Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Anyone else get this error when visiting my site?


Guest

Recommended Posts

Hi all,

My husband was trying to view our website from work but on every single page whether or not it was secure, he kept getting a pop-up error saying something about the certificate being valid, but didn't match the site name. When he'd click on the button to view the certificate, it showed that the certificate name actually DID match the name of our site. But then he proceeded to actually install the certificate (which is from Comodo), which solved the problems.

 

My concern though is that most customers aren't going to take the time to install a certificate, especially if they don't understand what's going on.

 

Our site used to have a good, steady stream of orders every week. Since we went live with the OSC site, we've had almost no orders at all and the site's been live for over a month.

 

I'm really concerned about this. We're getting traffic from the search engines (I just installed the User Tracking contribution and am checking it often), but no sales. Our prices haven't changed since switching to a database-driven site (it used to be all static pages), and there aren't any new competitors out there (I've checked). So that's why I'm concerned that this might be a problem.

 

Here's the URL: http://www.bowlzilla.com

 

Thanks in advance for any help you might be able to provide!

 

Laura

Link to comment
Share on other sites

I had the same error on your site when trying to create an account, but only once on the first SSL page. After that, it never occurred again.

 

I had a similiar problem when i first installed my SSL cert, and it ended up being all i needed to do was have my hosting provider restart my apache web service (very quick, does not take a server boot). After that..no more SSL problems. You may want to look into that as a possibility.

 

Did you recently install the SSL Cert ?

Link to comment
Share on other sites

Hmmm, it's actually been a couple of days since my host installed the cert. But I'll ask them if they restarted Apache as well.

 

Question: Did you go to the login page from the body of the homepage (the text where it says "Welcome, guest", etc.? Or did you go through the "login" link at the top of the page.

 

The reason I ask is this: If you go through the "login" link at the top of the page I never get any error messages. But if you're being redirected from a secure page to a non-secure page, I *do* get an error message (though not the same one I was talking about here).

 

Thanks for looking and giving me some feedback. I'm hoping a few more people will look and see as well.

 

Laura

Link to comment
Share on other sites

I also had the same error on your site when trying to create an account.

 

We also share the problem with no orders since going live with OSC. Like you we had a steady stream of orders with the old site, but not one since I went live with OSC in April.

 

We did targeted Ad Woods with Google, I am listed in most of the search engines. Our traffic has not decreased since the change, only the orders.

 

This has been a real concern for us since we sell Silver Jewelry and Mothers day is our second biggest holiday.

 

Here is our URL www.corshas.com

 

Scott

Link to comment
Share on other sites

Now you're onto something. When i click on the link from the front page, 'would you like to create an account', i get the error again.

 

However, when i go to login, and then click on create account, i get the error again..

 

You may check out this thread:

http://www.oscommerce.com/forums/viewtopic.php...ificate+invalid

 

Images not being called properly is a common error for SSL certs...

They should be called in:

/images/imagename.gif rather than http://www.domain.com/images/imagename.gif

 

BTW...very cool looking site! If i think of something else, i'll post it.

Link to comment
Share on other sites

Yikes. That's kinda scary to hear...here I was thinking this was a situation unique to my site. We went live in April as well - April 4th to be exact.

 

And we just aren't getting the orders. *Something's* scarring people off and I haven't a clue as to what it is - the only things I can think of are this security certificate issue, and that some of my product listings appear "below the fold" in the categories so maybe some people just aren't scrolling down to view the products available?

 

Hmmm....

 

Laura

Link to comment
Share on other sites

Thanks for the forum links. I'll check into them.

 

Now, I do know that all our images and all are called correctly. The interesting thing here is that we had fixed the login.php going to account.php problem that we'd been having before. It used to cause errors saying that there were non-secure items on the page and did we want to continue or not. The pages had no non-secure items in them and if you manually inserted the "https" the page would come up just fine and dandy.

 

I'm not sure exactly what my programmer did to fix this problem, but at least on my system, and my husbands work computer, we weren't getting *that* error any longer.

 

The one I'm having trouble with is "invalid certificate" so I'm going to check out that thread right now.

 

grrr...how frustrating.

 

Laura

Link to comment
Share on other sites

Hmm, i'm running thru your checkout process (although i wont process the order)

 

A couple of suggestions..read the above thread - i know on my site, i got a few customers that weren't happy about having to create an account, or create an account just to see the shipping charges. So, i made some site changes - added the ship in cart feature that shows charges as they go along, and adjusted the account creation process to be more user friendly and even seem like you're not creating an account.

 

on /checkout_payment.php where it lists the payment options, you have the following:

We can only accept the following credit cards on our site. If you wish to pay by check or money order, please contact us:

 

The contact us link takes you away from the checkout page - i'd suggest making that link open up in a new window. No need to send customers away from checkout.

 

Last, on the SSL issue - when i get to checkout_payment.php - i still have an HTTPS link, but no gold box in my browser. Looking at the image links, sure enough they show HTTP rather than HTTPS

Link to comment
Share on other sites

Thanks. Good suggestions. :)

 

SSL issue: That's *very* odd...there are no different images being called on that page than on the previous secure pages. There should be no reason for them to be showing up as non-secure. I'll look into that and see what can be done.

