IMPORTANT: There is an updated version of this tutorial available here.
In this quick-start tutorial you will learn how to configure free, auto-renewing SSL certificates for WordPress websites that are hosted on Google Cloud compute engine using the Click-to-Deploy version of WordPress on Google Cloud.
1. Connect to WordPress via SSH
Go to your Google Compute homepage and click the hamburger menu in the upper left-hand corner.Go to your Compute Engine, then to VM instances to access your WordPress installation.Click the SSH button to connect to your website’s server.
2. Install CertBot Client
Now that you’ve connected to your website’s Apache server, you are going to execute the command to install the Certbot client. The Certbot client is used to issue the SSL certificates that will be used later on in this tutorial.
After executing each of these commands, you can either stay in the same SSH window or exit and open a new one.
3. Generate Certificates
In this step you are going to execute the command below in order to tell the Certbot client to create SSL certificates for your website. Remember to replace 1pagezen.com with your own domain name.
After executing these commands, your certificates will be generated. Take note of the directory where your certificates are installed.
4. Configure the Certificates
The next step is to configure your certificates. First, execute the command below to open your default-ssl.conf file for editing.
At the top of the default-ssl.conf file, paste the following lines of code in order to tell your server to direct network traffic to HTTPS port 443.
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
The next step is to use the down-arrow key to scroll down towards the bottom of the default-ssl.conf file. Place a # sign next to the existing snakeoil certificates, and paste the path to your three SSL certificate files as shown in the command below, making sure to replace 1pagezen.com with your own domain name.
After adding this code, enter ctrl+o to save changes, followed by ctrl+x to exit back to your home screen.
5. Enable HTTPS Redirect
The next thing you will do is configure your Apache server to only serve the HTTPS version of your website. To do this, you will edit your wordpress.conf file, which you can access by executing the command below.
Inside of the wordpress.conf file, delete the existing 3 lines of code at the top of the file. Then, copy and paste the code below into the file - remembering to replace 1pagezen.com with your own domain name.
<Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/html/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
After adding the code to your wordpress.conf file, enter ctrl+o to save your changes and ctrl+x to exit the wordpress.conf file.
6. Restart the Apache Server
In order for your certificate changes to take effect, you need to update/restart you Apache server by executing all three of the commands listed below.
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
7. Update WordPress URLs
In your browser, enter the URL (with https://) to your wp-admin dashboard.From your WordPress dashboard, navigate to Settings > General, and replace your current domain name with the https:// version - with or without www. infront. Then, scroll to the bottom of the page and click the Save Changes button.
8. Configure SSL Auto-Renewal
Do you want your SSL certificates to renew automatically? In the following steps you will learn how to configure auto-renewal for your SSL certificates - so let's get started!
The first step in configuring auto-renewal is to use the mv command to move your certbot package into the letsencrypt directory.
sudo mv certbot-auto /etc/letsencrypt/
You can verify that your certbot-auto package has been moved successfully by executing the command ls /etc/letsencrypt/ and seeing if the certbot-auto package appears in that directory.
8.1 Edit Crontab File
Now that you've moved your certbot-Auto package to the /etc/letsencrypt/ directory, the next step is to open your crontab file.
To open your crontab file, execute the following command:
sudo crontab -e
You can open your crontab file by executing the command sudo crontab -e.
8.2 Configure Auto-Renew Script
Now that you've opened your crontab file, the next step is to add a script at the bottom of the crontab file which will execute once per week and will automatically renew the SSL certificates if they are about to expire.
At the bottom of your crontab file, you will enter a script which will tell your server to check for certificate renewals once per week, and to automatically renew the certificates if they are about to expire. After adding the script, save the crontab file by pressing CTRL + X, then Y, then Enter.
For Click-to-deploy or standard Apache users, add the following script:
If you're interested in learning about additional auto-renewal testing methods, check out the full Certbot auto-renewal tutorial here. You may also be interested in boosting your website's performance by configuring Cloudflare's free CDN.
If you run into any issues with your certificates and want to verify that they're configured properly, check out the SSL Checker tool. Also check out this tutorial on how to fix SSL errors.
If you have any questions or comments, please post them below!
Thank you for your support. I created the new website: http://www.orlistat.shop by Click to deploy on Google Cloud. But when I tried to backup and export the file via All-in-on-WP Migration. I got the error: Failed-server problem and I cannot download the file as usual. I think I should modify something in SSH panel but I do not know how to do. Could you please tell me how to do please? Thank you so much for your help Joe
Where are you seeing the ‘failed server’ problem? This isn’t a common issue, so you’ll need to provide addition information regarding the error in order for me to help you troubleshoot.
thank you so much, dude! im so glad http to https is worth it. the first im so confused and failed because i didn’t see i have to change your domain to be my domain. lol
smoking and relax step by step and yeah you can see bro. my blog succes to be https and expired Aug 01, 2021. yeay
sorry, im a newbie about gcp. and then i alwyas go back to this blog for tutorial gcp.
cheers
Thanks for the excellent feedback Candra – I’m glad to hear you were able to get it working!
