Moving to HTTPS

Well I’ve moved the blogs over to https… it was a bit of a pain and I was really starting to bash my head against the wall with Lets Encrypt’s utilities.

But then I stopped trying to be clever and used

certbot-auto --manual certonly

I then provided a list of the subdomains I wanted to create certificates for and then had to create a response file for each subdomain which was used to validate that I owned the domains.

Once I’d done that and it had created the files I updated my configuration for the blogs and added:

SSLCertificateFile /ewibble/live/blogs.tty.org.uk/cert.pem
SSLCertificateKeyFile /ewibble/live/blogs.tty.org.uk/privkey.pem
SSLCertificateChainFile /ewibble/live/blogs.tty.org.uk/chain.pem

to the configuration file, and

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

to my .htaccess file

and this to the configuration file for the old non-https site:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Then I reloaded my apache config ….

and it all worked!

But of course it didn’t totally work – due to WordPress’s mad idea of embedding internal relative URLs as full urls in some versions of its software.

So I installed the Velvet Blues URL update for Wordress and then spent a happy hour or so going across all the blogs on the site replacing the HTTP based urls for links across the site to HTTPS versions as well

This entry was posted in Computing and tagged , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.