My web server is (include version): cat /etc/*-release
VERSION="20200429-248"
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
My hosting provider is: aws
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): was unable to get this but I'm using 3 different browsers (Safari, Chrome and Firefox) to access the site.
I first updated SSL cert on new web server given that I had to change to a new one - this did not work so I even revoked SSL cert but this is where I am at the moment. SSL cert seems to be issued correctly for my domain but why is HTTP forwarding in place and so unable to access the site by its domain name?
Thanks @griffin - checked wp-config.php file but there is no mention of IP so I've added two lines and site now returns 200 but it is not showing up in the way I can see on the backend.
# Default Virtual Host configuration.
<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
</IfVersion>
<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
# BEGIN: Support domain renewal when using mod_proxy without Location
<IfModule mod_proxy.c>
ProxyPass /.well-known !
</IfModule>
# END: Support domain renewal when using mod_proxy without Location
# BEGIN: Enable HTTP to HTTPS redirection
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Enable HTTP to HTTPS redirection
# BEGIN: Enable non-www to www redirection
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
# END: Enable non-www to www redirection
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
# BEGIN: Support domain renewal when using mod_proxy within Location
<Location /.well-known>
<IfModule mod_proxy.c>
ProxyPass !
</IfModule>
</Location>
# END: Support domain renewal when using mod_proxy within Location
</VirtualHost>
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/doglikecat.com.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/doglikecat.com.key"
#SSLCertificateFile "/opt/bitnami/apache2/conf/doglikecat.com.crt"
#SSLCertificateKeyFile "/opt/bitnami/apache2/conf/doglikecat.com.key"
# BEGIN: Support domain renewal when using mod_proxy without Location
<IfModule mod_proxy.c>
ProxyPass /.well-known !
</IfModule>
# END: Support domain renewal when using mod_proxy without Location
# BEGIN: Enable non-www to www redirection
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
# END: Enable non-www to www redirection
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
# BEGIN: Support domain renewal when using mod_proxy within Location
<Location /.well-known>
<IfModule mod_proxy.c>
ProxyPass !
</IfModule>
</Location>
# END: Support domain renewal when using mod_proxy within Location
</VirtualHost>
# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"
Please note that I added two settings under the admin interface for WP and site is up and running now - little silly thing that I forgot to change when restoring site from a backup.
I'm not sure exactly what you're asking, but we like to be very cautious here when handling Bitnami stacks due to there being more than a few horrible incidents in the past involving severe breakage. They're great when they work, but when they don't work...
It's not that Bitnami's WordPress isn't fine. It's just that Bitnami's stacks tend to be complex to maintain and debug. Many hosting providers offer a standalone WordPress installation without a Bitnami stack.
Thanks @griffin - site is not coming up as full-secured yet - Firefox is saying that part of the page is not secured (and saying that images are one example), Safari does not show the lock as it is displayed on other sites - only Chrome is showing up the lock and saying site is fully secured.
Also - is there more than one SSL cert that has been issued and the need to revoke any? Anything else that needs to be considered so security in all browsers is fully displayed and category of cert to be A?
On the mixed content that I can see it's there from first URL - how can I remove reference to http://wp-content/uploads/2020/09/DSC_7353-scaled.jpg ? Folder and file are no longer there but reference is still there in the backend - where could I remove this from the WP dashboard given that content is already removed in the actual server?
Also - what is the use of the configuration generated via the second URL you provided?
This article has a lot of depth about fixing mixed content in WordPress. Pay special attention to the "Upgrade Insecure Requests" header.
The configuration generator allows you to tweak the cipher suites supported by your Apache. In particular, you need to disable TLS 1.0 and 1.1. For expediency, if you search the Bitnami Community for related advice, you may come across some explicit instructions to guide you in this regard.
