Let's Encrypt on apache2 wordpress site configuration problem


#1

Hi i installed wordpress on an ip of my server and then i created a dns zone for my domain wzion.club and connected my domain to ip address , working reguler on http connection. i installed Let’s Encrypt. First time i had errors ( there is no vhost for wzion.club ) , anyway certificate installed successfully but did not help to connect via https. so i created a vhost for wzion.club , when i enable that vhost , my wordpress site vanishes and i just have an error page. so i disable the vhost. and installed Let’s Encrypt again , i had no errors, but still can’t connect via https , can i have help about this please ?


#2

Hi,

It looks as if you are serving http rather than https on port 443 - hence the errors.

What operating system / server are you on ? can you paste the apache configs for the domain somewhere ( pastebin.com) ?


#3

Hi thank you for your response i m on Ubuntu 16.4 LTS , this is the vhost config file for domain :

<VirtualHost *:80>

Admin email, Server Name (domain name), and any aliases

ServerAdmin vyalcinkaya@msn.com
ServerName wzion.club
ServerAlias www.wzion.club

Index file and Document Root (where the public files are located)

DirectoryIndex index.html index.php
DocumentRoot /var/www/html/wzion.club/public_html

Log file locations

LogLevel warn
ErrorLog /var/www/html/wzion.club/log/error.log
CustomLog /var/www/html/wzion.club/log/access.log combined

and this is the situation of apache2 server :

VirtualHost configuration:
ServerRoot: "/etc/apache2"
Main DocumentRoot: “/var/www/html"
Main ErrorLog: “/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir=”/var/lock/apache2” mechanism=fcntl
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

any idea ?


#5

That looks to be the portion with the http in it ( i.e. listening on port 80 - VirtualHost *:80 )

Is there a section / file which refers to port 443 ?


#6

No there was not but i added one and restart apache2 , it did not help . after that i replaced 80 with 443 but it did not help too. i have this error on https page

An error occurred during a connection to wzion.club. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

#7

That error is because you are using http not https on port 443

Are you using a control panel or similar on the server ? or manually changing the apache configs ?

Also, what certbot command did you use to obtain a certificate ?


#8

i am using putty to edit files manually , and used
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
commands and parts.
and enable ssl for apache2


#9

How?

By the way, if you just have a HTTP virtualhost, you can use the apache plugin of certbot to let certbot manage everything, including generating the HTTPS virtualhost.

Or is there a specific reason for using the standalone/certonly modes?

See https://certbot.eff.org/docs/using.html for how to use certbot.

Also, it seems you’re using some kind of very old guide, as cloning the entire letsencrypt repository just for the certbot-auto program (the name letsencrypt for the client has been changed to certbot for AGES now…) is very unnecessary. See https://certbot.eff.org/ for a basic guide on how to install certbot.


#10

well thank you for your info . actually i did those too. my situation is a little different and about running wordpress on an ip and using a disabled vhost … domain -site - vhost all seperated and i really donno how to configure all


#11

@wzion

a2enmod rewrite
a2enmod ssl
service apache2 restart

   <VirtualHost *:80>
       ServerName wzion.club
       ServerAlias www.wzion.club
       DocumentRoot  /var/www/html/wzion.club/public_html
       RewriteEngine on
       RewriteCond %{SERVER_PORT} !^443$
       RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

    <Directory /var/www/html/wzion.club/public_html>
            Options  FollowSymLinks MultiViews
            AllowOverride All
           Require all granted
    </Directory>
    
       ErrorLog /var/www/html/wzion.club/log/error.log
      LogLevel warn
   </VirtualHost>

 <VirtualHost *:443>
        ServerName wzion.club
        ServerAlias www.wzion.club 

       DocumentRoot  /var/www/html/wzion.club/public_html
      SSLEngine on
      SSLCertificateFile /etc/letsencrypt/live/wzion.club/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/wzion.club/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/wzion.club/fullchain.pem
    <Directory  /var/www/html/wzion.club/public_html>
            Options  FollowSymLinks MultiViews
            AllowOverride All
           Require all granted
    </Directory>
    
    ErrorLog /var/www/html/wzion.club/log/error.log
    LogLevel warn
 </VirtualHost>

use this config . If you have properly generated SSL certs this config will work .

As You said wordpress , please check database
wp_options table --> siteurl and home
or if you are using any redirection plugin , please check its config


#12

Why use mod_rewrite for such a simple redirect thing? Checking for port !443 is kinda redundant, as you’re in the port 80 virtualhost :crazy_face:


#13

RewriteCond %{HTTPS} off

and

RewriteCond %{SERVER_PORT} !^443$

does the same job .instead of .htaccess i have added here.Not an issue


#14

@gotham Using .htaccess or not is irrelevant: the use of mod_rewrite is probably unnecessary. There’s absolutely no need to check for HTTPS or not in the <VirtualHost *:80> section.

Using the Redirect directive saves a lot of CPU cycles. mod_rewrite is a powerful module, but also very costly CPU-wise. I would recommend not using it unless absolutely necessary. And in this case, I don’t see why mod_rewrite should be used.


#15

i tried all including installing certificate again. during installation i have the error -no vhost exist for domain name- but i still can get the certificate. i guess the only way is enable that vhost and install wordpress for that domain. there is not a solution for this statement , actually there should be, certificate is in the server and domain is working on http , so i could point that certificate to domain but could not


#16

Hi gotham , Well i activated the vhost with your configuration , its redirecting to https and has the certificate , it works but on the page i have the error

Not Found

The requested URL / was not found on this server.
Apache/2.4.18 (Ubuntu) Server at wzion.club Port 443

and its not possible to reach site with http , maybe something missing ?


#17

Okay thanks everyone for help and patience … i used gothams configuration , started vhost … erased wordpress on ip , and installed for domain , so it works. its enough for me. but if we could solve the issue for the wordpress on ip and a domain or domains on dns zone…


#18

The purpose of this Rewrite rule is redirecting all http to https connection . so you wont get http connections. if you need both http and https connection . remove this block and reload apache.


#19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.