Ecommerce Blog - The #1 Source for Ecommerce News, Tips and Trends!

Get ecommerce updates, news, and insider tips from the experts at PrestaShop!

Ecommerce Blog - The #1 Source for Ecommerce News, Tips and Trends!
 

< Back to the Blog home

Guest Blogger Series: PrestaShop SSL – Installation and Troubleshooting


by Fabio Porta, alias Nemo1

This article is the fourth in PrestaShop’s Guest Blogger series. Its content was created by PrestaShop Expert Fabio Porta, a valued Community member (Nemo1) and the owner of Nemo’s PostScriptum.

Let’s see how to do enable properly SSL in PrestaShop, especially when they have custom themes!

Some words about SSL

If you don’t know what SSL is, or have heard about but don’t grasp the concept, here it is: SSL is a cryptographic protocol that basically secures data sent across pages with a cryptographic key. It’s basically used to secure credit card transactions, and sensible data like login details, or personal information. In PrestaShop, the back office login, front office account pages and orders can be secured with SSL by default. Of course, you can secure other pages if you want, but this is beyond the scope of the quick tip.

Get your certificate first!

Before even thinking on implementing SSL in PrestaShop, you must buy an SSL Certificate. It doesn’t come for free in any hosting plan I know, and it has to be bought separately for each domain. This means that if you have myshoes.com, and myshoes.net, 2 SSL Certificates will be needed. Most hosting providers also require you to buy an additional dedicated IP address. Let’s see how to buy an SSL Certificate.

Setting up an SSL Certificate

Most of the hosting providers offer about the same way to get an SSL certificate. I’ll also assume you already have a domain, without the SSL Certificate.
First, login to your hosting account, and navigate to its dedicated Support Center. You’ll usually find a link for SSL, with any additional information you may need. You can ask the certificate in many ways: calling them, using the live chat, sending an email, or opening a ticket. The important thing is that you provide the following information:

  • Hosting Account Username
  • Host to make cert for: (usually domain.com or www.domain.com)
  • City:
  • State:
  • Country (2 letter abbreviation):
  • Company Name:
  • Company Division:

Also keep in mind that if you already have your own certificate, many hosting providers will install it for FREE.

As for their pricing, the SSL itself you shouldn’t have to pay more than $25.00/year, and only a couple of bucks more per month for the dedicated IP.

Check that the certificate is working

After some time (usually, a couple of days) you’ll receive confirmation of the successful installation of your certificate. It’s time to test it out. Login to your PrestaShop admin panel, and navigate to Preferences -> General. The very first option will allow you to test out your new SSL certificate:

Certificate

Click on Please click here to use HTTPS protocol before enabling SSL.
If everything works out correctly, after the page refreshes your address bar will have https:// at the beginning, with a padlock right in front:

URL

If, for some reason, you can’t access the page (Internal Server Error 500, 404 not found, 102 (net::ERR_CONNECTION_REFUSED) or anything else) your SSL certificate is not setup correctly. If this happens contact your hosting immediately, since you can’t do anything about it.

Else, if you can display the new page, set Enable SSL to Yes, and save.

Troubleshooting

At this point, your content should be secured. Access an account page and try placing an order in your PrestaShop front-office. You should get the https:// prefix for the URL.
But this might not happen at times, even though the secure link was okay for your admin page. If you get some new 404, 500, or 102 errors, the only option is to contact the hosting. Let them also know if you use Friendly URLs, as this might conflict at times. A bunch of other issues can be solved anyway.

The page at http://mysitesname.com ran insecure content from http://anotherpage.com/file.ext

This usually happens if some files required in the page are not properly embedded, most of the times, when you use a custom theme. If you run into this, take note of the file that is being embedded and try to locate it in the HTML structure. It usually is a JavaScript, stylesheet of image type file. If you use Add this, for example, you’ll need to include a secured version of their JavaScript to avoid this error.
If your theme has a slider, you will need to change the prefix for those.

In all cases, when you use SSL, your image/stylesheets/javascripts references MUST begin with {$base_dir_ssl}.

I can’t access my site (back nor front office) anymore!