Mexsays
Thank you so much for your invaluable and comprehensive guides, I followed your guide religiously but getting to the point to restart the apache server with the command ‘sudo service apache2 restart’ only to get the error below.
“Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.”
Awesome tutorial. Works perfect without any error for a WordPress VM on GCP.
But after following all the steps, I still get a Not secure in front of my website. I followed all the steps. Is there a reason you could attribute this to?
It’s probably due to ‘mixed content’ errors. I go over how to fix ‘mixed content’ errors in this tutorial.
Let me know if you have other questions,
Joe
AceoStarsays
This worked perfectly. My only request is please remove the other outdated documenation! As best I can tell, these are the instructions that are required to get Google’s WordPress click to deploy set up under SSL. I spent a lot of time looking at https://onepagezen.com/free-ssl-certificates-wordpress-google-cloud-click-to-deploy/ which did not work for me. As best I can tell, these are meant for the same purpose, but you need to manually set up the certs for this to work.
Very informative article I’ve found!
How can I use Coudflare generated Origin Certificate for Full (strict) SSL in Google Cloud Hosting??
And, when I switch to Full from Flexible, it shows Cloudflare Error 521 Website is down, switching back to Flexible, makes all perfect. What’s the solutions for this? I’ve added Cloudflare IPs to GCP Firewall whitelist and TCP ports also.
Thanks.
If you need SSL on your origin server, I’d recommend installing it separately. I go over the instruction on how to do that in this tutorial.
That being said – if you’re running a blog or any type of website that doesn’t involve transferring sensitive information between the user and your server – then just stick with the Flexible SSL, as it will make your life much easier.
hey i am stuck in a redirect loop, tried many things but not able to figure out. can please guide me step by step to find out the problem.
my domain is drapurvapopat.com
http==>https
https==>https
this is a danger redirect loop i am stuck in .
actually my certificate was expired, i tried to renew it using automatic certbot installment. it showed me a option to redirect all to https and i clicked yes.
i also tried to remove redirect permanent to https but things are not working.
please i am a nontechnical guy (a doctor) please help me
The redirect loops is occuring because you selected the option to configure an additional redirect with the certbot script, even though you’d already configured a redirect as part of step 5 of the tutorial.
To fix the issue, I’d recommend deleting (or commenting out) the redirect that you configured in step 5 of the tutorial.
Hope this helps, and please reach out if you have questions!
Joe
Hollysays
Thank you SOOOO much for this awesome tutorial! This was incredibly helpful. You’re awesome!
The openlitespeed WordPress solution already comes pre-configured with an SSL script that runs when you SSH into the VM for the first time. This script will allow you to configure the certificates, choose your preferred domain name, and setup auto-renewal.
HI, there
thansk for the tutoria, it all went ok upto restarting the apache, i get this error ( I am not a programer, spent last few hours googling the fix but no luck, relly apretiate if you could help. Thanks
“sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.”
and here is the journalctl -xe :
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: Starting The Apache HTTP Server…
— Subject: Unit apache2.service has begun start-up
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun starting up.
Apr 11 15:37:04 salvalacerveza-vm apachectl[13402]: apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error
Apr 11 15:37:04 salvalacerveza-vm apachectl[13402]: Action ‘start’ failed.
Apr 11 15:37:04 salvalacerveza-vm apachectl[13402]: The Apache error log may have more information.
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
— The result is failed.
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: apache2.service: Unit entered failed state.
Apr 11 15:37:04 salvalacerveza-vm sudo[13396]: pam_unix(sudo:session): session closed for user root
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Hi, I have done the setup again by following your newer version how to install tha ssl, all good up to the wp login. Now I get this php code insted of the wp admin interface.
<?php
/**
* Dashboard Administration Screen
*
* @package WordPress
* @subpackage Administration
*/
and so on, ( only pasted here the first few lines.) Any help? Is is due the apache not able to run php.? Thanks a lot for your time.
Jan
In the error message output, there’s a line which states that the error type is a syntax error, and the location of the error: apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error
To fix the error, open your apache2.conf file, navigate to line 225 (if you’re using Nano editor, you can jump to line by typing CTRL + _). Once you’ve located and fixed the error, enter CTRL + X, then Y, then Enter, in order to save the file. Lastly, try restarting your server again.
Let me know if you have questions,
Joe
Allansays
Hi, thanks for the tutorial. My site always got hacked few days after installing the SSL certificates. Is there anyway to avoid it?
I’m sorry to hear that! There are a few things I recommend doing to lessen the impact of your site getting hacked.
The first is to take regular snapshots of your VM instance. Having recent snapshots will allow you to quickly restore your website to it’s original state if it get’s compromised.
The next is to ensure that you have a strong password and two-factor authentication enabled on your Google account. This ensures that, even if the site itself is hacked, you still have access to your account and the resources required to quickly restore the website to it’s original state.
Let me know if you have additional questions,
Joe
Lisbethsays
Thank you very much for this tutorial! You save my site! I was struggling past 24 hours until I reach to your tutorial and finally make it!
I get this error [ Directory ‘/etc/apache2/sites-available’ does not exist ] when im on step 4. Configure the Certificates. Any help would be really appreciated.
