Want more timely Centmin Mod News Updates?
Become a Member

SSL Letsencrypt Letsencrypt & CloudFlate - infinite loop

Discussion in 'Domains, DNS, Email & SSL Certificates' started by GASTAN, Nov 5, 2020.


    GASTAN Member

    Jun 28, 2017
    Local Time:
    12:24 PM
    CentOS Version: 7.8.2003 (Core) 64bit
    Centmin Mod Version Installed: latest 123.09beta01
    Nginx Version Installed: i.e. 1.19.4
    PHP Version Installed: 7.4.11
    MariaDB MySQL Version Installed: 10.1.48-MariaDB
    When was last time updated Centmin Mod code base ? : just before action
    Persistent Config:
    I used option 22 to make subdomain, but Let's Encrypt cert failed, because of too many redirects.
    CF has 'Always Use HTTPS' off by default.
    I tried to remove http->https redirect is ssl.conf as suggested in another thread I found here, but then the subdomain does not work at all (I get default nginx Test page)
    I also 'Full' (Encryption in CF) mode, but then main domain as well as older subdomain does not work (hosted on older centmin machine), as they dont have https (it was not available when domains were set up)

    I deleted subdomain and turned off 'Proxied' status on domains CNAME in Cloudflare's DNS.
    Domain was set up again.
    Subdomain existed, but was deleted with generated script to delete it.
    -Option 22 in centmin menu
    -User option 4. issue live cert with HTTPS default.
    Wordpress seemed to work fine, so I enabled proxy on subdomain/CNAME again and then ended up again in infinite loop. I enabled proxy on CF, cause I hear here a lot about hiding origins IP, even thought I am not exactly sure I understand...
    I then tried again comment out redirect section in ssl.conf (to not have redirects in nginx)
    server {
       server_name sub.domain.com www.sub.domain.com;
       return 302 https://sub.domain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
    but no joy...

    so currently I have this subdomain without proxy in CF...
  2. Razib Hasan

    Razib Hasan Member

    May 31, 2014
    Dhaka, Bangladesh
    Local Time:
    5:24 PM
    On Cloudflare, your SSL settings should be Full or Strict.
  3. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    9:24 PM
    Nginx 1.21.x
    MariaDB 10.x
    If you set Cloudflare Full SSL, then all origin servers subdomain or main domain will need to have HTTPS at Centmin Mod Nginx origin side supported. You can switch all other subdomain/main domain's Centmin Mod origin to using HTTPS via outlined method 3, existing non-HTTPS Nginx migration to HTTPS guide and then enable Cloudflare Full SSL for future site creation.

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 but ensuring you set LETSENCRYPT_DETECT='y' in persistent config file created at /etc/centminmod/custom_config.inc before you run centmin.sh menu option 2 or 22 for wordpress. You can do that using command below - only need to do this step once and every subsequent run of centmin.sh menu option 2 or 22 will have letsencrypt ssl certificate support enabled
    Code (Text):
    # enable letsencrypt ssl certificate integration https://centminmod.com/acmetool/
    touch /etc/centminmod/custom_config.inc
    echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com

    Code (Text):
    curl -I http://www.domain.com

    Code (Text):
    curl -I https://domain.com

    Code (Text):
    curl -I https://www.domain.com

    for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)

    Make sure you update Wordpress settings URL to be the HTTPS version and not old non-HTTPS otherwise Wordpress PHP will do an internal redirect from HTTPS to non-HTTPS itself which may cause a redirect loop too. Also ensure it's the main domain you want folks to land on and not a redirect i.e. non-www to www or www to non-www redirect.

    What's output for these commands changing /home/nginx/domains/domain.com/public/ to the path to where you installed wordpress i.e. if domain.com/blog then it would be /home/nginx/domains/domain.com/public/blog
    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp option get siteurl --allow-root
    wp option get home --allow-root

    If siteurl and home values are coming up with non-www and you want www being the main destination you can change them in your wordpress generation url settings or more thoroughly via wp-cli command line
    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp search-replace 'https://example.com' 'https://www.example.com' --skip-columns=guid

    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp option update home 'https://www.example.com'
    wp option update siteurl 'https://www.example.com'

    And same in reverse, if siteurl and home values are coming up with www and you want non-www being the main destination you can change them in your wordpress generation url settings or more thoroughly via wp-cli command line
    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp search-replace 'https://www.example.com' 'https://example.com' --skip-columns=guid

    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp option update home 'https://example.com'
    wp option update siteurl 'https://example.com'