How to Solve the 10 Most Common Magento SSL Issues

How to Solve the 10 Most Common Magento SSL Issues

Magento is one of the most stable e-commerce platforms in the world. Due to the stability, it offers you the best experience and performance without any issue consistently.

On the other hand, Secure Socket Layer (SSL) ensures the best security during the transaction in your Magento store. If you cannot install and configure it on your website, you are in the risk of losing customers, as it hampers the experience of the visitors significantly.

In this article, you will find the solution to 10 of the most common Magento SSL issues. Take a look at them.

Magento SSL Not working

You might be seeing that the Magento SSL is not working on your website. It may be that it is not activated. To enable it, follow these steps:

  1. Head to System > Configuration > General > Web. Click on the Secure tab.
  2. For the option Use Secure URLs in the frontend and Use Secure URLs in the Admin, choose Yes.
  3. Finally, check the offload header as SSL_OFFLOADED.

If SSL is activated properly, URL of the Magento store will change from HTTP:// to HTTPS://. However, if it is still not working, there might be an issue with the database. To solve the issue, follow these steps:

  1. Select core_config_data.
  2. Run the following query:
Select * from core_config_data wherepath = '%web/secure/base_url%';
  1. Take a look at the value column. If you see HTTPS, the admin setup has been completed successfully. Now, the SSL will work.

If it still doesn’t work, there might be a problem with Ajax call setup. To solve it, use the following codes:

echo Mage::getUrl('MYMODULE/MYCONTROLLER/MYACTION', array('_secure' => Mage::app()->getStore()->isCurrentlySecure()));

There can also be an issue with the third-party URL call. Ensure that the URL is changed as HTTP://, rather than HTTPS:// That means, there shouldn’t be any “S” after “HTTP.”

SSL Checkout Page Redirected to the Homepage

If there is an issue with Magento SSL, the checkout page of your store will be redirected to different web pages, including homepage or the index page. To fix this issue, you have to go through these steps:

  1. Install SSL certificate on your website.
  2. Head to Admin > System > Configuration > General > Web.
  3. Head to Secure settings. Alter the Base URL to HTTPS://. Don’t modify the Base Link, which is currently being set as {{secure_base_url}}. Also, don’t change Skin, Media and JavaScript settings, which is set as {{secure_base_url}}skin/etc.
  4. Select Yes for Use Secure URL for frontend option.
  5. Click on Save. You will see that the SSL checkout redirect issue is gone.

Not Getting Local Issuer Certificate

The error message “SSL certificate problem: unable to get local issuer certificate” shows up when you try to connect to Magento Connect or a remote website using cURL.

The reason behind the issue is the inability of cURL for finding a cacert.pem file. You can solve it using the following steps:

  1. Make a local copy of certs. Store it in a secure location on your server. If you are using a XAMPP file, keep it in the following location:
  1. Update ini. Use the following codes:
[[CA Certs]
  1. Update the file with respect to the location of the local copy of certs.
  2. Now, restart the server. The changes will be applied and the local issuer certificate will be solved instantly.

Can’t Get Access to Admin After Installing Magento SSL

It’s a very common issue. There are two methods to fix it.

Modifying core_config_data

  1. Open the database of your website
  2. Search for core_config_data.
  3. Insert the following SQL query:
INSERTINTO core_config_data (scope,scope_id,path,value) VALUES ('default',0,'web/secure/use_in_adminhtml',1);
  1. Delete /var/cache to delete the cache.

Changing the URL Back to Default

  1. Follow Step 1 and Step 2 mentioned in the aforementioned section.
  2. Now, change the URL of the table back to the default, which is
  3. Clear cache by deleting /var/cache.

Magento 404 Page Not Found with SSL

This error shows up when the configuration file of SSL is not found. Use the following steps to solve it:

  1. Get access to the SSL configuration file using this command:
sudonano /etc/apache2/sites-available/default-ssl
  1. Change ‘AllowOverride None’ to ‘AllowOverride All’.
  2. Restart the server using the following command:
sudo /etc/init.d/apache2 restart

Now, the 404 error has gone. All the pages should work flawlessly.

403 (Forbidden) Error in Admin

The 403 Forbidden error indicates that accessing a page or resource that the user is attempting to reach is absolutely forbidden. In Magento SSL, it can be caused due to different reasons. They are:

The Permission Not Being Set Properly

If you want to serve a file, you must ensure that the server reads and executes the permission according to the hierarchy of the directory. For instance, consider the following path:


In this case, the server reads and executes permissions for /, /usr, /usr/share, and /usr/share/myfiles without any issue. If you want to get rid of the error, you should use standard 755 for directories. It will allow you to read, write and execute permission in your Magento store as an owner.

Everyone else will be enabled only to read and execute permission. But they will not be able to read. You should also use 644 for the files. As the store owner, only you will get the privilege for writing. Everyone else will be able to read the files only.

The Directory Index Not Being Defined Correctly

This is another common reason behind the 403 error. You might not have set directory index accurately. Basically, the index directive for a standard PHP setup should be like this:


As you can see, index.html will be served by the server first, followed by index.htm and index.php. If your directory index is not being defined in a specific way, you will see the 403 error. So, make sure that everything is defined correctly.