My domain name showing external ip address in URL Section and also WP address & Site address section is not showing in my WP (General Setting).
I cant understand what to do…
Hi there! Excellent posts. I used your posts to set up ssl. But am unable to set up the auto renewal.
When I copy paste this command “45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart”, only this part gets pasted “/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart”
Then I manually entered the part that was left unpasted. But there is a slash in the beginning for the command, that is not getting deleted. So, this is the command I entered
“/45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart”
This is the error I am getting
“Error 486 Pattern not found 45 2 * * 6 cd”
I was able to rollback to old setting to make the site live but not able to enable SSL. Do you think if Rewrite rule make any issue when enabling the SSL?
Thanks for your help.
The rewrite rules have the potential to break your website if they’re not configured properly. That being said, the rewrite rules don’t determine whether or not SSL is properly configured, they just allow you to determine how you’d like Apache to route traffic to your server (such as sending traffic to the HTTPS version of your website, for instance).
Which error message are you seeing when you try to access your domain?
Talk to you soon,
Joe
Tikyda Couassi-Blesays
Thanks a lot, a lot, a lot for making this tutorial on how to set up the SSL certificate and how to renew it. I wish you a good day.
It looks like you were able to get the issue resolved, is that correct?
It’s possible that you tried generating the certificate to soon after purchasing the domain, as NXDOMAIN isn’t a typical error.
Hope this helps, and let me know if you have questions!
Joe
alejandrosays
Hi leron!
i have an issue and i canΒ΄t acces to my website i check error.log with this server certificate does NOT include an ID which matches the server name and i canΒ΄t to solve it
Did you change the domain when you executed the certificate issuing command? It not, this is likely what’s causing the mismatch (see step 3 of the tutorial).
Let me know,
Joe
Adisays
Hi Leron,
Thanks for this tutorial. I set up the SSL for my site following this tutorial.
I subsequently converted my installation to multisite. I am using different domains on the subsites. Is there anything I should keep in mind while following the tutorial for the other domains?
You can either use a wildcard certificate for the subdomains (which Let’s Encrypt started offering not too long ago), or you can simply issue the certificate with each of the subdomains listed in the certificate issuing command.
Make sure to check out Bitnami’s multisite documentation, as it gives a pretty good overview of what a multisite configuration would look like with Apache, regardless of whether you’re using their WordPress Multisite solution.
Talk to you soon,
Joe
Eliyahou Malkasays
Hello,
I followed the tutorial and once everything was done my site wasn’t loading, the server was refusing the connection. I see that a few others had the same problem as me.
I found the solution if you can please update your tutorial. You need to allow HTTPS traffic in your firewall directly in your instance. By default it’s not allowed which is why the server is refusing to connect.
I’ve completed all the steps until we need to restart apache and I am getting the following error —
Aug 21 23:24:46 prod-site-vm systemd[1]: Starting The Apache HTTP Server…
Aug 21 23:24:46 prod-site-vm apachectl[29876]: AH00526: Syntax error on line 40 of /etc/apache2/sites-enabled/default-ssl.conf:
Aug 21 23:24:46 prod-site-vm apachectl[29876]: SSLCertificateFile: file ‘/etc/letsencrypt/live/priorityroofs.com/cert.pem’ does not exist or is empty
Aug 21 23:24:46 prod-site-vm apachectl[29876]: Action ‘start’ failed.
Aug 21 23:24:46 prod-site-vm apachectl[29876]: The Apache error log may have more information.
Aug 21 23:24:46 prod-site-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Aug 21 23:24:46 prod-site-vm systemd[1]: Failed to start The Apache HTTP Server.
Aug 21 23:24:46 prod-site-vm systemd[1]: apache2.service: Unit entered failed state.
Aug 21 23:24:46 prod-site-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
~
~
First, navigate to that file in the shell and make sure it actually exists. If it does, open your default-ssl.conf for editing and jump to the line where you added β/etc/letsencrypt/live/priorityroofs.com/cert.pemβ. Now, make sure there isn’t any additional space characters on either side of the 3 lines with the paths to your certificates. If there are extra space characters, delete them. Next, save the file and restart your Apache server.
Be advised that this is a common issue that occurs when space characters are inadvertently added to file paths. Because the system doesn’t know how to interpret them, it throws an error.
Let me know if you have any questions,
Joe
Latishsays
Hi Leron,
I also faced the same error with Apache restart – the website also was not loading at this point.
So, I reverted the changes done in both the .conf files, however my website still doesn’t load.
“Firefox canβt establish a connection to the server at example.com”
Is there an easy way to revert back to the non-SSL state?
You can go backwards through the tutorial to undo the steps, but that probably won’t fix the issue. If it were an issue that could be fixed simply by disabling SSL, then you’d see a different type of error in your Firefox browser.
Keep in mind, to disable SSL for the site you’ll also have to disable the Apache modules that were enabled in step 6 of the tutorial. Additionally, you’ll have to change your WordPress site URLs back to the HTTP version. After you’ve done this, make sure to restart your Apache server.
