Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#13 2018-08-29 17:25:40

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: http to https in textpattern

If you use https, you definitely need a certificate or it will complain. This method is just a way of making non-http visits to your homepage switch to using https:

I’d also put back the blank lines between the different directives in your htaccess file, even if it’s just for readability. Each set of conditions applies to the rule beneath it.


TXP Builders – finely-crafted code, design and txp

Offline

#14 2018-08-29 17:29:04

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,134
GitHub

Re: http to https in textpattern

bici wrote #313692:

P.S. Today when i tried it again it complained of not having an certificate.
I thought that the code was a way of doing secure sites without teh certificate. perhaps i am wrong

That’s very likely it – the redirect needs a certificate for it to work.

Offline

#15 2018-08-29 23:58:14

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,071
Website Mastodon

Re: http to https in textpattern

gaekwad wrote #313698:

That’s very likely it – the redirect needs a certificate for it to work.

ok. for some reason i thought it was to take place of an SSL Certificate

Now await what Webfaction will do about implementing a CP based solution with Lets Encrypt.


…. texted postive

Offline

#16 2018-08-30 09:03:07

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: http to https in textpattern

bici wrote #313707:

ok. for some reason i thought it was to take place of an SSL Certificate

Now await what Webfaction will do about implementing a CP based solution with Lets Encrypt.

You might have to wait a long time! This method does work, though.


TXP Builders – finely-crafted code, design and txp

Offline

#17 2018-08-30 15:18:53

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: http to https in textpattern

I’m trying to just update my certs using the manual method I’ve been using for WebFaction and getting problems now. When adding the --debug directive, it just spits out tons of lines I can’t make heads or tales of.

The method I’ve been following is Greg Brown’s acme-wf, which isn’t as advanced as the one mentioned below in terms of running the cert requests once for all sites on the same domain, but that doesn’t really bother me.

One thing it says there under ‘Usage, (1)’:

Note you’ll need to set up your site to serve the files in /path/to/webroot/.well-known at http://example.com/.well-known.

I don’t have .well-known anywhere and I don’t remember having to set that up before.

jakob wrote #313717:

This method does work, though.

I’m looking at that, but I don’t even know where to begin. Does anyone have an idiot’s version for someone who’s got expired certs done manually?

Offline

#18 2018-08-31 10:31:44

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: http to https in textpattern

jakob wrote #313717:

This method does work, though.

I’m going to try and get my head around this today. If successful, I’ll draft up my own notes on it. These github resources, from the devs, all make a certain degree of assumptions about what the user of the docs knows or has experience with. It’s not always from there own lens of the world. Layman’s rewrite’s are often appreciated. I certainly do appreciate them. And sometimes that simply means writing simple 1, 2, 3, process with the exact cut/paste commands needed. I can follow that kind of thing.

Offline

#19 2018-08-31 13:12:53

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: http to https in textpattern

Jakob (or anyone who knows),

I think you’ve succeed with the Will-n-Wi method for WebFaction. So far I’m making my way through, but if I may ask…

In the ~/letsencrypt_webfaction.toml config file there’s a number of custom settings that need made. I’m unsure on this one:

[[certificate]]
# The list of domains for which the cert should be issued. The first will be the common name.
domains = [
  "domain.tld",
  "www.domain.tld",
  "sub1.domain.tld",
  "www.sub1.domain.tld",
  "sub2.domain.tld",
  "www.sub2.domain.tld"
]

First, is that [[certificate]] line a placeholder for something I need to change or just a variable marker I can ignore? I think it’s the latter, because further down in the file is a place to add the name= of the ssl cert as existing in the WF dashboard (assuming you want to use the same one), so I’m guessing [[certificate]] is just getting populated by what’s designated in name=?

Second, I’m assuming that’s the correct way to list all sites for a given domain, including the www subdomains if you have it setup that way in the dashboard and are using Class B domain designations? (i.e. no ‘www’).

Third, at bottom of the .toml config file is another place for a ‘second certificate’. I’m guessing that’s only if you had another domain (i.e. domain2.tld). It’s not actually saying I have to create a new cert for each of the subdomains listed above? (I hope not).

Offline

#20 2018-08-31 13:53:26

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: http to https in textpattern

I think this info about updating the LE WebFaction ruby gems answers my first two questions. It shows an example there of what it should look like in the config file:

[[certificate]]
domains = [
  "example.com",
  "www.example.com",
  "test.example.com"
]
public = "~/webapps/myapp/"
name = "mycertname"

So that seems to be what I was expecting.

