HTTPS on cloud and web hostings

Requirements:

Online.net proposes now the usage of HTTPS on all its web and cloud hosting offers by default.

HTTPS allows to secure the exchanges between the client (visitor of your site) and the server (our platform)
It usually preferred for online shops, but HTTPS becomes more and more a standard on the web.

The certificate is automatically managed by

It is a new initiative that allows to generate SSL certificates that are known by all browsers and it is free.

Conditions

  1. You have a web or cloud hosting at Online.net
  2. You have configured a DNS record pointing to your platform:
  • WEB HOSTING : pfXX-web.online.net 62.210.16.61 or 62.210.16.62
  • CLOUD HOSTING : pfXXX.mutu-perf.online.net 212.47.231.228 ( A record for the domain and an A or CNAME record for each subdomain (or A * / CNAME *)

How does it work?

Upon the creation of a subdomain or at each addition of an alias / linked domain a certificate is generated.

The site is then accessible via http://www.domain.tld or https://www.domain.tld

SSL is enabled by default for all WEB and CLOUD hostings and does not require configuration from your side.
SSL is only compatible with OS/browsers that support SNI (https://en.wikipedia.org/wiki/Server_Name_Indication). This means that the following clients can't connect to sites hosted in HTTPS:
  • Windows XP (IE6/IE7)
  • Android 2.x
  • Versions below iOS 4 (iPhone)

How to force HTTPS for the whole site

To force a site to accept SSL, such as a CMS, simply add the following code to the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP:HTTPS} !on
RewriteRule (.*) https://%{SERVER_NAME}/$1 [QSA,L,R=301]
       

Is it possible to disable?

To disable SSL, you need to put the following code in the .htaccess file

RewriteEngine On
RewriteCond %{HTTP:HTTPS} on
RewriteRule (.*) http://%{SERVER_NAME}/$1 [QSA,L,R=301]

Error messages

The Mixed Content issue

When using HTTPS, it needs to be used everywhere.
It means that all the loaded elements on the webpage (pictures, CSS, JavaScripts) have to be loaded through HTTPS as well.

A website that loads for example JavaScript scripts or external images by http, will display a https alert in the browser (e.g.: “non Secure Content”).

In some cases it could not display it (Chrome did that in some cases).

Insecure connection

This may happen for example if the sub-domain does not exist in the certificate.

In this case, you need to add the sub-domain in the console, or if it exists already to add/delete it - or to create another sub-domain (this will force the regeneration of the certificate)

Connection error

This means there is no certificate for this domain. You need to verify the DNS records and force the regeneration by creating a sub-domain

HTTPS with Wordpress

When using Wordpress, you may encounter Too many redirections errors in your web browser.

This can be fixed by installing the Really Simple HTTPS plugin.

Make sure that your DNS zone is configured to the correct hosting platform, depending on if you are using a Cloud or Web hosting.

When using the plugin, make sure that the following lines are not present in your *.htaccess file:

RewriteEngine On
RewriteCond %{HTTP:HTTPS} !on
RewriteRule (.*) https://%{SERVER_NAME}/$1 [QSA,L,R=301]
If you have installed Wordpress according to the Wordpress documentation, simply replace in the table (prefix)_options the siteurl and home entries from https to http before installing the aforementioned plugin.