Hope this helps and let me know if you have questions,
Joe
Latishsays
Thanks, Joe,
Just like you mentioned undoing of the steps did not solve the problem. I additionally undid step 6 too, using these 2 commands:
1. sudo a2ensite wordpress
2. sudo a2dismod ssl
However, it is the apache restart that is failing. Not sure, how it reached this state, or what is causing the error though:
β apache2.service – The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-08-28 05:42:25 UTC; 38s ago
Process: 2271 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Aug 28 05:42:25 wordpress-1-vm systemd[1]: Starting The Apache HTTP Server…
Aug 28 05:42:25 wordpress-1-vm apachectl[2271]: AH00534: apache2: Configuration error: No MPM loaded.
Aug 28 05:42:25 wordpress-1-vm apachectl[2271]: Action ‘start’ failed.
Aug 28 05:42:25 wordpress-1-vm apachectl[2271]: The Apache error log may have more information.
Aug 28 05:42:25 wordpress-1-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Aug 28 05:42:25 wordpress-1-vm systemd[1]: Failed to start The Apache HTTP Server.
Aug 28 05:42:25 wordpress-1-vm systemd[1]: apache2.service: Unit entered failed state.
Aug 28 05:42:25 wordpress-1-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
When an Apache restart fails, it will generally throw a message with an error code attached. In the case, the error and corresponding message is AHOO534: apache2: Consiguration error: no MPM loaded. Copy this text and paste it into Google, and see what resources show up.
I went through the process described above and found a couple of resources on Stack Overflow which described the error as having to do with the correct Apache modules not being loaded – see the following resources here and here.
Hope this helps and let me know if you have any questions,
Joe
Vishal Sanghisays
Hi
Thank you for the such a nice tutorial. I have one problem where my website without www shows clear certificate both main url as well as wp-admin but when I add www in front it says it is unsecure.
It looks like your certicate wasn’t issued correctly – it’s showing it was issued for the development subdomain.
Re-issue your certificate and include first your root domain, followed by the www-version of your domain, followed by all of the subdomains that you wish to add to your certificate.
Hope this helps and let me know if you have any questions,
Joe
Amansays
Thank you, this is an awesome tutorial. I’ve been using your tutorials to move my test site to GCP
However I am stuck on Step #3. This is the command I run:
Check out this link for information regarding the insecure permissions error.
You need to execute the certbot-auto script from the directory which holds your certbot installation. Are you executing the script from the correct directory location?
Let me know if you have questions,
Joe
Amansays
Hi Joe,
Yes, I am executing it in the right directory (installed in the same directory and checked that it is present).
My understanding is that the insecure permissions warning should not hamper step #2?
That’s correct Aman – were you able to get the issue resolved?
Amansays
I did. Thanks for checking.
The problem was silly : the command I copied from your tutorial to my notepad changed the “–webroot” to “βwebroot” (notice the hyphens). Seems macbook notes app changes character encoding.
idesign702@wordpress-1-vm:~$ sudo mv certbot-auto /etc/letsencrypt/
mv: cannot stat ‘certbot-auto’: No such file or directory
idesign702@wordpress-1-vm:~$
omg this tutorial made ssl installation too easy! Thank you so much! A big bonus is that auto renewal cron job. I don’t think I’ll install SSL any other way now.
I just wanted to say thank you for providing this very valuable video. You made it easy for a novice to follow and successfully add an SSL certificate to my website! I can not thank you enough for taking the time to produce this tutorial.
Is there any tutorial for rolling back to previous settings, if someone failed to follow proper guide? I would really appreciate that. I made an error and site is not loading π
Thanks for sharing the article!
I know lots of people (including myself) will be thrilled to have wildcard capability.
I agree that it will be an invaluable tool for WP multisite users!
Best regards,
Joe
Thank you for the tutorial. It has been very helpful. For the last one year I have been running https without any issues. However, it seems my certificates did not auto renew and my site is down view invalid certificate.
I tried regenerating certificates. However, I am getting the following error: –
Error [Errno 12] Cannot allocate memory while executing command python setup.py egg_info
Exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/basecommand.py”, line 215, in main
status = self.run(options, args)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/commands/install.py”, line 324, in run
requirement_set.prepare_files(finder)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_set.py”, line 380, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_set.py”, line 634, in _prepare_file
abstract_dist.prep_for_dist()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_set.py”, line 129, in prep_for_dist
self.req_to_install.run_egg_info()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_install.py”, line 439, in run_egg_i
nfo
command_desc=’python setup.py egg_info’)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/utils/__init__.py”, line 667, in call_subpr
ocess
cwd=cwd, env=env)
File “/usr/lib/python2.7/subprocess.py”, line 710, in __init__
errread, errwrite)
File “/usr/lib/python2.7/subprocess.py”, line 1231, in _execute_child
self.pid = os.fork()
OSError: [Errno 12] Cannot allocate memory
=====================================================
Certbot has problem setting up the virtual environment.
Based on your pip output, the problem can likely be fixed by
increasing the available memory.
Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
Requesting to rerun ./certbot-auto with root privileges…
/var/www/html/ does not exist or is not a directory
google cloud micro-f1 VM, running ubuntu minimal 16 something LTS (configured within google cloud).
