Get the most out of your Centmin Mod LEMP stack
Become a Member

Letsencrypt How to migrate Wordpress existing sites which use LetsEnrycpt

Discussion in 'Install & Upgrades or Pre-Install Questions' started by mrkip, Jan 29, 2019.

  1. mrkip

    mrkip New Member

    7
    4
    3
    Jan 29, 2019
    Ratings:
    +4
    Local Time:
    7:35 AM
    Hello,

    Firstly, I just want to say I've been really impressed with CentminMod. I've been playing with it over the last week or so and it's been real pleasure to use. I think I'll be using it for all future sites/servers that I run.

    However, I'm just stuck on this one problem. If I can figure this out I'll be ready to move all my sites over to Centmin.

    I've tried googling and looking around the forums/support docs and I can't seem to find something which covers this. If anyone can point me in the right direction of how to achieve this I'd be really grateful.

    I have a couple of existing sites on Ubuntu VPS's which I'm wanting to switch to Centminmod. All these sites use letsencrypt already.

    So far I've created the sites using CentMinMod option 22 (with acmetools and letsencrypt enabled).

    I've then deleted the installed Wordpress files, dropped the database, and then replaced these with the site files/database of the sites I'm migrating.

    I've then changed all the files and folders to the correct permissions. Everything looks like it should work but I'm getting a mismatch with my SSL certs. So my sites aren't working.

    What's the correct process of migrating a non-cenminmod Wordpress site (which uses letsenrypt) to centminmod (and maintaining or issuing a new letsencrypt cert)?

    Thanks in advance for the help

    Cheers

    James
     
  2. Jimmy

    Jimmy Premium Member Premium Member

    1,528
    316
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +779
    Local Time:
    2:35 AM
    1.15.x
    MariaDB 10.3.x
    I don't use letsencrypt so I can't really help you. With that being said, you might want to check out cloudflare. They have free SSLs and you don't have to renew them. I use them for all my sites.
     
  3. mrkip

    mrkip New Member

    7
    4
    3
    Jan 29, 2019
    Ratings:
    +4
    Local Time:
    7:35 AM
    That is a good idea. What rating do your sites get on SSLlabs?
     
  4. Jimmy

    Jimmy Premium Member Premium Member

    1,528
    316
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +779
    Local Time:
    2:35 AM
    1.15.x
    MariaDB 10.3.x
    Haven't run them in awhile, but they always did well.

    Most of my sites use the CF free SSL. I have 1 site with a CF paid SSL which is like $5 a month. Free one works great though.
     
  5. eva2000

    eva2000 Administrator Staff Member

    39,769
    8,773
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,504
    Local Time:
    4:35 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
      

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    If acme.sh auto renewals didn't happen, check output for the following commands
    Code (Text):
    grep acme /var/log/cron* | sed -e "s|$(hostname -s)|host|g"
    

    Code (Text):
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates
    

    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    

    Code (Text):
    echo | openssl s_client -connect yourdomain.com:443
    

    Without the answers to above questions and logs, there is nothing to help troubleshoot.

    SSLLabs Test



    Also run your HTTPS domain site through SSLLabs tester at SSL Server Test (Powered by Qualys SSL Labs) if it says untrusted SSL cert and prompts to continue the test, continue the test.
     
  6. mrkip

    mrkip New Member

    7
    4
    3
    Jan 29, 2019
    Ratings:
    +4
    Local Time:
    7:35 AM
    Thanks for help and suggestions Eva2000.;)

    Prior to this and on my Ubuntu VPS i used Certbot and cloned it from git hub:

    sudo git clone certbot/certbot /opt/letsencrypt

    I'd then create the following directory in the root of my sites on my ubuntu VPS's: .well-known/acme-challenge/

    After this I'd change everything in the Vhost file and use WP-cli to change all http site addresses to https.

    I've removed the .well-known/acme-challenge/ from my Wordpress install when transferring them to Centminmod.

    With regards to the following..

    Code:
    Code (Text):
    -------------------------------------------------------------
    Setup full Nginx vhost + Wordpress + WP Plugins
    -------------------------------------------------------------
    
    Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
    
    Create a self-signed SSL certificate Nginx vhost? [y/n]: n
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS
    2. issue staging test cert with HTTPS default
    3. issue live cert with HTTP + HTTPS
    4. issue live cert with HTTPS default
    Enter option number 1-4: 1
    I selected option 4. After this, I removed everything in the Wordpress root (and the database) and replaced them with the files for the site I'm migrating. I then changed all the permissions to match those on my Centminmod test sites.

    The domain I'm trying to migrate is running through Cloudflare but I've removed it from Proxy and am just using Cloudflares DNS only option.

    I start testing the site with your other suggestions and see what it reports.

    Thankyou for the help. It's very much appreciated
     
    • Like Like x 1
  7. mrkip

    mrkip New Member

    7
    4
    3
    Jan 29, 2019
    Ratings:
    +4
    Local Time:
    7:35 AM
    Whoowhoo. I've managed to fix it. My migrated site is now working and class A according to SSL labs.
    Turns out i was well off the mark with my setup. And it was all down to a stupid mistake. I'd cloned the acmetool script but hadn't run it:facepalm:.
    I assumed it was installed as my test domains (new domains which weren't being migrated) were set up and using letencrypt.
    Anyway, once I'd run: "./acmetool.sh acmeinstall" inside /usr/local/src/centminmod/addons/ i had access to all the acmetool functions.
    Then it was simply a case of following your letsencrypt guide
    My sites fully working now and with CentminMod it's reduced the page load times by over 50%:).
    I'm really looking forward to migrating the rest of my sites to the stack.
    Thanks for the help Eva & Jimmy
     
    Last edited: Jan 29, 2019
    • Like Like x 1
  8. eva2000

    eva2000 Administrator Staff Member

    39,769
    8,773
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,504
    Local Time:
    4:35 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Excellent to hear you got it working and now have a faster page loading Wordpress site ! (y):cool:
     
..