SSL forces redirect


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.pintereec.ca projects.pinterec.ca www.calgaryrideshare.ca

I ran this command: Certbot install

It produced this output: When I go to my other websites I am redirected to the same website.

My web server is (include version): wordpress 4.9.8 using nginx

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: my server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ofcourse not…It is all Shell baby!


#2

Hi @Spineless

can you describe that better?

Two of your three redirects http -> https are ok:

D:>download http://www.pinterec.ca/ -h
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Aug 2018 20:37:44 GMT
Server: nginx/1.10.3 (Ubuntu)

Status: 200 OK

D:>download http://projects.pinterec.ca/ -h
Connection: keep-alive
Content-Length: 194
Content-Type: text/html
Date: Tue, 14 Aug 2018 20:38:05 GMT
Location: https://projects.pinterec.ca/
Server: nginx/1.10.3 (Ubuntu)

Status: 301 MovedPermanently

D:>download http://www.calgaryrideshare.ca/ -h
Connection: keep-alive
Content-Length: 194
Content-Type: text/html
Date: Tue, 14 Aug 2018 20:38:38 GMT
Location: https://www.calgaryrideshare.ca/
Server: nginx/1.10.3 (Ubuntu)

Status: 301 MovedPermanently

The 301 is correct, the 200 means: No redirect http -> https.

The https - configuration of https://www.calgaryrideshare.ca is ok, https://www.pinterec.ca redirects to https://www.calgaryrideshare.ca. Do you want this?

https://projects.pinterec.ca/ has a http-status 500 (Error establishing a database connection).

Then show the nginx - configuration.


#3

There is something wrong with nginx. I attempted to remove all certbot comments . However, the websites are still all pointing to one website.

I just need to reset nginx.


#4

I attempted to completely remove nginx. I installed the nginx config files again and reinstalled certbot. Again the problem persists. I am perplexed. I do not understand how certbot/lets encrypt software installs itself. I do not know how to troubleshoot this error. It is very weird.

The problem Is I selected all of my websites to apply the certificate to. This of course pointed all redirects to www.calgaryrideshare.ca …opps.
So I need to start again.

I have a couple of files I can share. I do not think these will help… they all look good to me.

pinterec nginx config

[code]

upstream php {
server unix:/tmp/php-cgi.socket;
server 127.0.0.1:9000;
}

map $http_host $blogid {
www.pinterec.ca 1;
www.pinterec.ca/news-and-information 2;
}
server {
root /home/pinterec/www/pinterec;

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
    
if ($host = www.pinterec.ca) {
       return 301 https://$host$request_uri;
}

if ($host = pinterec.ca) {
      return 301 https://$host$request_uri;
    }
server_name www.pinterec.ca pinterec.ca;

    ##
    #   Locations
    ##

location / {

	try_files $uri $uri/ /index.php?args;    #removed "=404"

$
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# include fastcgi_params;
# fastcgi_index index.php;
fastcgi_read_timeout 150;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
# fastcgi_pass 127.0.0.1:777;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location = /favicon.ico {
	log_not_found off;
	access_log off;
}
location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
}
location ~* \.(eot|svg|ttf|woff|woff2)$ {
	add_header Access-Control-Allow-Origin *;
}	
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
    }
location ~ /\.ht {
	deny all;
}
location ~ ^/files/(.*)$ {
	try_files /wp-content/blogs.dir/@blogid/$uri /wp-includes/ms-files.php?file=$1 ;
	access_log off;
	log_not_found off;
	expires max;
}
    # Begin BWP Minify WP Rules
    # Befin BWP Minify Headers
    location ~ /wp-content/plugins/bwp-minify/cache/.*\.(js|css)$ {
        add_header Cache-Control "public, max-age=28339200";
        add_header Vary "Accept-Encoding";
        etag off;
    }
    location ~ /wp-content/plugins/bwp-minify/cache/.*\/js\.gz$ {
        gzip off;
        types {}
        default_type application/x-javascript;
        add_header Cache-Control "public, max-age=28339200";
        add_header Content-Encoding gzip;
        add_header Vary "Accept-Encoding";
        etag off;
    }
    location ~ /wp-content/plugins/bwp-minify/cache/.*\.css\.gz$ {
         gzip off;
         types {}
         default_type text/css;
         add_header Cache-Control "public, max-age=28339200";
         add_header Content-Encoding gzip;
         add_header Vary "Accept-Encoding";
         etag off;
    }
   location ~ [^/]\.php(/|$) {
         fastcgi_cache phpcache;  # The name of the cache key-zone to use
         fastcgi_cache_valid 200 30m;  # What to cache: "code 200' responses, for half an hour
         fastcgi_cache_methods GET HEAD;  #What to cache: only GET and HEAD requests (not POST)
         add_header X-Fastcgi-Cache $upstream_cache_status;  # Add header so we can see if the cache hits or misses
    }