Installed wordpress with docker-compose tutorial. WordPress site is running, can add plugins, posts, pages, so it’s ok.
This really helped me a lot and was so straight forward.
But after installing a second website on Google click to deploy, I am having trouble setting up SSLs for that as I get a conflict.
Can you do a tutorial or help me out?
Alternatively, I tried installing a site to a subfolder on the main website, however, I am having trouble pointing a domain to that folder.
Are you using WordPress multisite? If not, I’d recommend doing so if you’re configuring multiple WordPress websites on the same machine.
To do this with Click-to-deploy, it would be more complex, but you could potentially set up separate virtual hosts for each of the WordPress installs and then use a single SSL certificate to handle SSL for each of the domains.
Hello, can someone help me out with this error message I get every time I try to run the Apache restart command. I have tried deleting the instance and reinstalling at least 5 times now, and still no luck. Thank you for your help!
What it first says:
g147190599qru@incki-test-wordpress-vm:~$ sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
Feb 26 04:10:38 incki-test-wordpress-vm sudo[10273]: pam_unix(sudo:session): session opened for user root by g1471
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Stopping The Apache HTTP Server…
— Subject: Unit apache2.service has begun shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun shutting down.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: AH00526: Syntax error on line 43 of /etc/apache2/sites-e
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: SSLCertificateFile: file ‘/etc/letsencrypt/live/inckites
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: Action ‘stop’ failed.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: The Apache error log may have more information.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Stopped The Apache HTTP Server.
— Subject: Unit apache2.service has finished shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has finished shutting down.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Unit entered failed state.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Starting The Apache HTTP Server…
— Subject: Unit apache2.service has begun start-up
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun starting up.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: AH00526: Syntax error on line 43 of /etc/apache2/sites-e
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: SSLCertificateFile: file ‘/etc/letsencrypt/live/inckites
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: Action ‘start’ failed.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: The Apache error log may have more information.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Feb 26 04:10:38 incki-test-wordpress-vm sudo[10273]: pam_unix(sudo:session): session closed for user root
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
— The result is failed.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Unit entered failed state.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
lines 1726-1767/1767 (END)
Feb 26 04:15:17 incki-test-wordpress-vm google-accounts[954]: INFO Adding user g147190599qru to the Google sudoers
group.
Feb 26 04:15:17 incki-test-wordpress-vm google_accounts_daemon[954]: Adding user g147190599qru to group google-sudo
ers
Feb 26 04:15:17 incki-test-wordpress-vm gpasswd[10362]: user g147190599qru added by root to group google-sudoers
Feb 26 04:15:25 incki-test-wordpress-vm google-accounts[954]: INFO Adding user g147190599qru to the Google sudoers
group.
Feb 26 04:15:25 incki-test-wordpress-vm google_accounts_daemon[954]: Adding user g147190599qru to group google-sudo
ers
Feb 26 04:15:25 incki-test-wordpress-vm gpasswd[10378]: user g147190599qru added by root to group google-sudoers
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: Accepted publickey for g147190599qru from 173.194.90.35 port 4
1420 ssh2: ECDSA SHA256:YfwodcWon8peJG2VuhPMo3/Ra3/ysQ9M/dTSHQTCzhc
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: pam_unix(sshd:session): session opened for user g147190599qru
by (uid=0)
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: lastlog_openseek: Couldn’t stat /var/log/lastlog: No such file
or directory
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: lastlog_openseek: Couldn’t stat /var/log/lastlog: No such file
or directory
Hey Joe,
I went through all the steps and got stuck when i left the ssh console. When I try to access my site or the site admin panel using http or https, the connection times out. I have https traffic allowed. I’m not sure how to proceed. Thanks for any help.
Thanks for this awesome tutorial!
One important note – this caused me lots of headache.
When you generate the Certificates, it tells you which files were created. For example:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mysite.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mysite.com/privkey.pem
Your cert will expire on 2019-05-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
—-
The files here are what must be pasted in step 4!
You have 3 files, but certbot only created two for me.
This caused Apache to not restart and the site to do down.
Firstly, let me say thank you for the amazing tutorial.
I’m just having an issue with my website. It says https://www.sytes.co.uk/ so I know the SSL must be active, but for some reason it’s saying “Your connection to to this site is not fully secure” (I am using Google chrome)
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for midiaaqui.com.br
http-01 challenge for http://www.midiaaqui.com.br
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. midiaaqui.com.br (http-01): urn:ietf:params:acme:error:connection ::
The server could not connect to the client to verify the domain :: Fetching https://www.midiaaqui.com
.br.well-known/acme-challenge/QavMwG3xYpIzXrWJfN-xRgv3SnBqgWpydS6aRiar9N0: Error getting validation d
ata, http://www.midiaaqui.com.br (http-01): urn:ietf:params:acme:error:connection :: The server could not co
nnect to the client to verify the domain :: Fetching https://www.midiaaqui.com.br.well-known/acme-cha
llenge/iSQdhrVO68dwzwxUK7B3-04XDcrukUAs8OPICqz5s-c: Error getting validation data
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: midiaaqui.com.br
Type: connection
Detail: Fetching https://www.midiaaqui.com.br.well-known/acme-challenge/QavMwG3xYpIzXrWJfN-xRgv3SnBqgWpydS6aRiar9N0
:
Error getting validation data
Domain: http://www.midiaaqui.com.br
Type: connection
Detail: Fetching https://www.midiaaqui.com.br.well-known/acme-challenge/iSQdhrVO68dwzwxUK7B3-04XDcrukUAs8OPICqz5s-c
:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Your server is attempting to use HTTPS without a valid certificate – which is what is causing the error. In order to validate your domain, certbot sends a request to your domain – and if it can’t access your domain (which it can’t in this case due to the HTTPS error), then certbot will throw an error.
