Site Worked Fine But No Longer Loading After LetsEncrypt Certbot Install on Ubuntu 18.04


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://example.com

I ran this command: certbot --apache -d example.com -d www.example.com

It produced this output:
Which names would you like to activate HTTPS for?


1: example.com

2: www.example.com


Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel):

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for example.com

http-01 challenge for www.example.com

Waiting for verification…

Cleaning up challenges

Created an SSL vhost at /etc/apache2/sites-enabled/000-default-le-ssl.conf

Enabled Apache socache_shmcb module

Enabled Apache ssl module

Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you’re confident your site works on HTTPS. You can undo this

change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-enabled/000-default-le-ssl.conf


Congratulations! You have successfully enabled https://pledgy.org and

https://www.example.com

You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze.html?d=example.com

https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No (I’m using SSH in Terminal)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0


#2

Here is my ufw status:

sudo ufw status
Status: active

To Action From


22/tcp LIMIT Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)


#3

You need to update your WordPress site URL - https://codex.wordpress.org/Changing_The_Site_URL .

At the moment it’s https://159.89.134.93 which won’t work.


#4

Problem is I can’t even get to the admin dashboard as site won’t load so I have this in my wp-config.php file now but it still won’t work.

//Use HTTPS for Wordpress
define( ‘WP_HOME’, ‘https://example.org’ );
define( ‘WP_SITEURL’, ‘https://example.org’ );
define( ‘FORCE_SSL_ADMIN’, true);


#5

There’s still some references to your bare IP address in the source code of your site:

e.g.

<link rel='stylesheet' id='twentynineteen-style-css'  href='https://159.89.134.93/wp-content/themes/twentynineteen/style.css?ver=1.2' type='text/css' media='all' />

You’ll have to identify where that reference is coming from and fix it. Maybe you hardcoded it into your theme, maybe a caching plugin, maybe it’s in your database.

The wp-cli tool at the bottom of the page I linked can be handy for that purpose.


#6

That’s odd because this is a brand new fresh install using the one-click install on digital ocean. I have never had this issue before and have deployed probably 5 sites recently. So strange.


#7

How are you getting to the source code? I can’t get the site to load in any browser.


#8

Just “View Source” in the browser. Loads okay for me, just the stylesheets and scripts are missing.


#9

I’m just seeing the parked domain page. Do you see a wordpress “holly dolly” page or the parked page? Must be an cache issue with my ISP.


#10

Do you mean “Hello World”? I do see that WordPress page, not any domain parking page.

Yeah, I think your stale caching explanation is probably correct. But even when that problem is gone, you’ll still need to fix up your WordPress URLs.


#11

I got the site to load fine on cellular LTE but the site would not load on WiFi no matter what I tried. Looks like it was something outside of Certbot (sorry) that messed me up. Everything was working fine on the web side but my DNS settings for my WiFi connection kept caching the wrong website or name servers and kept hanging me out. I thought my isp was clocking the port or IP, but that wasn’t it. I changed my DNS settings to googles free dns 8.8.8.8 and 8.8.4.4 and see enough, the site loads perfectly fine now over WiFi. On my iPhone I just went to settings > WiFi and clicked on the “i” info icon next to my WiFi connection > configure DNS > manual and put in the google dns. Hope this helps someone in the future.


#12

Hi @ehong

happy to read that you can load your site now. But I see only a raw site, without stylesheets.

There are three wrong urls:

link
	stylesheet
	https://159.89.134.93/wp-content/themes/twentynineteen/print.css?ver=1.2
	-9
	TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
	1
	no SSL

link
	stylesheet
	https://159.89.134.93/wp-content/themes/twentynineteen/style.css?ver=1.2
	-9
	TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
	1
	no SSL

script
	
	https://159.89.134.93/wp-includes/js/wp-embed.min.js?ver=5.1
	-9
	TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
	1
	no SSL

It’s your ip address, but your correct certificate

CN=pledgy.org
	03.03.2019
	01.06.2019
expires in 90 days	pledgy.org, www.pledgy.org - 2 entries

doesn’t work with ip addresses.

Perhaps your browser shows a cached entry so you don’t see that.


#13

Thank you for pointing this out JuergenAuer. I’m now seeing the unstyled site on my side too but can’t figure out why it’s doing this. I have never had this issue with wordpress install after about 100 sites. Very strange and I did one-click install in Digital Ocean for this. Any suggestions why this might have IP address linked for these files?

Also, does certbot expire after only 90 days? I thought it was 365 days. Any way to extend it so I don’t have to renew every 90 days?

Thank you.


#14

I don’t know why you have these links.

But rechecked your domain with my online tool ( https://check-your-website.server-daten.de/?q=pledgy.org ) now you have some more wrong links:

A form element, 4 stylesheets, one javascript:

form https://159.89.134.93/ -9 TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 1 no SSL
link stylesheet https://159.89.134.93/wp-content/themes/twentynineteen/print.css?ver=1.2 -9 TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 1 no SSL
link stylesheet https://159.89.134.93/wp-content/themes/twentynineteen/style.css?ver=1.2 -9 TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 1 no SSL
link stylesheet https://159.89.134.93/wp-includes/css/dist/block-library/style.min.css?ver=5.1 -9 TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 1 no SSL
link stylesheet https://159.89.134.93/wp-includes/css/dist/block-library/theme.min.css?ver=5.1 -9 TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure. 1 no SSL

script

https://159.89.134.93/wp-includes/js/wp-embed.min.js?ver=5.1
-9
TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
1
no SSL

Looks like you have a WordPress setting with the ip address instead of your https - address.

Letsencrypt certificates are 90 days valide. Renew after 60 - 85 days.


#15

Strange. I’m going to try and destroy the droplet and reinstall everything.


#16

That isn’t a solution. There are Wordpress settings

WP_Home
WP_SITEURL

you should find and change.

https://codex.wordpress.org/Changing_The_Site_URL

It’s a general problem. If you use WordPress, you should use such a direct solution.

  • Verify that the reference in your WordPress Address (URL) contains the new address.
  • Verify that the reference in your Site Address (URL) contains the new address.

And if you add new features and more links are wrong, that’s an indicator this is such a global setting.


#17

You’re right JuergenAuer. I tried reinstalling everything and still had the same error with stylesheets not loading so I had to go to my wp-admin dashboard using the IP address and it gave me a “warning unsecure site” but I proceeded and in my dashboard > settings > general , I changed the Wordpress Address and Site Address to my domain and now it’s working properly. This was a dumb mistake on my part and I should have checked that (sorry) but after the DNS issues yesterday and not being able to connect to my site I forgot this step in the wordpress install. Thank you for the help!


closed #18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.