Payable work for wildcard SSL deploy


#1

Hello All,

I am looking for someone to deploy SSL with wildcard for our wordpress multisites.

I asked someone installed SSL before let’s encrypt wildcard release, and any fresh created subsite still under Non secured. also, he is not reachable now, so I post here for this work.

Basically, I need change SSL to wildcard configuration with cert auto renewal by scripts, by this way, I hope any subsite fresh created in the future will be auto secured with SSL.

If you are capable to do this work, please leave a message, or write to me: alexlii at yahoo dot com, let me know how long you need complete this work and how much I should pay you per hour.

Here are some record of donation to other authors:

and you can check the conversion between them:


https://wordpress.org/support/topic/donation-sent-please-check/

BTW, here is our environment:

HHVM+ nginx/1.10.0+redis+PHP5.6.33-0+deb8u1

I can pay by Paybal.

thanks.

Alex


#2

I watched acme.sh project on github for two weeks, and I found it is alway updated everyday.:slight_smile:
Our server is on Aliyun, and it support:

Also, I find “How to use DNS API”

and it seems not complicated to implement it:
http://prntscr.com/jb6q28

it need Aliyun DNS Api, and I already register a subsidiary account for access DNS api permission:

and I can create API access Key and secret.

if you are available, I think I am ready to implement, and here is some background of our server in case that you are available to help to implement.

1.# A Senior engineer deployed SSL for me before, unfortunately, he got ill and already in hospital for a lot time, and I have wait him for more than 40days. and here are SSL related files:

/etc/nginx/conf.d/force-ssl-mysite.com.conf

/etc/nginx/conf.d/force-ssl-shop.mysite.com.conf

/etc/nginx/sites-available/mysite.com

/var/www/mysite.com/conf/nginx/ssl

/var/www/mysite.com/conf/nginx/ssl.con

  1. mysite.com is the root domain of our wordpress multisite, and www.mysite.com is actually a subsite.
    For security consideration, I completely hide our root site by redirect all of access to the subsite with domain of www.mysite.com.

For now, I am not sure the reason why only the cert of our root site is valid and all of the certs for subsites are expired and not renewed automatically since last week.

3.I would like to have your professional comments upon a strange issue:
Before SSLl deployed, there is a video on our site, it works well with all of browser.
After SSL deployed, it only works well with Chrome and Firefox, but, it does not play in Safari.
and just show:

Blockquote
Media error: Format(s) not supported or source(s) not found
Blockquote

I am quite sure this issue is not because of video format, before these samples videos were downloaded from a professional media development site.

After search, I found it might be a quite old issue with Safari, and it related Intermediate Certificate, and here is some discuss on APPLE office sites:https://discussions.apple.com/thread/3026341

and here are some others:



Do you think the video issue can be resolved after Wildcard SSl deployment?

Thanks a lot, and looking for your reply.

Have a nice day.

Alex


#3

Hi Alex,

It would be really helpful to see the domain names that exhibit some of these behaviors because we might be able to understand directly what the reason for the error is.


#4

@schoenThanks

Here are some of our domain.

lovcour.com
www.lovcour.com
SSL now work with these two domain.

FYI, we redirect all of access to lovcour.com at frontend to www.lovcour.com, and www.lovcour.com is actually a subsite

But ssl on all other sub domains are expired:

shop.lovcour.com
forum.lovcour.com
support.lovcour.com

Clearly, here is a screenshot of our domain at backend:

Also, you there is small video with 1 second animation at www.lovcour.com.

You will find it play in both Chrome and Firefox, but it does not play in Safari.

I am glad to have your suggestion, thanks.

Alex


#5

Hello @schoen,

I did setup wildcard cert on our sites, and please have a check http://www.lovcour.com

but the video issue is still there, and I check these information:

https://www.sslshopper.com/ssl-checker.html#hostname=www.lovcour.com

both of them ask for a Intermediate Certificate

how should I setup that Intermediate Certificate please?

Thanks for professional instruction.

Alex


#6

Hi @Alexlii,

In the nginx conf for your domain, in the ssl_certificate directive you must use fullchain.pem instead of cert.pem.

Edit: after the change you would need to reload or restart nginx.

Cheers,
sahsanu


#7

Hi @sahsanu

Where is the fullchain.pem, or how can i get it please?

Alex


#8

You should have it in the same place you have the cert.pem file.


#9

Hi @sahsanu

Sorry, I am completely confused, is it possible to share a screenshot of what you mean please?

Alex


#10

In one or several of these conf files, you should have defined a nginx directive:

The directive is ssl_certificate and it should point to your cert.pem file.

ssl_certificate /path/to/cert.pem;

You need to replace cert.pem by fullchain.pem.

ssl_certificate /path/to/fullchain.pem;

Obviously /path/to/ will differ in your conf.

Cheers,
sahsanu


#11

@sahsanu

Thanks, I am using https://github.com/Neilpang/acme.sh

will the fullchain.pem will be automatically renewed by scripts?

Alex


#12

Did you do this step?

If so, then the fullchain.pem is whatever filename you supplied as the --fullchain-file option and it should be automatically renewed.


How to make SSL compatible with Video play in Safari
#13

Yes, it is generated automatically. But did you change it already?


#14

not yet, I am not sure how to do it…


#15

@Alexlii, the first thing is to know where is the conf file for your site.

Execute this command as root or using sudo:

grep -ri ssl_certificate /etc/nginx/*

And after that, lets see where are your certs and what are their names, execute the command as root or with sudo too:

ls -l /root/.acme.sh/*lovcour.com


#16

Hi @sahsanu,

I am not capable of doing that, and I will ask someone for help.

Alex


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.