To fix this problem, you need to remove the HTTPS redirect (the three lines of code toward the top of the wordpress.conf file which start with ServerName), which were added in step 5 of the tutorial. Next, you will have to uncomment the snakeoil certificates, and comment the SSL certificates – basically a reversal of the second part of step 4 of the tutorial. After doing this, try to run the certificate issuing command again.
I have not tested this tutorial with runcloud – but it’s possible that other users have.
Vishal Sanghisays
This is simply awesome. I have learnt many things for all your tutorials. Thanks a lot for sharing this. I am able to do the configuration of three SSLs on the single IP with this tutorial. Thanks again.
Just wanted to check what is validity of this SSL and is auto renew is compulsory to do.
The certificates are valid for three months, and configuring auto-renewal is not compulsory; you can simply ‘cd’ into the directory that contains ‘certbot-auto’ and execute the following command to run the auto-renewal script:
sudo ./certbot-auto renew
Let me know if you have any questions,
Joe
Aeisays
Hey, great tutorial, just kind of stuck
getting an error when trying to restart
Jan 31 03:46:56 bhp-wp-vm apachectl[5857]: apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax e
Jan 31 03:46:56 bhp-wp-vm apachectl[5857]: Action ‘start’ failed.
Jan 31 03:46:56 bhp-wp-vm apachectl[5857]: The Apache error log may have more information.
Jan 31 03:46:56 bhp-wp-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Jan 31 03:46:56 bhp-wp-vm sudo[5851]: pam_unix(sudo:session): session closed for user root
Jan 31 03:46:56 bhp-wp-vm systemd[1]: Failed to start The Apache HTTP Server.
I opend /etc/apache2/apache2.conf: Syntax e but not to sure what the syntax should be
There is a syntax error on line 225 of your apache2.conf file.
To fix the problem, open the apache2.conf file, then jump to line 225 by following the instructions here. Then, identify the syntax error, save the file, and restart Apache.
Hope this helps and let me know if you have questions,
Joe
There were multiple comments on this date which referenced this issue. It looks like it was a temporary issue with Certbot; were you able to get the issue resolved?
Hello sir,
Thank you so much for helping me
when i add ./certbot-auto certonly –webroot -w /var/www/html/ -d trendsdoor.com -d http://www.trendsdoor.com
i get error
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
It looks like you were able to get the website working – what was your solution? I am asking because I’ve seen a couple of recent comments from users with the same issue.
xception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/cli/base_command.py”, line 176, i
n main
status = self.run(options, args)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/commands/install.py”, line 393, i
n run
use_user_site=options.use_user_site,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/__init__.py”, line 57, in ins
tall_given_reqs
**kwargs
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 919, in
install
use_user_site=use_user_site, pycompile=pycompile,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 445, in
move_wheel_files
warn_script_location=warn_script_location,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 583, in move_whee
l_files
outrows = get_csv_rows_for_installed(reader)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 565, in get_csv_r
ows_for_installed
for fpath, digest, length in old_csv_rows:
ValueError: too many values to unpack
=====================================================
If the green lock is disappearing on certain pages – that may be caused by insecure content errors. Check out step 1 of this tutorial on how to resolve insecure content errors.
i followed all your instructions to this stage of command sudo nano /etc/apache2/sites-available/wordpress.conf to edit the wordpress.conf file but the problem i have is confusing because in your tutorial after executing the command its suppose to come up with three lines of code to be deleted but on my server i have more than three lines making it difficult to identify the files for deletion. I dont want to mess things up since i cant identify the lines to be deleted how can you help.
First of thanks for such great and helpful tutorials, who have made our life very easier, especially of a guy like me who doesn’t know much about this stuff.
Here’s one problem, i have recently migrated my website http://www.palbrosinfotainment.com which i transferred from a free hosting site to GCP after watching your tutorial last year in mid of 2018.
few days ago, my free tier plan had got exhausted and then i had to migrate my website from their. i have again signed up for GCP(With someone else’s details :)).
I watched somebody’s video on youtube about how to migrate manually with help of duplicator plugin. i followed all the steps that were shown in the video and now i am able to access my website.
But this time there are few problems that i am facing.
1. i followed all the instruction for SSL certificate that you told in the tutorial and i received success messages also during installation time but my website is still showing unsafe http.
2. There are few plugins on my website which when i am trying to delete not getting deleted , getting server busy and try later error.
I am in serious need , don’t know what has happened and how to solve it.
