Forums | Mahara Community
added security certificate; trouble with https
02 December 2018, 8:58 AM
After having Let's Encrypt SSL security certificate added to my root domain, Mahara won't display the log-in fields unless users disable the security protection in the web browser (not so intuitive for all users and some browsers do not make it easy to do). I realize that this is because my css style sheet are still using the insecure http links. I'm using Mahara version 17.04.2 installed through the CP panel/Softaculous at Greengeeks.
I have tried editing the config.php (as previously suggested in the forums) by adding the settings for wwwroot and httpswwwroot ..but since I don't see those options in the config-dist.php file, not sure if they apply to this version...? Either way, this fix did not help. The log-in page still comes up without any way to log in without disabling the security protection in the web browser to display the page correctly (using http instead of https or disabling the security certificate).
Someone else posted a script that updated the links in php from http to https, but I may need more technical assistance in completing that task (can I even do this through a hosted account or perhaps I could download the php database and complete the operation locally and then upload the updated database file?).
It would be nice if there were just an option some where that could be flipped to convert the site to use https instead of http. I'm wondering if I should delete and reinstall Mahara (exporting all user's data and then re-importing after reinstalling...there are only a dozen or so users)...if that will fix the http to https issue with the links?
Thanks for any assistance.
03 December 2018, 8:31 AM
In the Mahara code there is a function 'is_https()' - this exists in 17.10.2 - and it checks if a site is 'https' by checking the 'wwwroot' config value.
This value can either be set in the config.php file explicitly eg, $cfg->wwwroot = 'https://example.com';
or set in the config table in the database, eg SELECT value FROM config WHERE field = 'wwwroot';
Are either of those set correctly with https rather than http?
Also if you are using a custom theme someone may have hardcoded teh path to the css as 'http' I'd check for that as well