SSL on Apache2 (while using wordpress)

Sooo… I fixed it and i know what went wrong with ssl – and it was actually not that hard to fix.

To cut things short: If you are using wordpress and change the domain (or subdomain) in your vhosts, do it in the setting-menu of wordpress BEFORE. Else everything will break down and if you are trying to deploy ssl at the same time it will break down even more and you will get the most interesting error messages in your browser and much more other ambigious stuff…

But lets begin at the start.

As i am hosting some websites on my server with one ip, i have to use vhosts. If they are properly configured, its no problem – but my friend bought a new domain and wanted to migrate the wordpress-sites to the new domain and get https (so ssl encryption) for them for obvious reasons.

I used LetsEncrypt (https://wiki.debian.org/LetsEncrypt) because its free and relatively easy (very easy, to be honest). I know there were some fuckups in the past with it, but lets be plain: All i want is, that the little icon in your browser shows a green lock (or whatever symbol is used in your browser). Thats it. Its okay for me that the security isnt perfect, because i only care about the fact that the user isnt getting a “this site might be insecure” message or even worse, that the browser decides to not show the site at all. I probably have to apologize for my long sentences at this point – but i am german and as a german i can tell you: these sentences arent long at all… 😉

Back to topic: I use Letsencrypt and the certbot (“sudo apt install certbot” on debian) for getting my green lock in the browser.

The first thing to note:

For every domain there should be a certificate. (Subdomains excluded, obviously.)

Do not use the same certificate for different Domains!

The next thing to note:

Configure your vhosts (and webserver) beforehand – certbot needs all the sites you want to certify to be reachable.

If thats done, you can create your certificate with certbot:

sudo certbot --apache -d yourdomain.xyz -d www.yourdomain.xyz

All Subdomains should be in there (remember: www is a subdomain).

If you get another subdomain, you can expand the currently used certificate by ADDING the new subdomain to your certbot-line. Be careful to have all your existing domains in the line.

(You will then get prompted if you want to expand the certificate – thats what you want, then)

Anyway – You probably will get prompted if you want certbot change settings of your webserver. I dont recommend it, because it broke stuff – at least for me.

After you have run certbot, your vhosts will have gotten updated, as well.

If you encounter a problem, check your vhosts and if you chane something there, remember to reload or restart the server.

Here is my (slightly modified) conf for this site.

<VirtualHost *:80>
        ServerAdmin me@me.best
        ServerName diemo.best
        ServerAlias www.diemo.best
        DocumentRoot /var/www/mylocation
        <Directory /var/www/mylocation>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
       CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.diemo.best [OR]
RewriteCond %{SERVER_NAME} =diemo.best
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin me@me.best
        ServerName diemo.best
        ServerAlias www.diemo.best
        DocumentRoot /var/www/mylocation
        <Directory /var/www/mylocation>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/diemo.best/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/diemo.best/privkey.pem
</VirtualHost>

Notice: Lines 34,35 and 36 were added by certbot – you should have the rest ready when you run certbot. (You’ll probably get an ssl-error but thats okay.)

Congratulations! You should now have working ssl.

P.S.: The certificates have to be updated every 90 days. Maybe i will write a post about that later.

Copying a Website with wget

Today I was asked to download an old website for archiving purposes.

I decided to use wget.

The command is:

wget --recursive --no-clobber --page-requisites --convert-links --html-extension --no-parent  http://www.domain.xyz

The function of the arguments is as follows:

–recursive -> Kinda obvious… follow links on the website to download more than just the index-page

–no-clobber -> do not download files that are already there.

–page-requisites -> download everything needed for displaying the page

–convert-links -> convert the links from the original to the now local copy (if you dont do that, clicking on a link will get you to the original site on the server…)

–html-extension -> converts other extensions to html, or in other words: makes remote scripts (visiter-counter for example) work on your local copy

–no-parent -> is used to tell wget not to follow links outside of the given domain (for example facebook-buttons etc.) only download subpaths of the given domain.

Thats it, basically… Easy… 😉