Check out issues

Good afternoon:

I have had multiple reports of a check out issue. I have tried repeatedly to reproduce the error, but can't do it. However, one of the staff did a series of tests and was able to spot it, but then, couldn't get it to repeat.

Would you like details in this forum, or in a ticket? It's a bit complicated to explain.

you have steps to reproduce?

you can outline them here.

OK... This is the same store as other tickets, so you have user/pass, ftp in my history.

First alert came from a customer: His message:

"Comments: I have made several attempts to order. After I log in and add my selections to my cart, I always get an error message of an invalid certificate and problem with the site. Can you provide some assitance/direction in placing my order."

Second alert came from my client, via the phone answering service (they take orders by phone on weekends, during night, but enter into the cart; this has been some custom work to make this possible; see history from about 2 years ago):

"Apparently, there were a lot of customers that had this problem over the weekend. Does this error message mean anything to you? The answering service took about 10 orders by hand because the customers all said they were having the same problem over the weekend."

I ran tests, couldn't see the issue.

I asked one of the staff personnel to run tests, using as a "guest", as a logged in customer, etc. His report:
"I did about 12 tests:

First 3 I put the item in my cart first then logged in then paid--all went through ok:
1. As a guest
2. My account
3. With a new account

Then I logged in first then added the test product to the cart then hit checkout and I got the message about the certificate all three times. I couldn't get through to the checkout page.
Then I deleted all the cookies and tried again logging in first, then filling the cart and I never got the message. Repeated it again all 3 ways and still didn't get the message.
Deleting the cookies helped, but did this ever happen before where 10 customers have had it happen?"

Follow up message from staff:
"When I got the message it was when I clicked "checkout". I couldn't even get to the page to make any type of payment. Now that I deleted cookies I can't get the error message no matter what I do."

Follow up message from the phone answering service:
"Second, we are getting the “Website Security Certificate” warning. This is a Microsoft warning because it’s not recognizing your site’s security certificate. Have you checked with your Website programmer to make sure your certificate is current? Because this warning isn’t anything coming from our end."

I tried all methods and didn't get the problem.

More background: This domain doesn't have its own secure certificate. We had tried that and it caused more problems, and at Ray's suggestion, we deleted it. There was a setting Ray referenced at the time. This was early December of last year, if I recall.

The server does have a certificate. All of my domains are on my server, and a few use the certificate, or did in past carts. The certificate is registered to secure.biz-comm.com.

I don't know what else to share. It is not a consistent issue, but it is happening. The staff tester is on a Mac. I'm on a Mac. I imagine that the phone answering folks are on PCs.

There isn't a certificate assigned to the domain. In history, you'll see that there are two domains involved in this: the original and an alias. If you enter a https:// you will see that it gives invalid, but if you open to full message you will see a correct secure.biz reference.

Any ideas most appreciated. If we can find out what is pulling in the https, that should clear this up.

Thanks.

PS: for testing, there is a $1 item with no shipping, called test.

A thought: Ticket=149237
was the latest change

Another client report, this time from management:

"A guy says that he tried to order on the web site, but it kicked him out. This happened twice, once on his computer using Firefox, and ipad the second time. It happened both Sunday and Monday.

The error message was someone was trying to hack the site.

Simply put, the guy said there could be a problem with the security certificate and the name on it, or there may be a hacker attacking the site. He’s ordered before (a year ago) and likes our stuff. I think he’s credible."

Any insight about what the issue is?

Thanks.

sounds to me like there may be some old links to your site in google or another location that is pointing to the HTTPS domain, but since you are on a shared hosting account, the SSL certificate is not dedicated to your site.

does your host support mod_rewrite and htaccess?

if so, you can use mod rewrite to force anybody who tries to access your site using the https address back to the http address:
74

This is a sudden issue. It has been fine for 2 years. It's a dedicated server; I only put a cert on the server, not on any domains.

well the error is saying that the SSL cert is registered to a different domain.

if you try to access:
sporthilldirect.com/

the error says that the certificate is registered to the domain:
secure.biz-comm.com

the work around is to not let traffic use the https address by implementing mod rewrite.

or update the SSL cert so that it is valid for the sporthilldirect.com/ domain.