You should make sure you have a SSL certificate installed for your domain. If you do not have a dedicated SSL installed, this configuration will cause issues with accessing your OpenCart dashboard and the login/checkout pages of your store.
Most payment processors such as Authorize.net will require you to purchase a SSL. You may want to purchase and install one prior to fully setting up your shopping cart.
Please see our tutorials if you need more information on what a SSL is and how to purchase one. Please keep in mind OpenCart does not support the use of the shared SSL certificate.
To enable SSL in OpenCart, there are three areas to edit: The System Settings in the OpenCart Dashboard, the config.php file in the directory where you installed OpenCart, and the config.php file in your OpenCart Admin folder.
Enabling SSL in the OpenCart Dashboard
- Log into the OpenCart Dashboard
- Go to System > Settings
- Click on the Server tab
- Check the radio button to use SSL
Enabling SSL in the OpenCart directory config.php file
- Log into cPanel and go to File Manager
- Navigate to your OpenCart installation directory
- Open (Edit or Code Editor) the configuration file (config.php)
- Look for the lines below // HTTPS that looks similar to this:
define(‘HTTPS_SERVER’, ‘https://opencart.inmotiontesting.com/’);
define(‘HTTPS_IMAGE’, ‘https://opencart.inmotiontesting.com/image/’); - Edit the HTTPS settings to reflect your SSL URL path. For example:
define(‘HTTPS_SERVER’, ‘https://opencart.inmotiontesting.com/’);
define(‘HTTPS_IMAGE’, ‘https://opencart.inmotiontesting.com/image/’); - Save changes and close the config.php file
Enabling SSL in the OpenCart Admin folder config.php file
- Go to the Admin folder
- Open (Edit or Code Editor) the configuration file (config.php)
- Look for the lines below // HTTPS that looks similar to this:
define(‘HTTPS_SERVER’, ‘https://opencart.inmotiontesting.com/admin/’);
define(‘HTTPS_CATALOG’, ‘https://opencart.inmotiontesting.com/’);
define(‘HTTPS_IMAGE’, ‘https://opencart.inmotiontesting.com/image/’); - Edit the HTTPS settings to reflect your SSL URL path. For example:
define(‘HTTPS_SERVER’, ‘https://opencart.inmotiontesting.com/admin/’);
define(‘HTTPS_CATALOG’, ‘https://opencart.inmotiontesting.com/’);
define(‘HTTPS_IMAGE’, ‘https://opencart.inmotiontesting.com/image/’); - Save changes and close the config.php file
Now, anytime you login to your dashboard or a visitor purchases a product it will force the SSL for security purposes. If you need further assistance please feel free to ask a question on our support center.
Hi, how can I make all my scripts https? Do I add anything to the .config. I get the same error as above, also at checkout. The URL is https but is a “mixed content” I do not have any images at the checkout.
Changing the settings in the config.php will update the URLs for the Links that are managed by OpenCart, however, your theme or modules may be using hard coded URLs that need to be updated. If you go to your site in google chrome where you are getting the warning and right click on the page and click inspect, Then select the console tab it will show you a list of the URLs that are showing as mixed content.
Hello and thank you for that detailed article!
I’m using OC 1.5.6.4 and did all the neccesary steps. My issue is that when I try to purchase something my site is mentioned as “unseccure” at the task bar with an exclamation mark at the padlock and with the note:”connection is not secure. Parts of this page is not secured (such as images)”.
Do you know what elses should I do to fix that?
Thank you in advane!
Loukia
You need to make sure all the stuff on your page is loaded over HTTPS, even the scripts and images. If you do not, you will not get the green padlock.
Can somebody help me, I want to install opencart with openssl into godaddy hosting but I have no idea what account type from godaddy I need or if it’s possible to use openssl with opencart into godaddy 🙁
Hello,
I have installed a self-signed certificate on my cpanel and and have chaned the opencart to use ssl. I have also configured config and admin/config sectios to https://.. but it is not working. What might be the problem? Kindly help!!
Regards
Bii Vincent
Self-signed SSLs generally do not work well with production sites as they will not pass validation check. They are more along the lines for emails.
