Security and privacy

SSL certificate issues

Picture of raghav agarwal
Re: SSL certificate issues

Hi Andrea,

Thanks for your reply.

But as you say if I make changes in $CFG->wwwroot =  to

$CFG->wwwroot = , It will turn whole site into https and this really do not fulfill my requirement.

I want to apply HTTPS on selective pages, But Chrome blocked the css and the javascript files for those pages, as these are called through HTTP.

How can I call all the javascript and css files required for the page, in the moodle, seperately using HTTPS.



Average of ratings: -
Picture of Andrea Bicciolo
Re: SSL certificate issues
Core developersParticularly helpful MoodlersPlugin developersTestersTranslators
Hi Raghav,

yes, if you add "https" to $CFG->wwwroot all Moodle pages will be served by https. If you want to serve only certain pages by https, you should make Moodle switch from http to https when those page are requested. At the present time only the login page in Moodle supports switch from http to https when requested and switch back from https to http after login.

Rewriting rules in the web server switching from http to https does not change Moodle's wwwroot, which remains in http, and this is the reason why some page parts are served by http.
Average of ratings: -
Picture of Daniel Kaelin
Re: SSL certificate issues

I don't think anyone is following what he is saying. I am running into the exact problem with my Moodle installations. 

The affected portals are set to "HTTPS" logins only. 

They are behind a load balancer so $CFG->sslproxy = 1; must be specified in the config file. 


As a result of setting sslproxy=1 moodle expects the wwwroot to be https. If you aren't running an entire site as https you cannot do this so you have to apply a hack found by other users to bypass this check. 

To bypass the check you have to comment out ~ lines 822-828 in wwwroot/lib/setuplib.php

// $CFG->sslproxy specifies if external SSL appliance is used
// (That is, the Moodle server uses http, with an external box translating everything to https).
if (empty($CFG->sslproxy)) {
if ($rurl['scheme'] === 'http' and $wwwroot['scheme'] === 'https') {
print_error('sslonlyaccess', 'error');
} /*else {
if ($wwwroot['scheme'] !== 'https') {
throw new coding_exception('Must use https address in wwwroot when ssl proxy enabled!');
$rurl['scheme'] = 'https'; // make moodle believe it runs on https, squid or something else it doing it

If you google around for HTTPS login redirect, or login loop you will find other conversations / issues in the issue tracker. 

The above fix combined with the sslproxy setting fixes the login loop problem for a setup behind a loadbalancer using SSL offloading. 


Average of ratings: -
Picture of Vani Bheemreddy
Re: SSL certificate issues


I want my moodle site to not prompt certificate error(it has self-signed certificate). So, i have disabled ssl for this moodle site. But it still shows me the promt in IE (not in chrome though) even after changing the config.php file wwwroot from https://... to http:// .

Whereelse should I be changing settings in order for the prompt to disasppear?

Average of ratings: -
Picture of Bret Miller
Re: SSL certificate issues

Why not just get a real certificate? They are pretty cheap at

Or you might be able to get one free at if your site meets their criteria for a free certificate.

Average of ratings: -