301 Redirect on Wordpress Multisite

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: discounthockeyequipment.com (Main Site) hockeytapesource.com, thehockeydoctor.ca, hockeyskaterunners.com, hockeytapewarehouse.com, ringettewarehouse.com, hockeyrunners.com (subsites)

I ran this command: certbot -d discountedhockeyequipment.com -d hockeytapesource.com -d hockeyskaterunners.com -d hockeytapewarehouse.com -d thehockeydoctor.ca -d ringettewarehouse.com -d hockeyrunners.com

It produced this output:

#############

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/discountedhockeyequipment.com-0002.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.


Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Failed redirect for discountedhockeyequipment.com
Unable to set enhancement redirect for discountedhockeyequipment.com
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

IMPORTANT NOTES:

  • We were unable to set up enhancement redirect for your server,
    however, we successfully installed your certificate.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/discountedhockeyequipment.com-0002/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/discountedhockeyequipment.com-0002/privkey.pem
    Your cert will expire on 2022-04-04. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew all of
    your certificates, run "certbot renew"
    root@wordpress-ubuntu-s-1vcpu-1gb-tor1-01:~#

##############################

My web server is (include version): apache

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

I was able to install certificates on all domains. They work well, except, in the case where someone just types in the URL (ie: thehockeydoctor.ca) or doesn't use https:// ... When that happens, it redirects to discountedhockeyequipment.com (the main site).... There seems to be a 301 redirect somewhere... But I can't figure out where...

During the certbot install, I've tried choosing both redirect sn No redirect... when I choose redirect I get the following error

Failed redirect for discountedhockeyequipment.com
Unable to set enhancement redirect for discountedhockeyequipment.com

I feel like this might be a simple thing, but I can't for the life of me figure out where the redirect is coming from... I don't see anything in the Htaccess file...

Hi @ceps00 and welcome to the LE community forum :slight_smile:

Reissuing and reinstalling certificates isn't going to correct that problem.
It will only waste time and resources.
So please don't do that anymore.

Let's start unraveling this mystery with the outputs of:
certbot certificates
apachectl -t -D DUMP_VHOSTS

2 Likes

Thanks for the help, I truly appreciate it. I'm not very experienced with this kind of stuff.

certbot certificates
Found the following certs:
Certificate Name: discountedhockeyequipment.com-0001
Domains: discountedhockeyequipment.com hockeyrepair.ca hockeyrunners.com hockeyskaterunners.com hockeytapesource.com hockeytapewarehouse.com ringettewarehouse.com thehockeydoctor.ca
Expiry Date: 2022-04-01 18:16:12+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/discountedhockeyequipment.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/discountedhockeyequipment.com-0001/privkey.pem
Certificate Name: discountedhockeyequipment.com-0002
Domains: discountedhockeyequipment.com hockeyrunners.com hockeyskaterunners.com hockeytapesource.com hockeytapewarehouse.com ringettewarehouse.com thehockeydoctor.ca
Expiry Date: 2022-04-04 16:01:44+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/discountedhockeyequipment.com-0002/fullchain.pem
Private Key Path: /etc/letsencrypt/live/discountedhockeyequipment.com-0002/privkey.pem
Certificate Name: discountedhockeyequipment.com
Domains: discountedhockeyequipment.com www.discountedhockeyequipment.com
Expiry Date: 2022-02-23 22:10:43+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/discountedhockeyequipment.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/discountedhockeyequipment.com/privkey.pem
###########

apachectl -t -D DUMP_VHOSTS

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default.conf:4)
root@wordpress-ubuntu-s-1vcpu-1gb-tor1-01:~# AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

VirtualHost configuration:
*:443 discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default.conf:4)
root@wordpress-ubuntu-s-1vcpu-1gb-tor1-01:~#

The first cert has all of the names in the second cert.
And the third cert only adds the "www" to the list.

Certificate Name: discountedhockeyequipment.com-0001
Domains: 
 discountedhockeyequipment.com 
 hockeyrepair.ca 
 hockeyrunners.com 
 hockeyskaterunners.com 
 hockeytapesource.com 
 hockeytapewarehouse.com 
 ringettewarehouse.com 
 thehockeydoctor.ca

Certificate Name: discountedhockeyequipment.com-0002
Domains: 
 discountedhockeyequipment.com 
 hockeyrunners.com 
 hockeyskaterunners.com 
 hockeytapesource.com 
 hockeytapewarehouse.com 
 ringettewarehouse.com 
 thehockeydoctor.ca

Certificate Name: discountedhockeyequipment.com
Domains: 
 discountedhockeyequipment.com 
 www.discountedhockeyequipment.com
1 Like

But I fail to see individualized vhost configs for all those names.
Only two files are shown to be active:

*:443 discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80  discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default.conf:4)

Let's start by reviewing both of those files.