What configuration for the URLs did you set up in your files?
Hi,
Please check my website https://www.newyorkcables.com/
Regarding SSL
Hello Steve,
I am able to visit your website via the SSL. Are you seeing any errors? If so please tell us the steps to replicate the error.
Best Regards,
TJ Edens
Hi,
I have just changes my website theme and now I am facing SSL error and I am not able to success my merchant account,
Please help me.
Were you following the above guide?
What changes did you make to your OpenCart theme?
What is the full SSL error you are seeing?
How can I view and test this error?
Thank you,
John-Paul
Hello
I copied and moved the files to private_html folder.
Now https:// show the page.
https://webshop.locco-palace.be is my site and checkout, account and return is now https:// with correct page showing.
So i have files in public_html and duplicated files in private_html and working now.
Hello, thank you for the reply
I did all that, and https works. but the page is not found on https://
I have directadmin and have public_html and private_html, so i guess i need to move the correct files to private_html to show the page in https://
I dont get it work like the tutorial mention.
I also needed to set false to true in system/config/admin & catalog to get the redirect to https://, but with page not found
Regards
You should not have to move any files.
Which method above are you trying?
Can you provide a link to the site for testing?
Thank you,
John-Paul
Wich files i have move from public folder to private folder to get https:// working
now i get url not found page when i go to account or checkout from http mode to https.
So i guess i need to move some files, is that correct?
Regards
Hello Nico,
If you’re trying to get HTTPS working for an OPENCART website, then you should only need to follow the directions in the tutorial above. There is no need to move files. If you’re trying to do something different,then you will need to explain it in more detail.
If you have any further questions or comments, please let us know.
Regards,
Arnel C.
We installed SSL certificate and it broke all button clicks, registration on the site. Now we removed it but still the issue continues. We cleared the cache and tried still the issue is there. Need your help.
Hello BaskPar,
Sorry for the problem with the broken clicks and registration on your OpenCart site. The problem MIGHT be related to friendly URLs. If you just installed an SSL certificate and you enabled properly, but you didn’t reset your friendly URLs. To reset, you basically go into Settings>System>Turn OFF SEO URLs, save it, then go back into the settings again and turn them on. The URLs need to update in the database.
If you continue to have problems with this issue, please give us more information on your installation, such as versions, any extensions you’re using and the steps you’ve taken to enable SSL.
If you have any further questions or comments, please let us know.
Regards,
Arnel C.
Hello, i have an issue.
When an user logs in my site it points to https, but when the logged user clicks on a category, it points to www, so the user status is lost, how can i solve this?
Hello Pier,
If keeping the user within https will keep the status, then you can use this article: How to force a dedicated SSL using the .htaccess file. Bear in mind that this is for keeping a specific URL within “https”. If you have a link in your website that goes elsewhere, then it will not be in HTTP, unless it is specified for that path.
I hope this helps to answer your question, please let us know if you require any further assistance.
Regards,
Arnel C.
Hi guys!
I wanted to test that method because I have the same problem with e-mails not sending to customers and to my site administrator but I’ve noticed that I don’t have any */admin directory. What can I do?
I mention that I have OpenCart 1.5.4.
My site is www.lan***.ro
Activity on house automation (smart house).
Hello tPH,
Thank you for contacting us. The /admin directory is typically the login page for your OpenCart. For example, you would login to the dashboard, at: https://example.com/admin
If your admin directory does not exist, it may have been moved/changed by your developer.
What folder do you login to your Dashboard from? Have you tried looking there?
Also, have you tried searching your account for the admin folder? You can search with File Manager.
Thank you,
John-Paul
The instruction works perfectly for me and it solve the issue of Certificate exception error i do see on my web browser. Thanks man
Have you purchased and installed an SSL certificate? If not, you may review our article on purchasing SSL certificates.
Hello,
I just want to know,How much to buy a SSL from Inmotionhosting?
Of course ,if I buy a Inmotionhosting host.
Best
SSL certificates are currently $99 per year with a one-time $25 installation fee. You can find more information within our article on purchasing an SSL certificate.
