Learn about Centmin Mod LEMP Stack today
Register Now

CLI-WP --> Site Offline

Discussion in 'Install & Upgrades or Pre-Install Questions' started by EckyBrazzz, Jun 8, 2019.

  1. EckyBrazzz

    EckyBrazzz Active Member

    378
    71
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +139
    Local Time:
    3:47 AM
    1.17.x
    10.3.x
    After spending hours on a new setup for a domain with 22-1 I woke up this morning and my site is Offline.(Cloudflare but disabled it to check other info)
    I only made a little change to my wp_updater because my theme is giving some troubles when running it.
    Code (Text):
    /usr/bin/wp --info --allow-root --skip-themes=mts_coupon
    /usr/bin/wp plugin status --allow-root --skip-themes=mts_coupon
    /usr/bin/wp plugin update --all --allow-root --skip-themes=mts_coupon | tee .wpcli-status
    


    Before (without these changes) I just got my theme data wiped out and the page loaded normal. Only without my theme correctly because it was missing some data.

    Today it gave me the sad news.
    Project_CMM_7242.png
     
  2. EckyBrazzz

    EckyBrazzz Active Member

    378
    71
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +139
    Local Time:
    3:47 AM
    1.17.x
    10.3.x
    Well, Did a new install on other subdomain, 22-1 and directly had the same issue, without that the wp-cli cron had time to execute. As you can see one is nl.domain.com where i changed the wp_updater, the other is pl.domain.com without any changes, not adding plugins, nothing. All other domains previous created load normal.

    The log can be found here
    install 22-1 redirection error

    Project_CMM_7243.png
     
    Last edited: Jun 8, 2019
  3. eva2000

    eva2000 Administrator Staff Member

    40,188
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    4:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    letsencrypt ssl validation failed for your domain due to "Too many redirects" error so you have misconfigured cloudflare probably - don't set cloudflare http to https redirect if you use centmin mod nginx letsencrypt vhost creation with default https. As what happens is cloudflare flexible ssl connects to your origin non-https for requests but your origin centmin mod nginx is redirecting non-https to https - so you go around in circles, https requests on cloudflare end getting redirected back to itself as centmin mod nginx origin is doing non-https to https redirects.
    Code (Text):
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for pl.domain.com
    -----------------------------------------------------------
    testcert value = wplived
    wp routine detected use reissue instead via --force
    /root/.acme.sh/acme.sh --force --issue -d pl.domain.com --days 60 -w /home/nginx/domains/pl.domain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-080619-121133.log --log-level 2
    [Sat Jun 8 12:11:44 UTC 2019] Creating domain key
    [Sat Jun 8 12:11:45 UTC 2019] The domain key is here: /root/.acme.sh/pl.domain.com/pl.domain.com.key
    [Sat Jun 8 12:11:45 UTC 2019] Single domain='pl.domain.com'
    [Sat Jun 8 12:11:45 UTC 2019] Getting domain auth token for each domain
    [Sat Jun 8 12:11:47 UTC 2019] Getting webroot for domain='pl.domain.com'
    [Sat Jun 8 12:11:47 UTC 2019] Verifying: pl.domain.com
    [Sat Jun 8 12:11:51 UTC 2019] pl.domain.com:Verify error:Fetching https://pl.domain.com/.well-known/acme-challenge/VutHeo4OaCG7rVJc7_ATqLD8WC9FsTkj-o7_bW4h1pE: Too many redirects
    [Sat Jun 8 12:11:51 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-080619-121133.log
    LECHECK = 1
    

    Or instead change cloudflare SSL from flexible SSL to Full SSL so that cloudflare speaks with your HTTPS origin and not your non-HTTPS origin in flexible SSL mode
     
  4. eva2000

    eva2000 Administrator Staff Member

    40,188
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    4:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    did you verify it was indeed disabled ?

    too many redirects, might need to check your nginx vhost

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  5. EckyBrazzz

    EckyBrazzz Active Member

    378
    71
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +139
    Local Time:
    3:47 AM
    1.17.x
    10.3.x
    Did not change anything to cloudflare last night, the domain was funcional normal at both ends (wp-admin and normal site). Only tommow it gave me a error and installed a second domain to test and gave the error directly
    For testing I disable the Cloudflare proxy.

