Well I’ve moved the blogs over to https… it was a bit of a pain and I was really starting to bash my head against the wall with Lets Encrypt’s utilities.
But then I stopped trying to be clever and used
certbot-auto --manual certonly
I then provided a list of the subdomains I wanted to create certificates for and then had to create a response file for each subdomain which was used to validate that I owned the domains.
Once I’d done that and it had created the files I updated my configuration for the blogs and added:
SSLCertificateFile /ewibble/live/blogs.tty.org.uk/cert.pem
SSLCertificateKeyFile /ewibble/live/blogs.tty.org.uk/privkey.pem
SSLCertificateChainFile /ewibble/live/blogs.tty.org.uk/chain.pem
to the configuration file, and
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
to my .htaccess file
and this to the configuration file for the old non-https site:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Then I reloaded my apache config ….
and it all worked!
But of course it didn’t totally work – due to WordPress’s mad idea of embedding internal relative URLs as full urls in some versions of its software.
So I installed the Velvet Blues URL update for Wordress and then spent a happy hour or so going across all the blogs on the site replacing the HTTP based urls for links across the site to HTTPS versions as well
