Certs not running & website became a mess

Help
21

Thank you so much for your help.

I did update WordPress site URL to https.

hardcoded to http:// meaning I just need to change all of them to ‘https://’ ?

I also can’t access WP-Admin wordpress.

22

It's quite possible that the wp-admin redirect loop is happening because you are proxying nginx->Apache, and WordPress is not detecting SSL properly.

The usual fix to that is to set x-forwarded-proto header at the nginx proxy:

proxy_set_header X-Forwarded-Proto $scheme;

and then in your Apache configuration, read that header:

SetEnvIf X-Forwarded-Proto "https" HTTPS=on

In the meantime, you can revert the HTTP-to-HTTPS redirect. That will allow you experiment until you get everything working on both versions of the site:

Change the port 80 virtualhost to:

server {
  listen 80;
  server_name yppgi.org www.yppgi.org;
  location / {
    proxy_pass http://192.168.99.101;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection ‘upgrade’;
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl $scheme;
  }
}

Reload nginx, and try open your site in private browsing without HTTPS.

Yes.

23

What the hell, man: do you want this community to split forces to solve the same problem twice?

24

I don’t. I am really sorry for this. I am new to this. I have no clue what was explained. That’s why I asked again.

Sorry for troubling you so much. must be so great to be you. instantly grasp everything and fully understand it.
again, so sorry about this.

25

You are not troubling me, you’re just pissing me off because while I think how to solve your problem you go and split forces.

And don’t worry about instantly grasping everything: behind instantly grasping everything there’s years and months of fighting with the same very things, it’s called experience.

26

Okay. I am sorry.

The problem was not explained properly by me because I have no idea what was happening.
I also don’t understand what was explained by you. I was a bit impatient and went ahead create another post.

I thought that I didn’t mention the reverse proxy, so it was different topic, hence i created another post.

27

OK, it’s fine.

But now, let’s merge these threads and continue together. @moderators?

28

@MarioYoku please post your config again as I said here: Certs not running & website became a mess

Because it’s either a mess before, or a mess after the forum formats it and I cannot discern the two cases.

29

You have shared the same content two times - difference 2 hours. Your first post had already that information, so there is no need to create a new post.

And times are different, @_az is in Australia, others from Europe. In Australia, it's evening, in Europe, it's morning.

Done, but @moderators doesn't work and isn't required.

1 Like
30

My sincere apologies again.

Now what I need to do is just to fix my theme on wordpress first because it has coded with HTTP, right ?

Only then I can proceed to issuing the letsencrypt ?

31

You can issue a certificate before. We just need to make sure that your certbot can perform the challenge.

Did you try the config @_az gave you? Can you show me what your current nginx config looks like?

32

This is the config:

server {
  listen 443 ssl;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/yppgi.org/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/yppgi.org/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  location / {
    proxy_pass http://192.168.99.101;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl $scheme;
  }
}

server {
  listen 80;
  server_name yppgi.org www.yppgi.org;
  return 301 https://$host$request_uri;
}
33

Ok. right now I can see your website on both www and non-www; it’s just messed up because of mixed content.

Can you take a screenshot of /wp-admin/options-general.php and show me?

34

The Site URL is currently set to http://192.168.99.101.

You probably won’t be able to set it to a SSL URL until you follow my advice regarding x-forwarded-proto, as it will end up in a redirect loop due to the double proxy.

1 Like
35

general wp
general wp1211×187 20.6 KB

36

yes.
I’m having problem how to do that.

37

This was my suggestion to address that problem:

38

Ok, that should not look like this. That’s not even mixed content, that’s trying to load resources from a local network :smiley:

What happens if you put https://yppgi.org in those fields?

in your location / block you can add proxy_set_header X-Forwarded-Proto $scheme; and the apache setting you can probably avoid, it should be smart enough.

39

Problem is i don't know how I configure the apache configuration.
I added the one you suggested at nginx proxy.

40

Ok, and does it work?

You won’t know if it works until you put the actual https address for the site in the wordpress settings.

(by the way, you actually have a certificate for both names and you’re currently using it.)