The placeholder certificates exist in the Bitnami WordPress stack – which makes me think you may have used the wrong tutorial. Configuring SSL for the Bitnami version of WordPress on Google Cloud is an entirely different process than Click-to-deploy.
The configuration files are the files that end with the .conf extension – they are edited several times throughout the tutorial.
Hope this helps and let me know if you have any questions,
Joe
First of all thanks a lot for these prompt responses, are really helpful.
Actually i have commented on this tutorial page but actually i had followed bitnami one only(the one you have suggested).
I again followed the same process, skipped step no.6 as recommended on the website. There is one step in the tutorial when we have to replace two instruction in wordpress configuration file, i saw the instructions were already the correct one their.
I must tell you that i am also using one plugin on this site that is Really Simple SSL could that be the reason, i thought and then i uninstalled that but still nothing changed my site is still not reflecting HTTPS.
Hello there! Thank you for your tutorials.
I got the following error after on Step 6, trying to restart the apache server
gguerrab@wordpress-1-vm:~$ sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
I tried to find solutions and ran the following commands:
sudo apt-get -o DPkg::Options::=”–force-confmiss” –reinstall install apache2
You will have to check either βsystemctl status apache2.serviceβ and βjournalctl -xeβ for details on what caused the error. To do this, execute the following commands:
systemctl status apache2.service
journalctl -xe
Also, the four commands that you executed in attempt to fix the problem likely broke the system configuration beyond repair. I would recommend restoring the website from a backup if you have one available. Otherwise, you’re in for a long troubleshooting journey ahead.
Thanks for the tutorials they are very useful. I completed the SSL steps but can only access mysite/wp-admin using unsafe mode in Chrome. It is showing as not secure and if I try without safe mode I get ERR_CERT_COMMON-NAME_INVALID. Did I miss something?
Thanks Jennifer – glad to hear you were able to get the certificates working!
Lyon Yesays
Hi Joe,
I restore my Joomla websites under /var/www/html folder, as per your instruction, when go to sudo nano /etc/apache2/sites-available/ I only find 3 files, 000-default.conf, default-ssl.conf, and lamp-server.conf, which file will I edit and add the following code?
These instructions have only been tested with the WordPress Click-to-deploy solution. Try using the generic Certbot/Let’s Encrypt installer available here. Select your server (Apache), as well as your operating system, which you can find on your solution’s deployment page.
Let me know if you have questions!
Joe
Amir El-Goharysays
Hello Leron,
I did all the steps, but I have this error on the browser:
This site canβt be reached
And this error in the SSH “Important Notes” after writing this command, ./certbot-auto certonly –webroot -w /var/www/html/ -d 1pagezen.com -d http://www.1pagezen.com
I’m not sure what the issue is, but it likely has to do with your DNS configuration.
First, make sure that your website is accessible via HTTP using your domain name. It needs to be working beforehand, as it is required as part of Certbot’s domain validation process.
Further, do a Google search for “DNS problem: SERVFAIL looking up CAA” – I recently performed this search and found plenty of resources from Let’s Encrypt with instructions on how to fix the error.
Let me know if you have questions,
Joe
Avi Zsays
Hello,
We followed your instructions to the T, confirmed that everything was done correct, however when done we cannot access the site. We get an error saying “This site canβt be reached” on the web browser.
When checking the ssl on sllhopper, the site is resolved however it notes
“No SSL certificates were found on ourmily.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.’
We truly do not know how to proceed.
The only installation different was that we installed the one click multisite installation of wordpress through the market place.
Any help would be appreciated.
Verify that your instance is allowing HTTPS traffic.
Go to your VM instances dashboard. Click on your instance. Next, click the βEditβ button at the top of the page, then scroll down toward the bottom of the instance settings and make sure that the box that says βAllow HTTPS Trafficβ is checked. Then click the βSaveβ button at the bottom of the page.
Let me know if you have questions,
Joe
Jesse Clevengersays
I’m glad i found this comment. I didnt have the https box checked. Thank you for the tutorial!!!
I ran into a problem though. I tried command to restart Apache server and got the following message:
sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
I am not sure what this all means. I went ahead and restarted VM, but now can’t access website at all. I can’t access WP admin by ip either. Please advise, what can be done.
Your advise led to clues, which I was able to fix. Thank you.
Now I have an issue with 301 redirects from http to https. I did follow your instructions from 301 redirect article, but no luck. If you visit inetcrypto.com, it will take you to a non secure site.
The HTTP to HTTPS redirection is handled by the following directive from step 7 of the tutorial:
Redirect permanent / https://www.1pagezen.com/
The 301 redirect article is for re-routing pages/assets that have been deprecated – it’s not for configuring HTTP to HTTPS functionality for your web server.
Regarding your website, everything appears to be working fine. I noticed some ‘mixed content’ errors in the console, which I go over how to fix in step 1 of this tutorial. Regarding the menu links not working – check out this tutorial; you may have to update your WordPress menu links through the WordPress dashboard.