    # END BWP Minify Headers
    set $zip_ext "";
    if ($http_accept_encoding ~* gzip) {
        set $zip_ext ".gz";
    }
    set $minify_static "";
    if ($http_cache_control = false) {
         set $minify_static "C";
         set $http_cache_control "";
    }
    if ($http_cache_control !~* no-cache) {
         set $minify_static "C";
    }
    if ($http_if_modified_since = false) {
        set $minify_static "${minify_static}M";
    }
    if (-f $request_filename$zip_ext) {
        set $minify_static "${minify_static}E";
     }
    if ($minify_static = CME) {
       rewrite (.*) $1$zip_ext break;
     }
    rewrite ^/cache/minify-b(\d+)-([a-zA-Z0-9-_.]+)\.(css|js)$/index.php?blog=$1&min_group=$2&min_type=$3 last;
    # END BWP Minify WP Rules

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pinterec.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pinterec.ca/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

[code]

projects.pinterec.ca nginx config

[code]

max_size=10g inactive=60m use_temp_path=off;
map $http_host $blogid {
projects.pinterec.ca 1;
}
server {
root /home/pinterec/www/kanban;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
if ($host = projects.pinterec.ca) {
return 301 https://projects.pinterec.ca;
}
server_name projects.pinterec.ca;

    ##
    #   Locations
    ##

location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to displaying a 404.
	try_files $uri $uri/ /index.php?args;    #removed "=404"
}
   # location = @dynamic_request {
   #      proxy_pass appserver;
   # }
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
	include snippets/fastcgi-php.conf;
#	# With php7.0-cgi alone:
#	fastcgi_pass 127.0.0.1:9000;
#	# With php7.0-fpm:
#	include	fastcgi_params;
#	fastcgi_index index.php;
	fastcgi_read_timeout 150;
	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#	fastcgi_pass  127.0.0.1:777;
#	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location = /favicon.ico {
	log_not_found off;
	access_log off;
}
location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
}
location ~* \.(eot|svg|ttf|woff|woff2)$ {
	add_header Access-Control-Allow-Origin *;
}	
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
    }
location ~ /\.ht {
	deny all;
}
location ~ ^/files/(.*)$ {
	try_files /wp-content/blogs.dir/@blogid/$uri /wp-includes/ms-files.php?file=$1 ;
	access_log off;
	log_not_found off;
	expires max;
}
    # Begin BWP Minify WP Rules
    # Befin BWP Minify Headers
    location ~ /wp-content/plugins/bwp-minify/cache/.*\.(js|css)$ {
        add_header Cache-Control "public, max-age=28339200";
        add_header Vary "Accept-Encoding";
        etag off;
    }
    location ~ /wp-content/plugins/bwp-minify/cache/.*\/js\.gz$ {
        gzip off;
        types {}
        default_type application/x-javascript;
        add_header Cache-Control "public, max-age=28339200";
        add_header Content-Encoding gzip;
        add_header Vary "Accept-Encoding";
        etag off;
    }
    location ~ /wp-content/plugins/bwp-minify/cache/.*\.css\.gz$ {
         gzip off;
         types {}
         default_type text/css;
         add_header Cache-Control "public, max-age=28339200";
         add_header Content-Encoding gzip;
         add_header Vary "Accept-Encoding";
         etag off;
    }
   location ~ [^/]\.php(/|$) {
      #   fastcgi_cache phpcache;  # The name of the cache key-zone to use
         fastcgi_cache_valid 200 30m;  # What to cache: "code 200' responses, for half an hour
         fastcgi_cache_methods GET HEAD;  #What to cache: only GET and HEAD requests (not POST)
         add_header X-Fastcgi-Cache $upstream_cache_status;  # Add header so we can see if the cache hits or misses
    }
    # END BWP Minify Headers
    set $zip_ext "";
    if ($http_accept_encoding ~* gzip) {
        set $zip_ext ".gz";
    }
    set $minify_static "";
    if ($http_cache_control = false) {
         set $minify_static "C";
         set $http_cache_control "";
    }
    if ($http_cache_control !~* no-cache) {
         set $minify_static "C";
    }
    if ($http_if_modified_since = false) {
        set $minify_static "${minify_static}M";
    }
    if (-f $request_filename$zip_ext) {
        set $minify_static "${minify_static}E";
     }
    if ($minify_static = CME) {
       rewrite (.*) $1$zip_ext break;
     }
    rewrite ^/cache/minify-b(\d+)-([a-zA-Z0-9-_.]+)\.(css|js)$/index.php?blog=$1&min_group=$2&min_type=$3 last;
    # END BWP Minify WP Rules

