Hi,
So I hope you wanna use https for whole site, not just part.
You have to check Settings – General if both urls columns are set up with https:// instead of http.
Also check your .htaccess file if you use some custom redirect, if yes, remove it and ask your hosting provider how redirect http to https in their environment.
Do you use some redirection or https plugin? Its not necessary if you put just to lines in .htaccess what your host will suggest you (there are more methods, it depends on how your server is set up).
HSTS does not have anything with application, it just tell browser that previously visited site has to visit using https even if you type just http or without it.
Problem is, that your https site is redirect to http somehow (code 302).
So check redirection or https plugin and .htaccess file turn off everything and then just use .htaccess file for handle this.
First visit was ok, then HSTS start working 🙂 on second visit I got that redirecting loop, bc. something (plugin or .htaccess ) redirect to http but browser does not allow me to this bc. HSTS … so it finish with chain http to https and https to http …
I just think, that by mistake you redirected https to http instead http to https 😉
Hi Peter,
thank you very much for your very helpful suggestions!
I just changed the website URL and the WordPress URL in the general settings to https://. Before both were set to http://.
Unfortunatly this was nut sufficent 😉
I basically thought that all “normal” pages with just text and images can run under http:// without problems and only the shop and payment pages should run under https://. This worked for a couple of months. Probably the browsers handle things different now??
This is my .htaccess file:
.htaccess
——————–
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
————————
Running the complete page under https:// would mean that I have to change all internal image and link urls to https:// too, correct?
Would it be an option to ask my hosting provider to deactive HSTS?
Best regards,
Christian
Hi,
Its not hard to change everything to https, Better Search Replace plugin can do it with few clicks. (you can simply replace all http://wildpark-collection.de to https://wildpark-collection.de in database with it)
Stay on http today makes no sense, so if you can I recommend you go https everywhere and you will avoid many troubles and it helps your ranking and it just looks better to have whole site with this. Soon http/2 technology is coming, which will take advantage of it.
Even if you turn off HSTS now, everyone who already visited your site will experience trouble, as it saves like cookie to browser, so its already in visitor’s browser and their browser will always reaching your site with https.
I see that your backend works with https, so do you have something in config.php that force/redirect front-end to http or some plugin or in your hosting setting?
Bc. still your site redirects all https to http what makes this error.
Hi Peter,
ok understood. You’re right. I will switch to have all pages work with https://.
As you can see the htaccess file, do you have an idea where the redirection could happen? I have no redirection plugin. Are there any other wordpress settings to check?
What do ou mean with “force/redirect front-end to http”?
Now I have these seetings:
WordPress-Adresse (URL): https://wildpark-collection.de
Website-Adresse (URL): https://wildpark-collection.de
is that OK?
Best regards,
Christian
Bc. something still redirects https to http what make this issue.
So try to run that plugin what rewrite all your http to https and if this will not fix anything and you don’t use any plugin for redirection (https to http) its probably related to your hosting, setting.
Do you have something in config.php where is your url?
Thank you Peter,
I will try this.
Also check woocomerce, there can be some kind of setting to force ssl or something like that. (I am not familiar with this plugin).
Turn everything off what force ssl. You have to use just one redirection … the best in .htaccess.
Peter, your last tipp with woocommerce hits the bull 😉
There was a checkbox to force ssl within the shop checkout. I cleared that checkbox and my website is on again :-))
Now you can see our little nice shop 😉
I will now find out to redirect within the htaccess file.
THANK YOU VERY MUCH!
Best regards, Christain
Hi Peter,
finally all looks good. I added thhese 2 lines to my .htaccess file:
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
With the “Better Search Replace” Plugin i was able to change nearly 400 urls to https in a few seconds. Great!!
many thanks for your great help!
Have a nive day.
Christian
Nice to hear that Christian, welcome in https world 😉
Wish you the best
