Join the community today
Register Now

Wordpress No SSL certificate

Discussion in 'Blogs & CMS usage' started by Venucci, Dec 5, 2018.

  1. Venucci

    Venucci New Member

    10
    1
    3
    Sep 25, 2018
    Ratings:
    +1
    Local Time:
    9:16 PM
    currentyl
    10
    I have install the centminmod followed all instructions and there is not free SSL certificate at all . Open SSL was succesfully created but after that on my wordpress site there are not any information about a safe website and not s on the http : Which could be the problem ? THe installation ? I have followed instructions and button 22 and the wordpress site is normal and this is the unique issue . Great job eva! Thank you , may be it is my fault . any considereation or issues that could have created such problem. thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    37,354
    8,162
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,563
    Local Time:
    6:16 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS. Did you set LETSENCRYPT_DETECT='y' in persisent config file /etc/centminmod/custom_config.inc before running centmin.sh menu option 22 ? For wordpress auto installer, you actually need a read method 2 to enable LETSENCRYPT_DETECT='y' then run centmin.sh menu option 22 which will detect letsencrypt support and display the additional letsencrypt prompts required to issue free letsencrypt ssl certificates for wordpress auto installer

    Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

    You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

    If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.
    If SSL cert exists but get no secure, then it most likely is mixed content issue. If you have mixed content issu, you need to adjust your web app and/or web site style itself see What Is Mixed Content? - KeyCDN Support
     
  3. Venucci

    Venucci New Member

    10
    1
    3
    Sep 25, 2018
    Ratings:
    +1
    Local Time:
    9:16 PM
    currentyl
    10
    ok thank you so much eva . By the way , could i run 2 and 22 with the same domain . I have a fresh installation of wordpress so overwrite it would not be a problem . Could be done in that way ? I mean is going to overwrite it isnot it ? thanks
     
  4. eva2000

    eva2000 Administrator Staff Member

    37,354
    8,162
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,563
    Local Time:
    6:16 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    not for same domain if it already exists, re-running centmin.sh menu option 2 or 22 will abort and not proceed until you remove existing domain name.

    Every centmin.sh menu option 22 run has an accompanying uninstall script at /root/tools/wp_uninstall_${vhostname}.sh where ${vhostname} = your domain name. You can run that to uninstall almost everything except mysql database which you have to manually remove yourself - extra precaution in case you accidentally run the wrong uninstall script.

    Then re-run centmin.sh menu option 22 to install fresh wordpress instance for the domain
     
  5. Venucci

    Venucci New Member

    10
    1
    3
    Sep 25, 2018
    Ratings:
    +1
    Local Time:
    9:16 PM
    currentyl
    10
    So which would be the needed combination for a fresh wordpress installation on a fresh domain . Run 2 and after that running 22 ? I wish to achieve it but i have tried option 22 and option 2+22 and in both cases i am not able to achieve a fresh wordprsss instalation with let s encrypt . 2+22 just abort the installation of wordpress , only 22 creates a wordpress without let s encrypt . Which is my mistake ? What could be the origin of the problem and how i could make it work thanks eva
     
  6. eva2000

    eva2000 Administrator Staff Member

    37,354
    8,162
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,563
    Local Time:
    6:16 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    only centmin.sh menu option 22 should be needed
    Need to troubleshoot with below info/questions/answers.

    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    If acme.sh auto renewals didn't happen, check output for the following commands
    Code (Text):
    grep acme /var/log/cron* | sed -e "s|$(hostname -s)|host|g"
    

    Code (Text):
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates
    

    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    

    Code (Text):
    echo | openssl s_client -connect yourdomain.com:443
    

    Without the answers to above questions and logs, there is nothing to help troubleshoot.

    SSLLabs Test



    Also run your HTTPS domain site through SSLLabs tester at SSL Server Test (Powered by Qualys SSL Labs) if it says untrusted SSL cert and prompts to continue the test, continue the test.
     
  7. Venucci

    Venucci New Member

    10
    1
    3
    Sep 25, 2018
    Ratings:
    +1
    Local Time:
    9:16 PM
    currentyl
    10
    Basically i Have used the stable version of centminmod and option 22 installing wordpress which is correct but I have tried to install it following your instructions but after selecting creating auto signed ssl NO , i do not have the option of let s encrypt to say yes and select enforce https . I do not have the last 2 options . Why i do not have them ? How can i add them ? thanks eva
     
  8. eva2000

    eva2000 Administrator Staff Member

    37,354
    8,162
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,563
    Local Time:
    6:16 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
..