Website check for me, i have debug log!

Hi,

the force ssl false in the debug log only means the plugin did enable SSL automatically, not forced by user.

It is possible the .htaccess redirect wasn’t added, as the test of these rules failed. You can follow these instructions to insert it manually.

https://really-simple-ssl.com/knowledge-base/manually-insert-htaccess-redirect-http-to-https/

Hi Rogier,

Thank you for the information, I ran the test and I got this on the test page, I didn’t understand when you said “mind the s” so I used https in my address.

SSL test page

This page is used purely to test for ssl availability.
#SERVER-HTTPS-ON# (on)
#SERVERPORT443#

#SUCCESFULLY DETECTED SSL#

HTTP_HOST: https://www.mysite.com
REQUEST_URI: /wp-content/plugins/really-simple-ssl/ssl-test-page.php

Should I bother doing the .htaccess file?

Howard

Based on the testpage, you can add this to your htaccess:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

And you have your .htaccess rewrite rule added.

I see below code above the WordPress begin code, should I drop in-between below code?

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.9]
# END rlrssslReallySimpleSSL

Can I add this as well?

<IfModule mod_headers.c>
Header always set Strict-Transport-Security ‘max-age=31536000’ env=HTTPS
</IfModule>

Yes, that looks good.

Thank you for the information, I added the codes to my .htaccess file, it showed the code on WordPress admin, but now I don’t see it in the .htaccess anymore, none of the codes I added, still seeing this on WordPress admin

warning HTTP Strict Transport Security was not set in your .htaccess. To enable, get Premium

Howard

I forgot to mention, you can enable the setting “stop editing htaccess”. Then add those lines.

Yes I realize that afterwards and did that, so this is what I have in the .htaccess file.

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.3.9]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security ‘max-age=31536000’ env=HTTPS
</IfModule>
# END rlrssslReallySimpleSSL

But I’m still seeing this in WordPress admin.

warning HTTP Strict Transport Security was not set in your .htaccess. To enable, get Premium

Howard

Your Htaccess looks good. Not to worry. As you have inserted yourself, it’s preobably slightly different, with an extra space or something like that.

Ok Rogier, Thank you for all your help, much appreciated. As long as it works currently and does what it says, it will be alright.

Howard

Hello Rogier,

I see this error in Firefox Web Console.

Strict-Transport-Security: The site specified a header that could not be parsed successfully.[Learn More]

Howard

Here is my website https://www.searchjamaica.co

Howard

As your code looks good, you might want to check your quotes. It’s possible that you’ve copied it from a site, and that the quotes are encoded an some way. So type in the quotes manually, and check again.

I’ve also run an SSL scan on your site, your certificate scores an F, which is pretty low. I’d contact your hosting company about that.

I copied the code form your website you sent me above, the max-age in quotes seem to be the problem, on your website the quote is ‘max-age’ on others I see “max-age”