My previous access provider didn't have a secure subfolder. The new access provider added one and duplicated the site within it hoping that the cart.php could find it. The files to edit are in the main directory and the secure file directory could be deleted. We would be at the same place of not getting access to https. The CSR is set-up for secure.browngrotta.com just as before. If we delete the secure subdirectory and edit the cart.php file that remains. It would be the same file that was originally transferred from the previous provider.