Set up SSL for subdomain


#1

Hello everyone,

First I have to apologize if I have to ask some basic questions as I am new to the forum and process.

I am setting up a subdomain dev.c-cor.com.au, and install a SSL certificate for it. It is going to be used as testing site.
I used following command to install the certificate and it was successful:
sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d dev.c-cor.com.au

The following certificate files are generated:
[ec2-user@letsencrypt]$ sudo ls live/dev.c-cor.com.au/
cert.pem chain.pem fullchain.pem privkey.pem README

The public DNS for dev.c-cor.com.au is pointing to AWS IP address.

Following is my ssl.conf at /etc/httpd/conf.d

ServerName dev.c-cor.com.au

DocumentRoot /var/www/html

<Directory /var/www/html>
AllowOverride All

RewriteEngine on
RewriteCond %{SERVER_NAME} =dev.c-cor.com.au
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/dev.c-cor.com.au/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dev.c-cor.com.au/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/dev.c-cor.com.au/fullchain.pem
Include /etc/letsencrypt/options-ssl-apache.conf

In Wordpress config file in html folder there are following listed
define(‘WP_SITEURL’,‘https://Site IP Address’);
define(‘WP_HOME’,‘https://Site IP Address’);
define(‘WP_CACHE’, true);

However, when I am testing to access https://dev.c-cor.com.au, I get a response The page isn’t working.
When I am trying to access https://IPAddress directly it going to a unsecured page.

What was missed here?

Thank you very much in advance.
Steve


#2

Hi @swang-ccor,

The trouble with your site at the moment is that the HTTP version of your site redirects to the HTTPS version (which is good), but the HTTPS version also redirects to the HTTPS version, causing a redirection loop!

The RewriteRule in question does not belong in the HTTPS virtualhost configuration; it only belongs in the HTTP virtualhost configuration (since you only need to rewrite URLs to HTTPS versions when they’re not already HTTPS versions). If you delete those three lines and reload your Apache configuration, you might be able to eliminate the problem.


#3

Hi Schoen,

Thanks for your prompt reply.

By getting rid of the redirect three lines, the page is forwarded to the IP address. Thanks for that.

However on the URL address bar, it still displays insecure. That means SSL is not installed properly?

image

Steve


#4

A certificate covers a particular set of domain names, and in this case your IP address is not one of them. Since many different domain names could point to the IP address, the certificate’s validity depends on what name you’re using to access the site. It’s not that the certificate confirms that the site is inherently “secure”, but rather that it’s using an encryption key that belongs to or was known to be used on behalf of someone who controls particular domain names.

So, you should forward not to the IP address but instead to your domain name. This is presumably due to your WordPress defines that you mentioned above: the correct form would be using your domain name and not your site IP address.


#5

Hi Schoen,

Appreciate your comments.
I have updated the wordpress wp-config.php and define the site URL and home URL to the subdomain instead of the IP address.
It does fix the issue.

Best regards,
Steve


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.