1 Like

I don't see the exact file names you mentioned (000-default-le-ssl.conf:2 / 000-default.conf:4)... but they are there without the ":2" & ":4"

#####000-default-le-ssl.conf######

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        
        ServerName discountedhockeyequipment.com
        ServerAlias www.discountedhockeyequipment.com
        
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias hockeytapesource.com
ServerAlias hockeyskaterunners.com
ServerAlias hockeytapewarehouse.com
ServerAlias thehockeydoctor.ca
ServerAlias ringettewarehouse.com
ServerAlias hockeyrunners.com
ServerAlias hockeyrepair.ca
SSLCertificateFile /etc/letsencrypt/live/discountedhockeyequipment.com-0002/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/discountedhockeyequipment.com-0002/privkey.pem
</VirtualHost>
</IfModule>

###### 000-default.conf ######

# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        
        ServerName discountedhockeyequipment.com
        ServerAlias www.discountedhockeyequipment.com
        
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.discountedhockeyequipment.com [OR]
RewriteCond %{SERVER_NAME} =discountedhockeyequipment.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

The HTTP (*:80) file will only redirect for two names.
[it should redirect for all the names]

The HTTPS (*:443) file is using the 0002 cert [which lacks some of the names].
[you should issue a cert with all the names on it]

There is no cert that contains all the names.
[you have three certs, only need one, but none can do the job you require]

Check the document root folder to see if there is an ".htaccess" file with redirection.
[/var/www/html]

2 Likes

@ceps00 Your previous Dump_VHosts does not match what we see in the config files you show. Names are missing and they are not identified as NamedVirtualHosts. Can you restart Apache (not just reload) and show output from both of these:

apachectl restart
apachectl -t -D DUMP_VHOSTS

Info: The ":2" and ":4" with the file names earlier are just the line number of the VirtualHost statement.

1 Like

So, Should I just delete the multiple certs and redo it?

And if so... How do I do that?

apachectl restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
root@wordpress-ubuntu-s-1vcpu-1gb-tor1-01:~#

apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 discountedhockeyequipment.com (/etc/apache2/sites-enabled/000-default.conf:4)
root@wordpress-ubuntu-s-1vcpu-1gb-tor1-01:~#

Htaccess file

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

Should I use "certbot delete", delete all 3 and then start from scratch? I have a few new domains I'd like to add anyway... I just don't want to make matters worse.

It's usually better to work in the other direction.
First get the cert you need (with the names you need on it) and THEN delete the certs you don't need.

2 Likes

Thanks... I guess I'm a little confused. Should I do a cert for each domain or all of them under one ? A while back I did a certificate for each domain and it didn't seem to work, then I found an article that said I should do all the domains at the same time using a command like "certbot -d discountedhockeyequipment.com -d hockeytapesource.com -d hockeyskaterunners.com -d hockeytapewarehouse.com -d thehockeydoctor.ca -d ringettewarehouse.com -d hockeyrunners.com"

Either way, I deleted all 3 certs and recreated 1.. but the redirect is still happening. Is it possible there is a redirect somewhere I'm missing? I'm not sure where to look ... It isn't in the htaccess file from what i can see.

1 Like

To be 100% certain: Try disabling the .htaccess file (just rename it to something else).

2 Likes

Yeah... No Difference. Still redirects

It redirects because you use SERVER_NAME. You should use HTTP_HOST

You have many domain names mapping to the same IP in DNS. That's fine. But, you only have one VirtualHost for http (port 80) and the Dump_VHost shows only one name.

So, when requests to the other domain names get sent to Apache it uses the DEFAULT VHost which is discountedhockeyequipment.com. That is the name of the SERVER_NAME when the HTTP_HOST is, say, thehockeydoctor.ca.

Thus, the RewriteCond will always be true and redirect.

The basic problem is you do not have any VHosts for the other domain names. They all fall into the default server.

2 Likes

Not sure I understand totally, but do you mean to add another vhost file for each domain ie: thehockeydoctor.ca.conf and then have below in it

Added to mitigate CVE-2017-8295 vulnerability

UseCanonicalName On

<VirtualHost *:80>
ServerAdmin webmaster@localhost

    ServerName discountedhockeyequipment.com
    ServerAlias www.discountedhockeyequipment.com
    
    DocumentRoot /var/www/html

    <Directory /var/www/html/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{HTTP_HOST} =www.thehockeydoctor.ca [OR]
RewriteCond %{HTTP_HOST} =thehockeydoctor.ca
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]

I meant to change SERVER_NAME in above lines to HTTP_HOST. You changed that and the domain names.

I thought your concern was that requests to your other domains like hockeydoctor.ca were getting redirected to discountedhockeyequipment. My suggestion would fix that.

2 Likes

I thought that's what you mean... I tried that first, but to no avail... I then tried what i pasted...

This is what I have now:
RewriteEngine on
RewriteCond %{HTTP_HOST} =www.discountedhockeyequipment.com [OR]
RewriteCond %{HTTP_HOST} =discountedhockeyequipment.com
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]