Apache can't find/stat WordPress scripts after certificate renewal


#1

Running on Ubuntu 14.04 with Apache on an AWS EC2 server.
I recently renewed my LetsEncrypt certificate for my bootstrap-it.com site. The big change with the renewal was that Let’s Encrypt automatically saved my certificates into /etc/letsencrypt/live/ rather than the /home/… directory I’d kept them in until then. So I updated Apache’s /etc/apache2/sites-available/default-ssl.conf to point to the new certs.
Everything seemed to go well. But now I just noticed that I’m getting all kinds of apache errors like this:
[:error] [pid 4963] [client 185.129.148.190:8665] script ‘/var/www/html/wp-main.php’ not found or unable to stat
[:error] [pid 4400] [client 185.129.148.190:17236] script ‘/var/www/html/sqlibak.php’ not found or unable to stat
[:error] [pid 5470] [client 185.129.148.190:18207] script ‘/var/www/html/functions.php’ not found or unable to stat
Those files are all either in /var/www/html/bootstrapit/blog or /var/www/html/bootstrapit/blog/wp-includes…Apache is obviously looking in the wrong place. How do I correct that?
One more thing, when I try to load a WordPress blog post in my browser, inline images don’t load, and I get this error:
Mixed Content: The page at ‘https://bootstrap-it.com/blog/index.php/2016/10/26/linux-inodes/’ was loaded over HTTPS, but requested an insecure image ‘http://bootstrap-it.com/blog/wp-content/uploads/linux-inode.png’. This content should also be served over HTTPS.
https://www.bootstrap-it.com/blog/wp-content/uploads/linux-inode.png Failed to load resource: net::ERR_INSECURE_RESPONSE

Any ideas?
Thanks!


#2

You have various issues here, the bulk seem to be just standard config ones, and nothing to do with the Let’s Encrypt certificate.

With the certificate, I did notice when visiting your domain, it’s only valid for bootstrap-it.com and not www.bootstrap-it.com so any visitors to www.bootstrap-it.com get an invalid certificate error.

The main “script ‘/var/www/html/sqlibak.php’ not found” errors are due to an incorrect setting in your WP config.

The “Mixed Content” error is because you are trying to include images with http specified. You should either specify https or not specify either so that it defaults to the current method.

The “net::ERR_INSECURE_RESPONSE” is back to my first point, the certificate is not valid for www.bootstrap-it.com


#3

I actually have a redirect for www traffic, so that’s not a practical problem.

Darn. I was hoping I could blame that one on Let’s Encrypt. :slight_smile:

That’s very helpful. Thanks.

Is this something I should worry about even if my redirect is working properly?
I appreciate your help. Thanks so much!


#4

In a way it is a problem :wink: so yes, you do need to do something about it really. If someone tries to go to www.bootstrap-it.com they will get a certificate error - prior to getting the redirect ( why should the accept a redirect from something that’s saying it’s not correct … )


#5

I just tried accessing www from different (cache-free) browser and see what you mean now…


#6

For anyone who might be interested, it turns out that the WordPress problem was related to the certificate (although perhaps not to the cert renewal): for some reason, the HTTP in “WordPress Address (URL)” in WP General Settings hadn’t been updated to HTTPS.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.