    The pl.domain.com works without Cloudflare if I accept the SSL issue, but the nl.domain.com won't

    With Cloudflare on
    Code (Text):
    curl -I https://pl.domain.com
    HTTP/1.1 302 Moved Temporarily
    Date: Sat, 08 Jun 2019 15:24:09 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=dd76c64c9b2ff9e471f1b5a99ea66bfc61560007449; expires=Sun, 07-Jun-20 15:24:09 GMT; path=/; domain=.domain.com; HttpOnly
    Location: https://pl.domain.com/
    X-Powered-By: centminmod
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 4e3bdefce87dc85f-AMS
    


    With Cloudflare off
    Code (Text):
    curl -I https://pl.domain.com
    curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
    More details here: http://curl.haxx.se/docs/sslcerts.html
    
    curl performs SSL certificate verification by default, using a "bundle"
     of Certificate Authority (CA) public keys (CA certs). If the default
     bundle file isn't adequate, you can specify an alternate file
     using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
     the bundle, the certificate verification probably failed due to a
     problem with the certificate (it might be expired, or the name might
     not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use
     the -k (or --insecure) option.
    
     
  6. EckyBrazzz

    EckyBrazzz Active Member

    378
    71
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +139
    Local Time:
    3:47 AM
    1.17.x
    10.3.x
    Changed it to full and the nl.domain works again, only the pl.domain not, but didn't know that the Cloudflare SSL even would work if you use it only for DNS. Even if the main domain wihout Cloudflare.

    Only strange that yesterday the first domain did't give the error
     
    Last edited: Jun 9, 2019
  7. EckyBrazzz

    EckyBrazzz Active Member

    378
    71
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +139
    Local Time:
    3:47 AM
    1.17.x
    10.3.x
    The Curl of the nl.domain with and without Cloudflare
    Code (Text):
    [16:08][[email protected] ~]# curl -I https://nl.domain.com
    HTTP/1.1 200 OK
    Date: Sat, 08 Jun 2019 16:10:18 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d6f07875e8fa0bdddba0d4fca92981e711560010218; expires=Sun, 07-Jun-20 16:10:18 GMT; path=/; domain=.domain.com; HttpOnly
    Last-Modified: Sat, 08 Jun 2019 02:46:54 GMT
    Vary: Accept-Encoding
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 4e3c2298eb859d06-AMS
    
    [16:10][[email protected] ~]# curl -I https://nl.domain.com
    HTTP/1.1 200 OK
    Date: Sat, 08 Jun 2019 16:10:34 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 34303
    Last-Modified: Sat, 08 Jun 2019 02:46:54 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "5cfb219e-85ff"
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Accept-Ranges: bytes
    
     
  8. EckyBrazzz

    EckyBrazzz Active Member

    378
    71
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +139
    Local Time:
    3:47 AM
    1.17.x
    10.3.x
    Removed the pl.domain.com and did a new install. Seems to be fine after the adjusment on Cloudflare. Project_CMM_7244.png
     
  9. eva2000

    eva2000 Administrator Staff Member

    40,188
    8,888
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,697
    Local Time:
    4:47 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yes you can disable always use HTTPS if you use centmin mod nginx with default live HTTPS as nginx takes care of non-http to https redirects. If you enable always use HTTPS as well, you go around in a loop of cloudlfare redirecting users to HTTPS but connecting to origin centmin mod nginx via non-HTTPS in flexible SSL mode and then doing non-HTTPS to HTTPS redirect = too many redirects
     
  10. EckyBrazzz

    EckyBrazzz Active Member

    378
    71
    28
    Mar 28, 2018
    Brazil
    Ratings:
    +139
    Local Time:
    3:47 AM
    1.17.x
    10.3.x
    Updated the wp_update with the correct setting and now I don't have any problems with theme settings getting deleted. Letting them run for over a day and all fine. Just have to do it manually for each created domain to have to benefits of the wp-cli. Only for the theme, that won't update, but with SecureFX that is not such a big deal. Adding the exclusion for only the theme name did not work.

    Code (Text):
    /usr/bin/wp --info --allow-root --skip-themes
    /usr/bin/wp plugin status --allow-root --skip-themes
    /usr/bin/wp plugin update --all --allow-root --skip-themes | tee .wpcli-status
    
     
    • Informative Informative x 1
..