None of what is on here worked for me i tried everything recommended here to no avail, and no help from tech support,other than read this article
Hi, thx for veery helpful post! I have same problem too. I did everything according to instructions but https is only in admin area and during the order phase. In main page https is no full (with yellow triangle), google chrome blocks some scripts from untrusted sources. Need a help! Here is my files:
config.php:
// HTTP
define(‘HTTP_SERVER’, ‘https://24slim.biz/’);
// HTTPS
define(‘HTTPS_SERVER’, ‘https://24slim.biz/’);
// DIR
define(‘DIR_APPLICATION’, ‘/xxx/xxx/xxx/htdocs/www/catalog/’);
define(‘DIR_SYSTEM’, ‘/xxx/xxx/xxx/htdocs/www/system/’);
define(‘DIR_DATABASE’, ‘/xxx/xxx/xxx/htdocs/www/system/database/’);
define(‘DIR_LANGUAGE’, ‘/xxx/xxx/xxx/htdocs/www/catalog/language/’);
define(‘DIR_TEMPLATE’, ‘/xxx/xxx/xxx/htdocs/www/catalog/view/theme/’);
define(‘DIR_CONFIG’, ‘/xxx/xxx/xxx/htdocs/www/system/config/’);
define(‘DIR_IMAGE’, ‘/xxx/xxx/xxx/htdocs/www/image/’);
define(‘DIR_CACHE’, ‘/xxx/xxx/xxx/htdocs/www/system/cache/’);
define(‘DIR_DOWNLOAD’, ‘/xxx/xxx/xxx/htdocs/www/download/’);
define(‘DIR_LOGS’, ‘/xxx/xxx/xxx/htdocs/www/system/logs/’);
admin/config.php:
// HTTP
define(‘HTTP_SERVER’, ‘https://24slim.biz/admin/’);
define(‘HTTP_CATALOG’, ‘https://24slim.biz/’);
// HTTPS
define(‘HTTPS_SERVER’, ‘https://24slim.biz/admin/’);
define(‘HTTPS_CATALOG’, ‘https://24slim.biz/’);
// DIR
define(‘DIR_APPLICATION’, ‘/xxx/xxx/xxx/htdocs/www/admin/’);
define(‘DIR_SYSTEM’, ‘/xxx/xxx/xxx/htdocs/www/system/’);
define(‘DIR_DATABASE’, ‘/xxx/xxx/xxx/htdocs/www/system/database/’);
define(‘DIR_LANGUAGE’, ‘/xxx/xxx/xxx/htdocs/www/admin/language/’);
define(‘DIR_TEMPLATE’, ‘/xxx/xxx/xxx/htdocs/www/admin/view/template/’);
define(‘DIR_CONFIG’, ‘/xxx/xxx/xxx/htdocs/www/system/config/’);
define(‘DIR_IMAGE’, ‘/xxx/xxx/xxx/htdocs/www/image/’);
define(‘DIR_CACHE’, ‘/xxx/xxx/xxx/htdocs/www/system/cache/’);
define(‘DIR_DOWNLOAD’, ‘/xxx/xxx/xxx/htdocs/www/download/’);
define(‘DIR_LOGS’, ‘/xxx/xxx/xxx/htdocs/www/system/logs/’);
define(‘DIR_CATALOG’, ‘/xxx/xxx/xxx/htdocs/www/catalog/’);
.htaccess:
RewriteCond %{HTTP_HOST} ^www.24slim.biz$ [NC]
RewriteRule ^(.*)$ https://24slim.biz/$1 [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\ HTTP/
RewriteRule ^index\.html$ / [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ / [R=301,L]
RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ https://%{HTTP_HOST}? [R=301,L]
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
Hello dale,
Thank you for contacting us. We are happy to help you, but will need some additional information.
What happens when you follow the guide above? Were you able to update the URL in all 3 places (Enabling SSL in the OpenCart Dashboard, Enabling SSL in the OpenCart directory config.php file, )?
Do you get any errors? What are they?
Have you tried Clearing your Browser cache before testing?
If you have any further questions, feel free to post them below.
