SSL publishing update

One of my sites now has SSL attached to it. What settings (if any) do I need to change in Sparkle?

The web address in the general site settings can be changed to have a leading https://.

You also need the non secure site to redirect to the secure site, this varies depending on the web server and is currently not configured in Sparkle also because of that.

For Apache web servers (the most common) you need to create a file named .htaccess in the root of your website, perhaps using the file manager of your web host or a third party FTP application. The file should contain the following:

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

This works with any domain name.

1 Like

@duncan, Should we start suggesting the use of:

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

to enable HSTS while we are at it?

Where it says SERVER_NAME does that have to be altered to your web address or is it just left as it is in your script?

It’s a more involved decision.

1 Like

That htaccess server configuration doesn’t need to be changed.

That’s good, because I copied it and created the file exactly as you typed it! Thanks for confirming.

I had to delete this script, I was getting error messages from Facebook , Safari and Chrome saying there were too many redirects? What is that all about?? Any idea.

That works as is on the site. Hard to say, server configuration is hard to troubleshoot.

When re-uploading form sparkle for a site change, does it need the .htaccess manually replied each time?

Or does it get ignored by Sparkle on a push?

This should help:

Why No Padlock will troubleshoot your setup and tell you what to do (on the server, not Sparkle).

1 Like

Sparkle ignores that.

Thank you, as always,