 

Laura

Link to comment
Share on other sites

I tried your site ... was doing okay until I said create account ...

 

Then I got the warning on mixed secure/nonsecure

 

View source is showing:

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Bowlzilla.com</title>

<!-- <base href="http://www.bowlzilla.com/"> //-->



<!-- lyr040903 this is an SSL page //-->

<!-- <base href="https://www.bowlzilla.com/"> //-->

<base href="https://bowlzilla.com/">



<link rel="stylesheet" type="text/css" href="stylesheet.css">

 

You have two <base href> tags once secure one non-secure.

 

Perhaps this is the issue?

Link to comment
Share on other sites

We went live April 3rd. hmmm

 

 

BTW..as for orders not coming thru now that your onto a database managed site, you will want to read this thread: 

http://www.oscommerce.com/forums/viewtopic.php?t=31021

 

I installed those as well a few days ago.

 

There is bright side, I have 6 months to figure it before Christmas.

 

Scott

Link to comment
Share on other sites

Note: the two are commented so that is not the issue.

 

What is the issue is your certificate is registered to www.bowlzilla.com and your base ref is using https://bowlzilla.com and should be using https://www.bowlzilla.com to match the certificate.

 

Doh!

 

One way to fix it then will be to make your links with www

 

or

 

Just install a new cert, only this time order it for https://domain.com (no www)

Link to comment
Share on other sites

I'd fix the configure.php to make sure it is set up with the WWW in the paths.

 

Looks more natural. And, would match the certificate :D

Link to comment
Share on other sites

whomping my head on the desk

 

How COULD I have not fixed that? I did fix the configure.php file a couple of days ago. We had originally had a certificate without the www in it so it was correct for awhile. We were still having problems with the SSL stuff at that point though. Most of the issues were fixed when we changed the certificate.

 

I'll upload that fixed create account file in a couple of minutes and see if that helps things!

 

I'm also going to implement the suggestions about optimizing for user-friendliness. People on that thread have mentioned jumps of up to 40% since making the changes to their login pages so that can only be goodness!

 

Laura

Link to comment
Share on other sites

Check your web logs and find the most common exit pages. That might give you an idea as to why you are losing customers.

 

More than likely it was due to the security warnings.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

Oh yeah, and you just reminded me of another question I've had...I can't "view source" on my own site. I was beginning to think that it was some setting in OSC, but you obviously can view my source code. Any ideas why I'd be running into this? I can view source on most other sites (unless they have javascript installed preventing it, of course).

 

Laura

Link to comment
Share on other sites

Oh yeah, and you just reminded me of another question I've had...I can't "view source" on my own site. I was beginning to think that it was some setting in OSC, but you obviously can view my source code. Any ideas why I'd be running into this? I can view source on most other sites (unless they have javascript installed preventing it, of course).

 

Laura

 

Are you using Internet explorer 5 or 6 ? I run into the same issue every few weeks. I dont have a link, but it is a known issue in microsoft browsers - You just have to clear your cache. Clear your history, and delete all temporary internet files (can be done from IE config in control panel), and you should be all set.

Link to comment
Share on other sites

Thanks Networkdad & Ajeh! Yes, I'm using IE 6. I'll try your suggestions.

 

Back to the SSL issue, I've just implemented the more Amazon-ian-looking login page on our site (http://www.bowlzilla.com/login.php). I've fixed the base href issue in the create_account.php file (can't believe I hadn't already done that).

 

But I continue to get an error message about being re-directed to a non-secure page.

 

Here's my understanding of the issue:

If the customer has specifically clicked on a button or a link to take them to a non-secure page, then the error doesn't show up - for example if the customer has just logged off and they click on "Continue" which takes them to the homepage. BUT, if the page they were on does a re-direct, without their implicit knowledge, this error shows up.

 

Would a good solution be to take them to an interim page after login which would have all their options listed - for instance, everything they could do within their "profile" like add addresses, etc., plus a button for "Continue Shopping"? Or is that just giving the customer too many steps to go through and more of a chance to just leave the site altogether?

 

Laura

Link to comment
Share on other sites

Typically just refreshing (press F5) the page will allow you to view the source as well. :)

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

Look in your login.php file.

 

Near the top is something like this, but neither end in the SSL ...

 

See what happens if you write the lines you have to have the SSL in them now that the certificate works.

 

        if (sizeof($navigation->snapshot) >  0) {

         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), 'SSL');

         $navigation->clear_snapshot();

         tep_redirect($origin_href);

       } else {

         tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));

       }

Link to comment
Share on other sites

Well, kinda. But now it just redirects them to the homepage which is now entirely secure as well. That doesn't work real well. No one wants to surf a site that's stuck in secure mode.

 

Any other ideas :(

Link to comment
Share on other sites

ummm...ok, let me clarify: the url now is with an "https", but there's no padlock at the bottom. Not sure why that is. There shouldn't be any non-secure items there.

 

Laura

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...