Your server’s SSL settings might be wrong. In this case, you must force PrestaShop not to use SSL. Login to your phpMyAdmin (or any other database manager). Access the configuration table, and locate PS_SSL_ENABLED. It should be set to 1, crush it to zero. This way, you’ll be able to access your site again, but of course you’ll have no SSL. Be sure you further investigate the issue, before trying to turn it on again!

  1. Author: barrystein

    Date: April 15, 2013 at 2:53 pm

    How do you get the error message on what page insecure content is being drawn from. I get an error only in Google Chrome, and only on some of the check out pages. The error says: “However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an hacker trying to change the look of the page.”

    I am running 1.4.9

    • Author: benjamin utterback

      Date: April 16, 2013 at 4:33 pm

      Hi Barry, thank you for the responses and updates. It seems like there was an issue with a previous version of the software. You were able to find the help from Bill Dalton on our Community Forum? It is a great recourse to learn and talk to other merchants, developers and freelancers. Glad to hear you solved your problem.

  2. Author: barrystein

    Date: April 15, 2013 at 3:26 pm

    I have a weird SSL error that only occurs when using Google Chrome.
    I am running 1.4.9 at Bluehost.
    Go to my home page http://www.Homeschool-Shelf.com
    at the bottom click on the “Contact” link. This will take you to an SSL page that is working perfectly. Now hit your refresh button and bang!!!, my SSL is now dirty.
    In the error box it says:
    “However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an hacker trying to change the look of the page.”

  3. Author: barrystein

    Date: April 16, 2013 at 3:36 pm

    Bill Dalton solved this one…
    Found it!

    You were right, there is a bug in PS 1.4.9

    Here is a work around,

    Go to BO > Modules > Analytics & Stats > Data mining for statistics v1.0 by PrestaShop

    Click on Configure
    Set Save page views for each customer to OFF.

    Truthfully this setting is not worth the increase it causes in the database. It will attempt to give you page information on current visitors Do do so it uses CPU and lots of Database space.

    That said. To fix the PS bug …

    In your Prestashop > Modules > Statsdata, open Statsdata.php and find 2 instances of,

    $.post(“‘._PS_BASE_URL__.__PS_BASE_URI__.’statistics.php”

    First is about line 127

    The second is around line 162

    You need to add SSL_ to both lines.

    So,
    $.post(“‘._PS_BASE_URL_.__PS_BASE_URI__.’statistics.php”

    Is like this,

    $.post(“‘._PS_BASE_URL_SSL_.__PS_BASE_URI__.’statistics.php”

  4. Hi, thanks for the article. My site has a recent SSL which ofcourse makes the site https://www.denbydalecoffee.co.uk but I have quite a bit of previouse SEO work pointing to http://www.denbydalecoffee.co.uk without the ‘s’

    Could this effect SEO quality, or should I set a domain preference in web master tools?

    Thanks

    • Author: benjamin utterback

      Date: May 21, 2013 at 9:51 pm

      Hi Stephen, good question. If you keep your certificates valid, and have all your previous links redirected to your current SSL link, they will be referenced the same way. However, it is important to note that you don’t need SSL over your entire website, only during the checkout process if needed.

  5. i love pretashop, cms cart greate

  6. Author: liza

    Date: April 29, 2013 at 1:10 pm

    it’s awesome CMS, i agree.

  7. Author: Andy

    Date: May 30, 2013 at 1:38 pm

    I am getting an error on the My Account and Account login page. The error is a 404, does this have to do with internal coding and actually changing links in the prestashop. Also, im using a theme I purchased.

  8. Author: Frank H

    Date: June 26, 2013 at 3:45 pm

    Hi, great info and great product :) This is my first time using Prestashop so I’ve been playing with it locally for a short while to get used to re-styling, admin, etc. in preparation for a ‘live’ project that’s now upon me. But I’m REALLY stuck. I’ve only built brochure sites before so not had to deal with SSL…

    The person I’m building for has a hosting package with Fasthosts.co.uk and it includes SSL but not quite as I was expecting (not that I knew what to expect really).
    To activate SSL within the hosting control panel I have to specify a folder name, let’s say “5afe”, which will then generate a URL of “https://secure40.prositehosting.co.uk/5afe”. I then have to install Prestashop into a folder of the same name at hosting server root, e.g. “public_html/5afe”. I’ll then have to set up a 301 redirect to send visitors to the shop when they visit the basic domain name, but of course they’ll have the “5afe” bit showing in the address bar, which isn’t going to be good. Is this making ANY sense? I must admit I’m struggling to keep up with myself here, lol.

