400 Bad Request after installing LetsEncrypt SSL on WordPress Multisite installation


#1

Hey there,

I am an old lover of Let’s Encrypt and have used it for dozens of projects. So, first of all, thank you for creating this.

Most of my WordPress installations are single site installation. Have successfully installed multisite as well but without Let’s encrypt SSL support.

This question is about the issues I am having with WordPress Multisite installation with Subdomain, domain mapping and Let’s Encrypt SSL installation capabilities on each subdomain and mapped domains.

Everything works perfectly. The only issue I am facing is - Whenever I type domain.com or http://domain.com or http://www.domain.com ( all without HTTPS) it shows:

‘400 Bad Request’ ( The plain HTTP request was sent to HTTPS port)

talled WordPress Multisite with subdomain with fast-CGI like this:

ee site create domain.com --wpsubdom --wpfc

After successful installation, installed domain mapping plugin ( from WPMUDEV), configure it by moving sunrise.php and setting up wp-config.php

In wp-config.php, I write:

define( ‘NOBLOGREDIRECT’, ‘http://www.presspeace.com’ );
define(‘SUNRISE’, ‘on’);

To point my server IP to my primary domain, Added this line to /etc/hosts ( it is needed for proper domain mapping)

43.228.XXX.6 domain.com www.domain.com

After this, I ran:

sudo nginx -s reload

but then I get this error:

unable to resolve host cloudrino

So, to resolve this error, I ran the following command to fix this:

hostname server.domain.com

Uncommented these two lines from etc/nginx/site-available/ as needed for domain mapping:

Uncomment the following line for domain mapping

listen 80 default_server;

server_name presspeace.com   *.presspeace.com;

# Uncomment the following line for domain mapping
server_name_in_redirect off;

Removed “default” configuration from /etc/nginx/sites-enabled

Then:

ee stack restart --all
ee clean --all to clear all types of caching.

As of now, everything was working perfectly well, I was able to create new subdomain sites and then map it to external primary domain. So, Now I can open :slight_smile:
domain.com ( primary site)
sub1.domain.com
sub2.domain.com
mappeddomain1.com
mappedomain2.com

Now, I started configuring Let’s Encrypt Multiste installation.

Since, Let’s Encrypt officially doesn’t support SSL installtions for each subdmains or mapped domain on a multisite. So, the EasyEngine way of Let’s encrypt installation doesn’t work here.

So, based on tutorial written here: https://easyengine.io/tutorials/nginx/letsencrypt/ and http://community.rtcamp.com/t/create-ssl-with-multisite-domain-mapping/7935/9

I installed Let’s encrypt SSl like this:

Ran this command:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Now ran this:

./letsencrypt-auto certonly --webroot -w /var/www/domain.com/htdocs/ -d domain.com -d sub1.domain.com -d mappeddomain1.com -d mappeddomain2.com --email myemail@gmail.com --text --agree-tos

The work was not yet over.

Now, I needed to configure these certificates, based on tutorial: https://easyengine.io/tutorials/nginx/letsencrypt/

I noticed I don’t have any ssl.conf file at /var/www/domain.com/conf/nginx/ssl.conf ( Don’t know why? Do I manually need to create it or have I done any mistake above? )
So, created a new ssl.conf file and added this line here:

listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

I also wanted HTTP to HTTPS redirection , so created force-ssl.conf file at /etc/nginx/conf.d/force-ssl.conf
and add following Nginx config into it:

server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://domain.com$request_uri;
}

and then at last, reloaded Nginx

nginx -t && service nginx reload

Now when I checked my sites, I noticed that the SSL certificates have been installed correctly on all mapped domain, subdomains and primary domain. So, I was able to open:

https://domain.com ( primary site)
https://sub1.domain.com
https://sub2.domain.com
https://mappeddomain1.com
https://mappedomain2.com

But when I simply tried to write these domains/subdomains without HTTPS, it gave this error:

400 Bad Request

The plain HTTP request was sent to HTTPS port

So, the redirection was not working, I read a lot many articles, tutorials… modified ssl.conf and force-ssl.conf based on it. Tried everything, but still not able to avoid this error.

WHAT SHOULD I DO NOW?
WHAT IS MY MISTAKE?
HOW CAN I RESOLVE IT?

Here are my code details for various important file type:

This is /etc/nginx/sites-enabled/domain.com or /etc/nginx/sites-available/domain.com

server {

# Uncomment the following line for domain mapping
listen 80 default_server;

server_name presspeace.com   *.presspeace.com;

# Uncomment the following line for domain mapping
server_name_in_redirect off;

access_log /var/log/nginx/presspeace.com.access.log rt_cache; 
error_log /var/log/nginx/presspeace.com.error.log;


root /var/www/presspeace.com/htdocs;



index index.php index.html index.htm;


include common/wpfc.conf;      
include common/wpcommon.conf;
include common/locations.conf;
include /var/www/presspeace.com/conf/nginx/*.conf;
subs_filter http:// https://;

}

This is /var/www/presspeace.com/conf/nginx/ssl.conf

listen 443 ssl http2;
listen [::]:443 ipv6only=on ssl http2; #add ipv6 support
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

/etc/nginx/conf.d/force-ssl.conf

server { listen 80; listen [::]:80; server_name domain.com *.domain.com; return 301 https://$server_name$request_uri; }

PLEASE HELP.

Thank you.


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.