SSL Protocol Error on Facebook

Resurrected by request

David,
The good news about the free certificates from StartSSL is that they work for the primary domain *and* a subdomain. Most users will get a certificate that works for www.domain.com, which would cover accessing your site over:
www.domain.com
domain.com

Its your choice what works best for you. Honestly, we generally recommend that you only have one 'main' domain for your site and all your content. For example, on this site, you can't go to sourcecoast.com.. you'll always be redirected to www.sourcecoast.com. Additionally, you can access any page of our site over http or https.

The main issue you can run into with a secure.domain.com certificate is that you can't perform an SSL redirect from www.domain.com domain.com (or vice versa) if the certificate isn't valid for that subdomain. So, bottom lining it, it's generally best practice to:
* Have an SSL cert for www.domain.com and domain.com (which startSSL easily does)
* Have a redirection setup for www to non-www (or vice versa). This is a general best practice, and not really specific to SSL.

Do I need to add any CNAME settings or add a sub-domain if I continue with secure.mysite.com?

CNAME - Great, easy way, to redirect from www to your A-Record for the root domain (or vice versa)
Sub-domain - You should always have a www subdomain setup specifically so that you can catch users that type www. before every website they go to out of habit.

Whew.. think I may have confused myself.. I hope I didn't confuse you. Questions welcome

Alex

You may need to check with your hosting provider that you can install your own SSL certificate and, if so, if there's any special procedure to do so. Many of the cheaper hosting plans (less than $10-15 per month) use shared servers where many, many websites share the same IP address. In that case, the host may not allow individual SSL certificates for each site.

The next step, from here, is to contact them to ensure that you can install your own SSL certificate and see if they have any suggestions as to what may be wrong.

3. I already have a redirect setup in .htaaccess so that www.mysite.com traffic goes to mysite.com

Good! That will work for all of your non-SSL traffic. For SSL requests to www though, the redirect will fail. The reason is that, to create the connection to your server and get the redirection in the first place, a proper SSL handshake must occur first. Until the SSL is working, the redirect will only work for non-SSL requests to www.mysite.com

4. I already have CNAME record for www.mysite.com to go to mysite.com

I was incorrect and mis-spoke above. You should *not* use a CNAME for the www to non-www redirection. A CNAME is just like setting up a shortcut on your desktop. The URL will still show the site as www.mysite.com, but the underlying mysite.com will be shown. CNAMEs are good for things like RSS links and CDNs. For example:
feeds.sourcecoast.com/sourcecoast-blog - This is really an alias to Feedgator. If you go there, the URL will show our feeds.sourcecoast.com domain, but the actual content is coming directly from Feedgator.

5. Do I need both a sub-domain set up for www.mysite.com set up as well as the CNAME record?

See above. You should *only* have a redirect and not a CNAME.

I hope that helps, but keep coming back with any other questions you have!

Thanks,
Alex

Glad to hear we're almost there. Don't worry, you are

Update your .htaccess to:Please note the 2nd to last line and the new %1 in the last line.

That's a modified version of this solution , including what you already had. There's a full explanation of what that middle line with HTTPS is doing, if interested.

If that doesn't work, you should be able to take the bottom 2 lines from that answer directly and it should work. Leave your top line, since it's frankly clearer.

Best wishes,
Alex

Awesome! So glad to hear things are working for you. Should you need anything else, just let us know!

Thanks,
Alex