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/projects.pinterec.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/projects.pinterec.ca/privkey.pem; # managed by Certbot

}

[code]

calgaryrideshare nginx config

[code]

map $http_host $blogid {
www.calgaryrideshare.ca 1;
www.calgaryrideshare.ca/news-and-information 2;
}
server {
root /home/pinterec/www/calgaryrideshare;

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

server_name www.calgaryrideshare.ca calgaryrideshare.ca;

    ##
    #   Locations
    ##

location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to displaying a 404.
	try_files $uri $uri/ /index.php?args;    #removed "=404"
}
   # location = @dynamic_request {
   #      proxy_pass appserver;
   # }
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
	include snippets/fastcgi-php.conf;
#	# With php7.0-cgi alone:
#	fastcgi_pass 127.0.0.1:9000;
#	# With php7.0-fpm:
#	include	fastcgi_params;
#	fastcgi_index index.php;
	fastcgi_read_timeout 150;
	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#	fastcgi_pass  127.0.0.1:777;
#	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location = /favicon.ico {
	log_not_found off;
	access_log off;
}
location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
}
location ~* \.(eot|svg|ttf|woff|woff2)$ {
	add_header Access-Control-Allow-Origin *;
}	
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
    }
location ~ /\.ht {
	deny all;
}
location ~ ^/files/(.*)$ {
	try_files /wp-content/blogs.dir/@blogid/$uri /wp-includes/ms-files.php?file=$1 ;
	access_log off;
	log_not_found off;
	expires max;
}
    # Begin BWP Minify WP Rules
    # Befin BWP Minify Headers
    location ~ /wp-content/plugins/bwp-minify/cache/.*\.(js|css)$ {
        add_header Cache-Control "public, max-age=28339200";
        add_header Vary "Accept-Encoding";
        etag off;
    }
    location ~ /wp-content/plugins/bwp-minify/cache/.*\/js\.gz$ {
        gzip off;
        types {}
        default_type application/x-javascript;
        add_header Cache-Control "public, max-age=28339200";
        add_header Content-Encoding gzip;
        add_header Vary "Accept-Encoding";
        etag off;
    }
    location ~ /wp-content/plugins/bwp-minify/cache/.*\.css\.gz$ {
         gzip off;
         types {}
         default_type text/css;
         add_header Cache-Control "public, max-age=28339200";
         add_header Content-Encoding gzip;
         add_header Vary "Accept-Encoding";
         etag off;
    }
   location ~ [^/]\.php(/|$) {
  #       fastcgi_cache phpcache;  # The name of the cache key-zone to use
         fastcgi_cache_valid 200 30m;  # What to cache: "code 200' responses, for half an hour
         fastcgi_cache_methods GET HEAD;  #What to cache: only GET and HEAD requests (not POST)
         add_header X-Fastcgi-Cache $upstream_cache_status;  # Add header so we can see if the cache hits or misses
    }

}
# END BWP Minify Headers
set $zip_ext “”;
if ($http_accept_encoding ~* gzip) {
set $zip_ext “.gz”;
}
set $minify_static “”;
if ($http_cache_control = false) {
set $minify_static “C”;
set $http_cache_control “”;
}
if ($http_cache_control !~* no-cache) {
set $minify_static “C”;
}
if ($http_if_modified_since = false) {
set $minify_static “${minify_static}M”;
}
if (-f $request_filename$zip_ext) {
set $minify_static “${minify_static}E”;
}
if ($minify_static = CME) {
rewrite (.*) $1$zip_ext break;
}
rewrite ^/cache/minify-b(\d+)-([a-zA-Z0-9-_.]+).(css|js)$/index.php?blog=$1&min_group=$2&min_type=$3 last;
# END BWP Minify WP Rules

listen 443 ssl; # managed by Certbo

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/calgaryrideshare.ca/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/calgaryrideshare.ca/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
}
#server {
}
server {
if ($host = www.calgaryrideshare.ca) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = calgaryrideshare.ca) {
    return 301 https://$host$request_uri;
} # managed by Certbot

server_name www.calgaryrideshare.ca calgaryrideshare.ca;
listen 80;
return 404; # managed by Certbot
}

[code]


#5

Certbot has likely changed something else. I don’t think the nginx config files have the error.

What else does Certbot change?
Where else would a redirect be placed by Certbot?


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.