Yesterday, I switched my primary website over to the https:// (secure) protocol. This article is not about how to purchase and install an SSL certificate – it’s about what to do with your installation of Mautic when it ceases to work (and it will cease to work properly) after you’ve installed that certificate.
WARNING: You’re going to need a few geek skills to pull this off. If you don’t have a reasonable understanding of how to edit templates and are not confident inside your cPanel – do not, repeat DO NOT fuck with this – get a geek to assist you. Your hosting provider is not going to be enough to help you to pull this off.
This post is aimed at intermediate to advanced Mautic users.
First up, we edited the htaccess file and did the normal redirections that you’d do for a website that has a newly installed SSL certificate, setting up the site to always resolve to the https:// protocol. After we’d done that, we noticed that all of the embedded Mautic forms what we had on our (Joomla!) website had completely disappeared from the pages where they were installed. Clearly, something was wrong.
You’ll also notice that the word SECURE and the padlock which sits beside it on https:// enabled websites may not appear on some pages. Instead, you’ll see a circular icon. If you click this it will alert you that problems exist with the page and it may not be secure. Usually, that will relate to something that has inadvertently been hardcoded on the page, such as an image file. In the case of Mautic, look first at your embedded forms as the source of the problem. I’ll cover how to diagnose and fix this later.
Edit Mautic Configuration
First up, you’ll need to clear your Mautic cache. Mautic does a terrible job of this and you’ll find it easier to simply delete the cache folder, which you’ll find located in the app folder of your installation of Mautic. Don’t worry about deleting the folder. Mautic will generate a new one.
Next, login into your instance of Mautic. Click on the gear icon (top right of admin panel) and navigate to Configuration. In the system settings, you’ll see your website URL. It will be the old http:// URL – not the new https:// URL that you have with you newly installed SSL certificate. Edit the website URL to include the https:// protocol and click save.
When you click save Mautic will resolve to the User/Authentication Settings tab and will display and error warning in red. You need to add the same Email, First name and Last name as you already have entered in your user settings. Click save.
Edit Website Plugins
Chances are you are using a plugin to monitor website visitation if you are using a popular CMS like WordPress or Joomla!. You will need to edit the plugin so that it recognises the new https:// protocol. Navigate to the plugin within your CMS and edit the URL, as required. Click save.
Edit Custom Themes
This next step only applies if you have custom themes installed. Even then it may not apply if relative URL’s have been consistently used in creating those themes. Especially if your custom themes are older, there is a big chance that they may contain hardcoded URL’s. Older versions of Mautic (back in the 1’s) sometimes rejected relative URL’s when creating templates. A quick look at the public pages of your template should tell you if anything requires attention.
Go to your cPanel (or use ftp) and navigate to your installation of Mautic, then navigate to the theme that you wish to edit. You’ll then need to go through html / html.twig files and edit any hardcoded URL’s to reflect the new https:// protocol. Notably, pages and forms appear to be affected. I went through everything – and even cleaned up some messy code!
After I’d done all of that, everything seemed to work fine – except for one thing…
Earlier I mentioned the problem of pages still being insecure. It only affected pages with embedded Mautic forms on them. The solution is simple. Mautic forms all provide a for a return URL (the URL visitors are directed to upon submission of a form). Navigate to each form and edit the Redirect/URL Message field to include the https:// protocol. That immediately cleared up my issue, with some pages displaying as insecure.
This was my first run through on this. I fully expect to uncover more issues in the next day or two. I’ll update this post as I identify and resolve those problems.