what errors I encounter and maybe that will help you and other people in the future.

Dave, how about a guide for an old installation using cloudflare and customized heavily? :)

I have actually converted a few sites in the past without a hitch, no modifications needed. The issue here could be related to my cloudflare cert seeing as the way it is done through cloudflare at least with the package I have is to have the ssl cert actually hosted at cloudflare.. This could be the issue even though I cannot understand why it works every where else. I cannot find anything url wise that needs to be changed in the database or the templates.

The fact that I see a non ssl url inside the admincp though is a dead giveaway that something is wrong. I am talking about the links used when you save a setting edit or a plug in change. You get that page that says processing.. Mine shows a non https:// url. I get past that page now though and then get solid white. Clicking those links does nothing.

I also run Cloudflare with HTTPS (Cloudflare SSL only) enabled on my forum (about 900k posts) and I don't really have any problems. I only had one problem in the past and that was the HTTP error in the AdminCP which I fixed by modifying one of the PHP files.

That would be helpful to a large number of people who never saw the need for https up 'til now. Honestly, if you're not collecting personal data there is no need for encryption but Google is gonna Google.

This covers most scenarios:
https://www.vbulletin.com/forum/arti...forum-to-https

--------------- Added [DATE]1482190258[/DATE] at [TIME]1482190258[/TIME] ---------------

If you're not having mixed content issues in the admincp then there is no need to make the change, as my post says. :)

I wish I knew what the variable is that has your site working and not mine even with the changes. What version of Vbulletin do you have and what version of Cloudflare?

Thanks

--------------- Added [DATE]1482195432[/DATE] at [TIME]1482195432[/TIME] ---------------

Thanks Mark! I am not sure why this is not working on my site. It could just be that I have to clear the Cloudflare cache but I will just wait a bit longer until it updates.. Maybe this will do the trick.

now that my host has enabled Let's Encrypt on my server, I need to look into getting SSL working. I have not fully followed/read through this thread, but is there a basic how-to on this subject?

I will browse this thread and gather what I can though.

Mark posted a good How to right here:

https://vborg.vbsupport.ru/showpost....3&postcount=45

I would be interested to know of any specific code changes (for 4.2.5 / 3.8.11).

Some have already been applied in Beta 1, and I have updated a few more hard coded http links in Beta 2 to be either https, or protocol relative.

awesome, thanks!

@RichieBoy67
Hello,
I want to install SSL to my page also, i think your SSL is working good. Did you change, install or edit somewhere in your page for don't face any problem because we didn't install SSL we faced too many problems.

Thanks.

Yes, moving to HTTPS as we speak. I still have some plugins to fix but I think that next week all will be solved and I can upload the new apps to Google and Apple.

To all, just move to https completely.

There is guide posted above which covers everything.

Does any one has opinion which is better to use?
Trustwave EasyTrust SSL
or
Comodo Essential SSL

Thanks

No difference at all.
You can save yourself some money and get a free SSL certificate using https://letsencrypt.org/.

Thanks Dave for the answer. Actually I tried the free "Let's Encrypt" from my plesk but nothing change. I will try it again.

Hi, im on (vBulletin 4.2.3 Patch Level 2), where are that versions?

Im using 4.2.5 without any problems at this moment

https://www.turiver.com/foros/

There is also an option in Beta 2 to force the detected scheme to http or https.

I dont understand your question :confused:

I didnt notice that on members.vb there were beta versions. Sorry.

I am using beta and still having issues with the admincp..everything else is fine though..

Mke sure the edits here are in place:
http://www.vbulletin.com/forum/node/4355527

Need some expert help please!

This is what our old .htacess redirects looked like:

What would be needed for redirect to https?

Thanks!

It so depends. Did you try changing RewriteRule ^(.*)$ http://yoursitename.com/$1 [L,R=301] to RewriteRule ^(.*)$ https://yoursitename.com/$1 [L,R=301] ?

I have
And that works. :)

The forum is 100% https now. It wasn't that hard I must say. Some scripting that needed to be changed and also some hardcoded http// but that was it.

Next step, HTTP/2 but Varnish 4.x doesn't do that.

I figured out the issue!

The issue was Rocket Loader..

One of the things you need to do if you are switching to ssl with cloudflare is to just disable rocket loader and then re-enable. Otherwise it will use your old urls for jquery like:http://ajax.googleapis.com/ajax/libs.../jquery.min.js

This must use a separate cache..

I wish I got a pound for every issue cloudflare causes, i'd probably be able to retire by now.

I agree Paul. It can be a hassle but I believe the benefits for me at least out weight the negative aspects. It has been challenging and a learning process.

That being the case, why do so many insist upon using it? :confused:

For one it allows me to use external dns and having a very image heavy site it literally shaves seconds off page load time. The last reason I use it is for security reasons. I cannot count the amount of times this has saved me issues from ddos attacks and even many probes are dealt with by cloudflare before they even get to my server.

Yes it has been a pita but I am pretty happy with it overall when I have it functioning correctly.

Is it possible that on latest beta there its a problem with special characters while logged out?

I have no idea, I would not go near it - I guess they are good at marketing what is basically a supersized proxy service.

Huh ?

I do not want to get too far off topic here but Cloudflare is much, much more than a proxy service.


Regarding ssl, I have installed letsencrypt onto my server and it worked well for most of my other sites. Great feature!

The only issue I have now is that the images I have imported over the years using the image import plug in are using http:// so those posts are still showing as mixed content.. Same with some of the previous images uploaded via tapatalk.

Everything else is perfect though now.

In re SSL, I'm not using it unless the site requires it for legitimate purposes, such as financial transactions or personal identifying information.

Google can kiss my ass.

Well maybe so but if you rely on organic traffic and web browsers at some point you will have no choice.

The main reason I did it though now was for my Apple app. SSL is already or will be required some time this month for it to work.

Unfortunately, its not just Google that are getting hysterical now.

Chrome are going to start flagging non SSL pages with password fields on them, others will no doubt follow suit.

Chrome is Google but yeah, I heard this as well.. other browsers will be following suit. I am sure Safari will be one of the first.

Everybody, just do it!

SQL query it away?
Take a backup etc..

Thanks, I was actually planning on that. That should be the last thing left to do.:)

I had a horrible experience, I turn my forum to htpps, all was fine.
until i made a logout. I saw that as a guest all my forums are centering (all post, text and images was in center, when I loged in all is ok again.

Has any one this experience?. I panic for a little and back my forum to http.
Problem with centering was in all browsers and all skin, even standar skin.