HTTP vs Https Issues

While HTTP and Https are different ports, the search engine regards both of their content as the same thing. It can cause a massive impact on your site SEO. Your store might lose a massive place in the Search Engine Results Page (SERP). You can solve the problem in the following ways:

Adding Canonical Link Elements

To highlight the canonical location of the content, you have to add the following line to the head tags of your store’s webpages:

<link rel="canonical" href="HTTP://"/>

By adding it, you are telling the search engine to display only the Https version on the SERP.

Use Two Different Robots.txt for Https

By using a different Robots.txt file, along with the original one, you can tell the search engine to crawl the HTTPS version of your Magento store web pages. Just follow these steps:

  1. Use .htaccess to serve a different Robots.txt, along with the default one. Save the default file as robots.txt and the other one as robots_ssl.txt. The former one is a regular non secure HTTP file. The latter one is the secure HTTPS file.
  2. In .htaccess, make the following changes:
RewriteCond%{SERVER_PORT} ^443$
RewriteRule ^robots.txt$ robots_ssl.txt [L]

Here, you are telling the server to serve the robots_ssl.txt as robots.txt through various rewriting functions.

Use Meta Robots Tag

You can use the Meta Robots tag to make the web pages being crawled, but not indexed, by the search engine. To use it, type the following codes in the Head tag of your Magento 2 store web pages:

if(isset($_SERVER['HTTPS']) &&strtolower($_SERVER['HTTPS']) == 'on') {
echo'<meta name="robots" content="noindex,follow" />'. "n";

Activating SSL in Magento Admin Panel Results in Infinite Redirect Loop

If you have turned SSL in Magento Admin, you might face the incredibly irritating issue of the infinite redirect loop. In most of the cases, the problem emerges from Store.php. You can locate the file by going through the following path:


Now, let’s take a look at Store.php file:

            if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')             {
            if (Mage::isInstalled()) {
                        $secureBaseUrl = Mage::getStoreConfig('web/secure/base_route_url');
                        if (!$secureBaseUrl) {
                        $uri = Zend_Uri::factory($secureBaseUrl);
                        $isSecure = ($uri->getScheme() == 'HTTPS' ) &&isset($_SERVER['SERVER_PORT']) && ($uri->getPort() == $_SERVER['SERVER_PORT']);
                        return $isSecure;
             }             else {
                        $isSecure = isset($_SERVER['SERVER_PORT']) && (443 == $_SERVER['SERVER_PORT']);
                        return $isSecure;

If web/secure/base_route_url is not used in core_config_datatable, you will always get a false response from isCurrentlySecure.

You can solve the problem in the following way:

Add HTTPS with On Value

If you are using Nginx with PHP-FPM, insert the following code in nginx.conf:

fastcgi_param HTTPS on;

Now, restart the server. You will see that the infinite redirect issue is gone.

SSL-HTTPS Frontend Layout Problem

If you are facing issues with SSL-HTTPS, remove HTTP from Base URL in the insecure section of the configuration. Add HTTPS in the secured section and reload the cache. You will see that the frontend layout issue has been fixed.

How to Change the Base URL

  1. Login to Magento admin panel.
  2. Head to System > Configuration > Web > Unsecure > Base URL. Here, you will modify the unsecure base URL.
  3. To alter secure Base URL, go to System > Configuration > Web > Secure > Base URL.
  4. Now, perform cache management by heading to System > Cache Management.

Can’t Log in to Admin After Enabling SSL

A lot of users can’t find a way to get into the Admin Panel after activating SSL in their Magento 2 store. While the issue is very irritating, it can be fixed very easily. Just follow these steps:

  1. Head to the database.
  2. In core_config_data table, change the value field to 0 with the path of web/secure/use_in_admindata. Do the same thing for the path of web/secure/use_in_frontend.
  3. Sign into your hosting account using SSH. Type the following command:
rm -rf ~/public_html/magento/var/cache
  1. Now, you can log in to the admin panel.


In this article, you have learned different methods for solving the most common Magento SSL issues. By following them, you can get rid of all the frustrations and keep your store up and running.

Check out these top 3 Magento hosting services:

£3.15 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
  • Support
  • Features
  • Reliability
  • Pricing
£2.35 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
  • Support
  • Features
  • Reliability
  • Pricing
£1.41 /mo
Starting price
Visit FastComet
Rating based on expert review
  • User Friendly
  • Support
  • Features
  • Reliability
  • Pricing
  • Want to get top recommendations about best hosting? Just click this link!

How To Set up a VSFTPD Server on an Ubuntu 16.04 VPS or Dedicated Server

Brief Description FTP data is usually insecure since information (usernames, pa
2 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Install an SSL/TLS Certificate for WordPress with Apache Using a Nginx Reverse Proxy on a CentOS VPS

One of the ways to increase your website’s google ranking is to set up SSL. Th
4 min read
Avi Ilinsky
Avi Ilinsky
Hosting Expert

How to Setup Let's Encrypt With Nginx on an Ubuntu 18.04 VPS or Dedicated Server

In this guide, you will learn how to setup Let's encrypt on your Ngnix Server to
3 min read
Avi Ilinsky
Avi Ilinsky
Hosting Expert

How To Add Free SSL In WordPress Using Let's Encrypt

Let’s Encrypt is a free open certificate authority that aims to provide SSL ce
2 min read
Idan Cohen
Idan Cohen
Marketing Expert provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top