I have spent countless hours trying to migrate my wordpress website to a new server (VPS) but while this is not a big deal under http, I find it an extremely laborious and error prone process with Let’s Encrypt. I am probably missing something so I would like to ask what I’m doing wrong or misunderstanding.
Here is my story.
To start with, both the old and the new server use NGINX as their webserver. Let’s say my site is at mydomain.com as well as www.mydomain.com on the old server. Since I wasn’t sure how long the migration would take me and whether it would work fine, I created a new subdomain testwp.mydomain.com and pointed it to the new server. The intention was to setup things under that domain and once it’s working, point mydomain.com and www.mydomain.com at the new server.
However, while that works fine without SSL, things get complicated when I want to get a Let’s Encrypt certificate for the new server because I can only do that once the DNS (with the production URI) is actually pointed to it. So last night, I temporarily pointed the DNS to the new server in order to create certificates for mydomain.com and www.mydomain.com (as well as testwp.mydomain.com) on the new server. Once that was done, I pointed the DNS back to the old site so that I could work without time pressure on the new site. For some reason, I was unable to access the new server via https://testwp.mydomain.com so I changed the NGINX configuration back to http (which is a laborious process in itself, if you are new to webservers in general and NGINX in particular).
But once I was able to access http://testwp.mydomain.com (without SSL) again, I managed to migrate the Wordpress site and I was able to use it just fine under that URL.
So the next step was to activate SSL and point the DNS to the new server for good. So I changed the DNS entry and edited the
/etc/nginx/sites-enabled/default so that all http (port 80) requests are forwarded to https (port 443). (Before I made those changes, I made a small edit to my Wordpress front page so that I would be able to see, when https://www.mydomain.com gives me the new website rather than the old.)
Unfortunately, even after an hour, I am still seeing the old website under https://mydomain.com (I might add that the TTL for all my DNS entries is 1h). www.mydomain.com is for inexplicable reasons forwarded to testwp.mydomain.com (the URL in the browser’s address bar changes) and I get an error NET::ERR_CERT_COMMON_NAME_INVALID. In a way, this is not surprising because, as mentioned above, the testwp.mydomain.com certificate never worked (I probably simply forgot to include it in the letsencrypt command the last time I ran it), but I don’t understand why it goes to testwp.mydomain.com when I call www.mydomain.com…
More specifically it tells me
So this kind of lets me hope that once my ISP’s DNS resolves mydomain.com as the new server IP at least https://mydomain.com will work (since the certificate is there), but it is still puzzling why this is taking so long and why www.mydomain.com keeps getting redirected to testwp.mydomain.com. Update: Also mydomain.com now gets redirected to testwp.mydomain.com. Could this be due to a setting in wordpress (I think the site URL in wordpress might still be set to testwp…)
Needless to say that in all that mess, it doesn’t really help that there is a delay between changing the DNS server and your browser actually using the new IP. Plus, as I had to learn, most browsers will not accept to connect with a site via http if they once connected to that same site via https. In order to make them use http again, I had to dig deep into the browser config and make it forget that my domain once used http (
return 301 https://$server_name$request_uri;) but
What I’m mainly wondering about is if there is an easier way of switching back and forth between http and https without having to completely change your
/etc/nginx/sites-enabled/default every time. But any explanations and hints with regard to my above story would be welcome.
BTW: if you are wondering what I did not copy my existing certificates from the old server to the new server, the reason is that I simply don’t know how to do it and trying (as I often do) would have opened yet another can of worms which would have been just too much on top of all the rest.