Mautic Community Forums

Secure forms and SSL

I’ve installed Mautic on our domain which has a secure certificate but the forms are being reported as insecure when they are submitted. Does anyone know an easy way to force everything in Mautic to use the HTTPS transport?


I’ve installed Mautic on our domain which has a secure certificate but the forms are being reported as insecure when they are submitted. Does anyone know an easy way to force everything in Mautic to use the HTTPS transport?

Hi Wbuist

Thanks for posting this - can you send a link to the form? I want to check out the completed markup and see what its generating. If there’s any file includes from mautic not using SSL.

Here’s an example. https://abelard-uk.com/event/psa-mega-golf-morning/

Hi

actually you seem to have some other content on the page that isn’t being loaded as HTTPS. Here’s an example:

https://www.evernote.com/shard/s42/sh/5a1202dc-603c-4ee1-842c-00bfdeccfbf7/59a37fceb10726e232e05ab9b06b48d6

The mautic form is https:
https://www.evernote.com/shard/s42/sh/f804181f-95fe-4b2d-9d36-16eec9f56c25/f8c7b40f025d4a544ecc5e59f4650323

Thanks Chad,

I thought I had caught all of those (they are some logo’s uploaded before the SSL certificate was applied) but obviously not. All fixed now, thanks for the help.

Regards

William

Hi Chad,

I’ve updated all those links so the page now show as secure for all items on it,

However, when you click to submit the form the system reports:

This form will be sent in a way that is not secure. Are you sure you want to send it?

How do I send it in a way that is secure?

Here’s an example - https://abelard-uk.com/event/psa-mega-golf-morning/

Hi Wbuist

Okay I think I know what you have to do here:

In Mautic you can set the url in the configuration panel:

Make sure it’s https there in Mautic, and also make sure when you log into Mautic you use the http version of the URL.

Then, re-save the form in Mautic so that the proper embed URL is generated with https. Try re-embedding after that. The form action should use https.

If this doesn’t work let me know, I’ll go set up an SSL cert to test my self.

There’s some really weird behaviour here. What you say makes sense but the URL has been set to https since day one.

The Javascript for the forms is “http” and I’ve added the s manually - that’s probably because I’ve been logging in to the http version without realising it. So to follow your instructions I logged out and logged back in and whilst most things worked there were some curious changes to the configuration I couldn’t explain around mail passwords and so on and I’m struggling to save changes to the config file. (config/local.php) (I’ve even set it’s permissions to 777 instead off 644 but that made no difference.

Here’s a video that shows the unusual behaviours.
http://www.screencast.com/t/wurAcrj1t

Hi Wbuist

Thanks for the video - that explained what you’ve got going on very clearly!

So I think most of this is purely cache related. Let’s do this:

First off - Let’s delete any cached mautic files. Make sure you’re logged out of mautic, then run on the command line:

(from Mautic’s root)
php app/console mautic:cache:clear -e prod
php app/console mautic:cache:clear -e dev

That will clear cache for production and then for dev (you’re not using dev so it shouldn’t matter, but we’ll clear it as well just incase).

If you don’t have access to command line you can do the same thing by simply deleting:
mautic/app/cache

Once you’ve got that let’s log into Mautic with the proper HTTPS url, then let’s check your configuration. If the mail settings are not correct let’s try to correct them by setting them in the form and saving. Hopefully everything will save. Its possible that the save is working fine, but the script is timing out before clearing cache. After you hit save if you don’t get a success and a re-load of the page, go clear cache again manually.

Hopefully when you log out, log back in the proper mail credentials will be saved when you’re logged in with https. From then on you should be good to re-save the form and test an https embed.

Hi Chad,

I logged out of Mautic
I opened an SSH session and ran the commands you provided
I got

[InvalidArgumentException]
There are no commands defined in the “mautic:cache” namespace.
Did you mean one of these?
doctrine:cache
mautic:assets
mautic:translation
mautic:campaigns
mautic:campaign
mautic:trigger
mautic:transifex
mautic:emails
mautic:update
mautic:leadlists
mautic:install
mautic:send
mautic:email
mautic:process
mautic

for the prod one.

and fatal error:
Fatal error: Class ‘SymfonyBundleTwigBundleTwigBundle’ not found in /var/sites/a/abelard-uk.com/public_html/m/app/AppKernel.php on line 186

for the dev one.

I deleted the cache manually. by removing the directory

I logged back on to Mautic using the secure version and the wrong mail details were provided. I tried to change them but they wouldn’t save and I had the same symptoms as before.

Does any of this help.

ps I’m happy to give you access to any aspect that you need if that would speed things up.

Oh whoops I totally gave you the wrong cache command. Do:

php app/console cache:clear -e prod
php app/console cache:clear -e dev

(No mautic prefix)

Are you using Mautic 1.0.4? Can you try upgrading - it should fix that twig issue.

If you open app/config/local.php does it have the right credentials for your mail connection?

OK I reran those and got a timezone not set warning and the twig error. However when I went back to look at the impact Mautic has stopped working altogether. I get this error now…

Warning: session_start(): Cannot find save handler ‘memcache’ - session startup failed in /var/sites/a/abelard-uk.com/public_html/m/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php on line 148

Warning: include(/var/sites/a/abelard-uk.com/public_html/m/offline.php): failed to open stream: No such file or directory in /var/sites/a/abelard-uk.com/public_html/m/index.php on line 52

Warning: include(): Failed opening ‘/var/sites/a/abelard-uk.com/public_html/m/offline.php’ for inclusion (include_path=’.:/usr/newage/lib/php’) in /var/sites/a/abelard-uk.com/public_html/m/index.php on line 52

I think I’m on 1.0.3 as that’s what’s available from the download page. I think reinstalling might be good idea. DO you agree and what’s the best way to achieve that?

regards

William

ps Really appreciate your help, thank you.

Hmm memcache might indeed be part of the issue here if it is trying to cache the config files in addition to mautic. Any chance you can disable that and try again?

I don’t know how to do that - Sorry.

You can probably ask your host to do it for you, I unfortunately don’t know how to do it on your server either since I didn’t set it up.

Hi Chad,

OK, I’ve asked them. I’ll let you know what they say.

Thanks

William

My ISP has resolved the Memcache issue and Mautic is loading again. However the SSL version is still not allowing me to save changes to configuration. The settings in the local.php file are not the one shown on the configurations page…

What can we try next?

Okay, glad we got that memcache thing out of the way!

So, I’m not sure why the config file isn’t updating. Let’s try to save it in debug mode. Do this:

Edit index.php, and set the debug mode to true, that happens here:

https://github.com/mautic/mautic/blob/staging/index.php#L31

Then let’s try re-saving the config with the right settings. It should show the ajax save bar at the top and then refresh the page if successful. If that doesn’t happen just wait a little while and hopefully an error message will popup. If you don’t get an error message, we’ll check out the error logs. Those are in:

app/logs/mautic_prod.php

If you want to make it a bit easier to read the logs, delete them all first and then run this so this will be the only error in the log.

So I’ve done that, and there was no difference, so I also upgraded to 1.0.4 and there are some slight variations.

Here’s another Video : http://www.screencast.com/t/9Xjrp5Uh4

Mautic_prod.php wasn’t updated in this process
prod_php is there anything in there I should look for.