Thank you,
John-Paul
Thank you very much for this article. I have a problem with open cart. After the implementation of SSL on my website (marceloflondon.com), the add to cart button no longer works, the login (after valid username and password) doesn’t do anything, the register field no longer function. What do you think has gone wrong? Helppppp.
Could you provide me a link to your site so that I may replicate the issue?
I don’t think this needs any improvement. This article solved all the problems I had with my store not displaying properly when I used https://. I was getting frustrated so I’m glad I was referred to this article. It did the trick!
What about this case, i have got a working cert for www.example.com , now i want to add opencart to www.example.com/shop , do i need to buy a new certificate ? or it should work with the example.com cert ? so far ssl is on but i get “server address does not match the certificate url.
any idea ?
thanks
Karl
Hello Karl,
Thank you for your SSL question. Since /shop is just a folder (within www.example.com), your SSL will still work for it.
Since the SSL must match the domain exactly, I recommend checking your SSL for spelling mistakes.
You can use a tool such as the SSL Checker to review your SSL information.
If you have any further questions, feel free to post them below.
Thank you,
John-Paul
Hi,
Thanks for sharing this but I’m still experiencing some major issues with my SSL configuration.
Can anyone please get in touch to help me reslove my SSL issues. I configured the SSL and now I’ve lost images on my homepage and three other pages – also SSL doesn’t seem to have worked on everypage! I’m so desperate to reslove this.
Hello Leo,
Our apologies for the problems you’re having with SSL in your OpenCart installation. Unfortunately, the support we provide here is done in replies to posts here within the Support Center. If you wish for us to help you, then please provide specific information on the problem you’re having (URL and or steps to duplicate a specific problem) and we can investigate it further.
Lost images are typically the result of broken links. You need to look at the paths for those images and determine WHY they aren’t working. SSL is generally based on a particular domain. If you are inspecting to see why a page is not being entirely secured, then it’s generally because some link or graphic or element on your website is not using the SSL in the URL.
I hope this helps provide some insight for the issue. Our apologies that we cannot provide private support for the issue. If you are a customer with InMotion Hosting, then you can submit a support ticket or contact our technical support department for support without having to post any information in our support center.
Kindest regards,
Arnel C.
Hi Im trying to get the Facebook store basic module to work and it requires ssl.
ive followed the instructions, no https happens and I cant login to the admin any more if the config.php in the admin folder is set to https://.
www.thesleepingcloud.co.uk
any ideas?
many thanks
Dave 🙂
Hello Dave,
Thank you for your question. We are happy to help, but will need some additional information. Did you change the URL in all 3 areas?
When i go to your site, it forces me to go to:
https://thesleepingcloud.co.uk/
This usually means that the url is set as:
https://thesleepingcloud.co.uk/
If you have any further questions, feel free to post them below.
Thank you,
John-paul
Hi dear,
I followed all the instruction above but my store front is not pointing to https only my website admin area is pointing to https.
my website is scarletlove.com please check and help me.
Hello Ashish,
I checked and your site displays fine using the https version. This article describes how to enable it, which it appears you did. It does not, however, force https when the user arrives on the site.
Kindest Regards,
Scott M
Thanks for this!
I have a problem though. The homepage and non of the category or product pages are pointing to HTTPS, just a few other pages such as account, logic, etc are working.
Hello Mark,
Thank you for your question. After enabling your SSL in the 3 locations, have you tried clearing your browser cache, or testing on a different computer?
If you have any further questions, feel free to post them below.
Thank you,
-John-Paul
Thank you soooo much for posting this information… I broke my website several times and had to restore it whilst trying to get ssl up and running… you’re my hero !
Hello,
Thank you for sharing the detailed steps.
However, ever since my host has installed SSL on the server, except for home page no images are loading on the website..none on category page and none on product page.
Furthermore, when i followed your instructions to enable SSL on the website, on checkout page and in admin CSS & JS do not load and no images are getting loaded on the webpage!
What could be the problem here??
There could be multiple reasons as to why you are seeing this. Could you provide the URL where you are seeing this to investigate?