Non https redirects to old domain, after domain change

wtzr · November 30, 2020, 2:21pm

I'm in the dark on this one.

We changed our domain names from pelvicpaintest.com to pelvic.pro. I've revoked and deleted the old certificate for pelvicpaintest.com and created a new one for www.pelvic.pro and pelvic.pro.

If I now go to pelvic.pro it redirects to the old domain pelvicpaintest.com. However, if I go directly go to https://pelvic.pro it works.

I'm not sure where the redirect is set, and how I can remove it.

Thanks!

My domain is:
Pelvic.pro

I ran this command:
sudo certbot certonly

It produced this output:
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): www.pelvic.pro,pelvic.pro
Obtaining a new certificate

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.pelvic.pro/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.pelvic.pro/privkey.pem
Your cert will expire on 2021-02-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

My web server is (include version):
Ubuntu

The operating system my web server runs on is (include version):
Wordpress

My hosting provider, if applicable, is:
Digital ocean

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

JuergenAuer · November 30, 2020, 2:27pm

Hi @wtzr

there is a wrong redirect. So remove it - see https://check-your-website.server-daten.de/?q=pelvic.pro

Domainname	Http-Status	redirect	Sec.	G
• http://pelvic.pro/ 167.172.33.81	301	https://pelvicpaintest.com/ Html is minified: 100,00 %	0.033	E

• http://www.pelvic.pro/ 167.172.33.81	301	https://pelvicpaintest.com/ Html is minified: 100,00 %	0.030	E

• https://pelvic.pro/ 167.172.33.81	301	https://www.pelvic.pro/	2.610	B

• https://pelvicpaintest.com/	301	https://www.pelvic.pro/	2.503	N
Certificate error: RemoteCertificateNameMismatch

• https://www.pelvic.pro/ 167.172.33.81 GZip used - 9160 / 42186 - 78,29 % Inline-JavaScript (∑/total): 26/7769 Inline-CSS (∑/total): 1/283	200	Html is minified: 142,65 %	2.640	I

Yep, wrong redirects.

First step: What says

apachectl -S

PS: That's not a certificate problem, that's only a wrong redirect.

wtzr · November 30, 2020, 2:35pm

Hi Juergen,

Thanks for your help. I already wondered whether it would be a redirect or ssl problem. However, i don't have a clue how to solve it.

apachectl -S:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 pelvicpaintest.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 pelvicpaintest.com (/etc/apache2/sites-enabled/000-default.conf:4)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

I guess here is indeed the problem, do i need to change those to pelvic.pro?

JuergenAuer · November 30, 2020, 2:41pm

???

Why isn't there a vHost with your new domain name?

Please change that. Then you will find the wrong redirect.

wtzr · November 30, 2020, 3:09pm

Hi Juergen,

I tried to follow some tutorials on that. I'm sorry but this is all new to me. I currently have the following setup, but i guess that is also not the right one.

How do I create a new vhost for the domain name correctly?

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 pelvic.pro (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server pelvic.pro (/etc/apache2/sites-enabled/000-default.conf:4)
port 80 namevhost pelvic.pro (/etc/apache2/sites-enabled/000-default.conf:4)
alias www.pelvic.pro
port 80 namevhost pelvic.pro (/etc/apache2/sites-enabled/pelvic.pro.conf:4)
alias www.pelvic.pro
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

wtzr · November 30, 2020, 3:23pm

Nevermind, i found the problem. I noticed the little redirect area in the virtualhost which was still pelvicpaintest.com.. it works now. Thanks for your help.

JuergenAuer · November 30, 2020, 3:26pm

Not required, you have already found the solution - renaming is enough.

Now the output looks ok.

apachectl -S

is a very helpful command.

Osiris · November 30, 2020, 3:40pm

Not really, there are now two HTTP vhosts in two separate files: pelvic.pro.conf as wel as 000-default.conf.

This might lead to issues in future renewals.

Also, I don't see a www.pelvic.pro alias in the HTTPS vhost.

wtzr · November 30, 2020, 3:57pm

Does this look better?

VirtualHost configuration:
*:443 pelvic.pro (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 pelvic.pro (/etc/apache2/sites-enabled/000-default.conf:4)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Osiris · November 30, 2020, 4:06pm

In essence, yes. The double vhosts are gone, which is good. But now your www subdomain aliases are gone entirely too? I would suggest adding them back in both vhosts.

system · December 30, 2020, 4:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.