    So I’m wondering what my options are or what’s the best way to go. I don’t know how it all works but am wondering if the Fasthosts SSL thing is not quite ‘normal’. Would I be better to advise my friend/client to buy an SSL certificate separately? (they’re available from his domain registrar).

    Is there then a way to apply that ‘proper’ SSL cert to the domain which means visitors just see the normal http://www.domain.co.uk name until they need security in which case Prestashop automagically switches to https? Or once the certificate is applied to the domain name does it ‘just work’? In other words, if a certificate is bought via the domain registrar, will anything need doing on the hosting package for Prestashop to be able to use it?

    I’m really sorry to be so rambling here; it doesn’t help that my friend/client has registered his domain at 123-reg and taken hosting at Fasthosts, whereas I would have kept everything in once place. It also doesn’t help that the Fasthosts system doesn’t appear quite normal, and I have little clue as to what I’m doing with SSL! Once it’s sorted though, I’ll be back in my element with the design and admin side of things.

    BOTTOM LINE: I’d really love to have a simple set of step by step instructions on how to set this up but I realise that’s a lot to ask. If any guidance can be given here though I would really appreciate it; especially if it’s given as if to a five year old. Nice and simple, just like me :)

    So, many thanks to anyone who’s had the patience to read this and may be able to help.
    Cheers,
    Frank

    • Author: benjamin utterback

      Date: June 27, 2013 at 5:00 pm

      Hi Frank,

      Thanks for the comment. It seems you are a bit flustered. Don’t worry, I ‘ll try and help. I can’t speak for every host and every situation but a vast majority of the time it’s actually pretty simple.
      1) Purchase your SSL Certificate (usually from your host)
      2) Make sure you host has properly activated it on the domain (it doesn’t matter where you got the domain from)
      3) Once it is activated on your domain, you can Activate it on your PrestaShop store (Preferences>General)

      Most basic SSL certificates will only show the https on pages that need it. For PrestaShop, those would be pages where you enter sensitive information (like checkout)

  9. Author: vince670

    Date: July 22, 2013 at 6:34 am

    Hi Benjamin:
    after I’ve installed the SSL certificate ( prestashop 1.5.4.1)I start receiving a message
    You cannot place a new order from your country. United States
    Is just a coincidence or is related to the installation of the SSL certificate.
    Thanks

    • Author: benjamin utterback

      Date: July 22, 2013 at 1:34 pm

      Hi vince670,

      That message may have something to do with the SSL certificate. More than likely, it concerns your Preferences>GeoLocation feature. What countries do you have blocked? What are their conditions? Check out those settings and keep me posted. Thanks for reading.

      Regards,

      Benjamin

  10. Author: mir-aus

    Date: September 29, 2014 at 1:04 pm

    I have big problem with PS 1.6 , when I active SSl for all pages google can not index any pages and when I use webmasters tools and Fetch as Google, Redirected error comes up! I think look like loop happened and google doesn’t like it! any suggestion?

    • Author: Benjamin Utterback

      Date: September 29, 2014 at 1:55 pm

      Hi! How long have you waited for Google to reindex your pages? It could take some time. What version of 1.6 are you using? Go ahead and write a Forum post with more details and PM me the link. I’ll help you out. Thanks!

  11. hi, I installed SSL on version 1.6.09 and i’m getting the unsecured https padlock error stating site pages is unsecured. My host say installation is correct and some of my pages are not pointing to https. Can you please help?

    • Author: Magali Ferber

      Date: October 17, 2014 at 1:56 pm

      Hello Rudy,

      Tipically the fastest way to get an answer for your issue is the PrestaShop Forum. You will find some really talented Community members who will help you solve your problem, if it has not been solved yet by another member for a case just like yours.

      Here is a link to the English Forums: http://www.prestashop.com/forums/forum/5-english-forum/

      All the best,

      Maggie

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>