I have 2 websites one in craft cms 2 and the other in craft cms 3.
Everything works fine except the control panel always shows HTTPS insecure, for both the sites.
Below is my .htacces file,
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.co.in
RewriteRule (.*) https://www.domain.co.in/$1 [R=301,L]
# Send would-be 404 requests to Craft
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin http://www.domain.co.in
Header set Access-Control-Allow-Credentials true
</IfModule>
General.php
define('URI_SCHEME', ( isset($_SERVER['HTTPS'] ) ) ? "https://" : "http://" );
define('SITE_URL', URI_SCHEME . $_SERVER['SERVER_NAME'] . '/');
define('BASEPATH', realpath(CRAFT_BASE_PATH . '/../') . '/');
return array(
'*' => array(
'environmentVariables' => array(
'siteUrl' => SITE_URL,
'basePath' => BASEPATH
),
'cpTrigger' => 'manage',
'omitScriptNameInUrls' => TRUE,
'defaultTokenDuration' => 'P1W',
'sendPoweredByHeader' => FALSE,
'enableCsrfProtection' => TRUE,
'pageTrigger' => 'page/',
),
'prod' => array(
'allowAutoUpdates' => FALSE,
'env' => 'prod',
'siteUrl' => 'https://'.$_SERVER['HTTP_HOST']
),
'stage' => array(
'devMode' => FALSE,
'env' => 'stage',
'siteUrl' => 'https://'.$_SERVER['HTTP_HOST']
),
'local' => array(
'siteUrl' => 'http://'.$_SERVER['HTTP_HOST'],
'devMode' => TRUE,
'env' => 'local'
)
);
For others with the same issue, I managed to get this resolved by adding baseCpUrl in the general.php file
'baseCpUrl' => 'https://www.domain.co.in'
For more details visit https://craftcms.com/docs/3.x/config/config-settings.html#basecpurl