And now I’m almost positive I don’t need the second [[certificate]] block either, since I’m not working with a second domain name right now.

But, never fear… I have new questions. ;)

First, in the config file again, there’s a block for setting the path to webapp roots, and it gives examples like:

~/webapps/myapp/public_html

My webapps have paths like this, ~/webapps/wion,. So what is this ‘public_html’ thing about? Do I have to put a directory called that in the wappapp root for each site? Scratch that, again the example at top seems to clarify no ‘public_html’ is needed, so the default config file is a little confusing as provided. (And why it pays to write one’s own notes after experimentation.)

Second, moving beyond the config file, the command to generate the certs (test or real) is

letsencrypt_webfaction [cmd] [*args]

Where [cmd] options are init and run. But do I use them both? One or the other? It doesn’t say nor describes either one. I don’t want to just start blasting commands experimentally and blow up my neighbourhood.

Offline

#21 2018-08-31 14:25:57

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: http to https in textpattern

Destry wrote #313741:

letsencrypt_webfaction [cmd] [*args]...

Where [cmd] options are init and run. But do I use them both? One or the other? It doesn’t say nor describes either one. I don’t want to just start blasting commands experimentally and blow up my neighbourhood.

Looking at it closer, I think what it’s saying in the instructions — in not so clear terms — is ‘these are the only to commands, use them both’.

So I tried. The neighbourhood didn’t explode, but…

letsencrypt_webfaction init run
Config file already exists. Skipping copy...
Account private key already exists. Skipping generation...
Your system is set up. Next, edit the config file: run `nano ~/letsencrypt_webfaction.toml`.

I guess that means I need to manually delete all the old/expired certificates from the ~/certificates directory? Becuase as far as I can tell, the config file is now ready to go. Not sure why it’s sending me back there.

Deleting old stuff now.

Offline

#22 2018-08-31 15:05:02

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: http to https in textpattern

Welp, that didn’t work. I’m not allowed to delete the old/outdated cert files.

Might be time to hit up the dev, or WF. I’ve reached the end of my efforts.

Offline

#23 2018-09-02 12:23:51

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: http to https in textpattern

I’ve managed to get through the Will-n-Wi process. The new, sole cert has been updated and all subdomain sites on that domain applied to it. But I’m not seeing any valid encryption on the domain yet. Maybe there’s a propagation wait?

Also, side Q, where is the best place to position custom mod_rewrite rules in the main .htaccess file? Notably rules for ‘www’ class B redirections and http-to-https redirections.

Never mind, I found Jakob’s suggestion from first page, so I have it like this:

...
<IfModule mod_rewrite.c>
    RewriteEngine On

    #RewriteBase /relative/web/path/

    # BEGIN CUSTOM REDIRECT RULES (NOT CORE TEXTPATTERN)
            ## Class B redirection (no "www")
            RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
            RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

            ## Redirect http to https
            RewriteCond %{HTTPS} !=on
            RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    # END CUSTOM RULES
...
</IfModule>
...

Offline

#24 2018-09-02 13:56:17

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: http to https in textpattern

Sorry, I overlooked this. I did start writing some instructions based on your earlier version and Jean-Pol’s and then will-in-wi updated his script and my instructions were outdated before I had finished them. I’ve not updated my own will-in-wi script yet but the earlier version still works as the cron job updated the certificates as of this morning.

Your stumbling block might be that before letsencrypt issues a certificate it tests if a task can be completed on the actual domain (the acme challenge). On my setup it does that via http: (not https:) and you therefore need to ensure the service has access to your .well-known directory before your webapp redirects any incoming requests to https://.

I added this line:

RewriteCond %{REQUEST_URI} !^/?\.well\-known/acme\-challenge

anywhere after `RewriteEngine On` but in the block of lines directly before your redirect from `http` to `https` to allow requests to that directory via http (without s) to go through. For example:

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/?\.well\-known/acme\-challenge
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

I followed webfaction’s instructions and created a static PHP app for the non-secure domain(s) containing just an htaccess file to redirect all requests from http: to https:. All the secure domains point directly to the actual webapp running textpattern. Does that make sense, or should I write out my setup in more detail?


TXP Builders – finely-crafted code, design and txp

Offline

Board footer

Powered by FluxBB