Home General Take these broken wings…

Take these broken wings…

347
0
Not strictly a replica, because it's not signed with someone else's brand

The past few days have been fun here on WWR. We’ve been doing some cool stuff to speed up WordPress – and this issue is not directly related to that process – and I decided, finally, to make us properly SSL compliant. Google dings you on SEO if your site doesn’t have that cute little lock in the URL and I thought it was time to get things fixed.

What follows is how I did it. I thought it would be helpful from a tech perspective. If you don’t care and are happy the site is up just email me at [email protected] or Tweet me @johnbiggs to let me know if you see any problems.

Back to the issues.

As these things go it should have been an easy upgrade. The first time we tried it we fell into an endless loop thanks to a bad configuration at Cloudflare. Rather than leave it up I hunkered down and fixed it.

First, I shut down Cloudflare – a site that keeps your site from exploding – and moved the .htaccess file because it looked to be causing many of the problems. This is the file that routes traffic through the site in a special way. Those of you who know WordPress can see where this is headed already.

I created a private key for my site and put it in /etc/ssl/private. I bought a Comodo certificate from Namecheap and uploaded it the /etc/ssl/certs. This is common stuff.

I then added SSL support to my virtual host fine in /etc/apache2/sites-available for WristWatchReview. I rebooted Apache.

This is what I added. Update with your info as necessary. Remember to ADD this to the file under the place where you see


ServerAdmin [email protected]
DocumentRoot [mysitedirectory]/wristwatchreview.com
ServerName wristwatchreview.com
ServerAlias www.wristwatchreview.com
DirectoryIndex index.php
ErrorLog /var/log/apache2/[myerror]-error.log
CustomLog /var/log/apache2/[myerror]-access.log combined
SSLEngine On
SSLCertificateFile /etc/ssl/certs/wristwatchreview_com.crt
SSLCertificateKeyFile /etc/ssl/private/WWRserver.key
SSLCertificateChainFile /etc/ssl/certs/wristwatchreview_com.ca-bundle


Options FollowSymLinks
AllowOverride All


Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from All


SSLRequireSSL On
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire

I then added Really Simple SSL to the site which automatically checks all the links for HTTPS vs HTTP. This also updates the .htaccess file with a few helpful lines – if you have one. This also updates your site posts to support SSL. Don’t forget to check your site URL in Settings->General.

screen-shot-2016-09-11-at-8-28-46-am

Bam! I had a site that supported SSL. There are still a few issues including some mixed content warnings but nothing I couldn’t handle.

Then I stepped away, secure in the knowledge that everything was OK.

Oh, but it wasn’t. In my haste I had moved the .htaccess file and forgotten to put it back. While things looked OK the URLs were broken. This URL – https://www.wristwatchreview.com/2016/09/10/watching-the-web-for-september-10-2016/ – gave a not found error because all of that weird stuff after the site name was taken care of by .htaccess. So for a day the site was basically deflecting all traffic.

I am not a smart man but I do know what traffic is. This morning people told me they were getting 404s and I rushed over, realized the .htaccess file was busted, and fixed it. Now you see the wonderful site in all it’s SSL glory. There are still some mixed content errors – basically a problem when not every link is preceded with https://, but Really Simple SSL has a scanner for that and you can run your site through WhyNoPadlock to get more data on the problem.

In short I screwed up two SSL installations and finally fixed this one. Further I learned that if you don’t know how to do something you should probably hire an expert or, barring that, just ruin it all yourself until it kind of works. Either way you’re golden.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.