When i try create certificat i have error message :
Replacing certbot-auto…
Saving debug log to /var/letsencrypt/log/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for http://www.yopbox.com
http-01 challenge for yopbox.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. http://www.yopbox.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the cl
ient to verify the domain :: Fetching http://www.yopbox.com/.well-known/acme-challenge/D38oUe4qPEV6XeeBcTXSvL-v6lz8KDmLLkqvSiSyovc: Conne
ction refused, yopbox.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the do
main :: Fetching http://yopbox.com/.well-known/acme-challenge/tIXmO59nUVpaO099rLk19ExsnyVtG42qhUXO1ghKBTE: Connection refused
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: http://www.yopbox.com
Type: connection
Detail: Fetching http://www.yopbox.com/.well-known/acme-challenge/D38oUe4qPEV6XeeBcTXSvL-v6lz8KDmLLkqvSiSyovc:
Connection refused
Domain: yopbox.com
Type: connection
Detail: Fetching http://yopbox.com/.well-known/acme-challenge/tIXmO59nUVpaO099rLk19ExsnyVtG42qhUXO1ghKBTE:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Can you help me please ?
My website is offline π
Hello Joe,
Thank you for the tutorial video. After I followed and complete the your guideline steps, I tried to sign in “https://trendyls.com/wp-admin”. But, I couldn’t sign in the WP front end. It does not recognize the user name and/or password.
If you migrated the site using the All-in-one WP Migration plugin, the password will be your original WordPress password – not the new one. If you didn’t migrate the site, open the GCP sidebar menu and navigate to Marketplace > Your Solutions, then click on the WordPress solution that you deployed: the username and password will be listed therein.
Yes. I did migrate the site using the All-in-one WP Migration plugin. I have tried the password my original WordPress password again, but it did not take it.
It didn’t recognize either the import site or export site passwords after the migration. I seeked the support team from All in One Migration for help . The Support Tech sent me an adminer.php and have it uploaded to the root directory. I enabled to sign in the WP admin after that. Now, it couldn’t let me sign in after the completion of creating SSL certificates for the site. I have tried all the passwords that I found. Please give me any suggestions. Thank Tom
The issue is solved. I can sign in WP-Admin now. I have the Tech Support from All in One Migration sent me the reset password (adminer.php) file.
Thank you for your help.
Tom
Hi. Thanks for the great tutorial. Got my site secure.
I have one issue though. Some of the pages (the homepage) show the full padlock on chrome and says ‘Connection is Secure’, however some of the other pages (how it works) show the exclamation point on chrome and says ‘Your connection to this site is not fully secure’. Suggesting that the images are not secure.
Those are likely ‘mixed content’ errors. They are very common and occur when your website is using image links with an http:// instead of https:// prefix. I go over how to fix mixed content errors in step 1 of this tutorial.
On the Cerbot website, it says: “Since Certbot is packaged for your system, all you’ll need to do is apt-get the following packages. ”
And, “Certbot has an Apache plugin, which is supported on many platforms, and automates certificate installation. Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. ”
My question is, is the method recommended by Certbot a better method? It has a lot less steps and also doesn’t require any manual editing of server configuration files.
Also, will the changes we make to default-ssl.conf file, for example, not be overridden during an update/upgrade?
I haven’t tested that method with Bitnami, but it should work just fine with Click-to-deploy. That being said, I can’t vouch for the auto-renewal configuration.
Also, I haven’t had any issues with default-ssl being overwritten after an upgrade.
If you give the install a try, let me know how it goes.
It worked fine, Joe! I can’t thank you enough for the tutorials – you have helped me and many others immensely and may you be blessed in abundance for that!
Use this workaround to temporarily force-change your URLs in order to access your dashboard again.
Let me know if you have questions,
Joe
Zansays
Hi,
I try to follow your instruction:
./certbot-auto certonly –webroot -w /var/www/html/ -d 1pagezen.com -d http://www.1pagezen.com (change domain name)
I get this message:
Requesting to rerun ./certbot-auto with root privileges…
Upgrading certbot-auto 0.27.1 to 0.28.0…
Replacing certbot-auto…
/var/www/html/ does not exist or is not a directory
/var/www/html is the webroot of the Click-to-deploy version of WordPress on GCP. This directory doesn’t exist in the Bitnami version.
If you can’t locate the directory, check out this tutorial of Linux commands, including commands for navigating your system’s directories.
Let me know if you have questions,
Joe
Alexsays
I have this problem as well. I used the click to deploy WordPress version, not the bitnami and I am unable to find the /var/www/html directory even after searching around in the shell with the directory commands.
Did something change perhaps in the click to deploy image after this blog post?
I just deployed a Click-to-deploy image and the /var/www/html directory does exist. To test this, SSH into your instance and run the following command:
cd /var/www/html
If this doesn’t work for you, it’s possible that you deployed the wrong image. When you first deploy the WordPress Click-to-deploy image from the Google Cloud Marketplace, make sure that you deploy the Click-to-deploy ‘virtual machine’ option, and not the container option.
To further elaborate, if you do a search for ‘WordPress Click’ in the Google Cloud Marketplace, you will see several WordPress Click-to-deploy options: they are all different. You need to deploy the ‘virtual machine’ option.
Let me know if you have any questions,
Joe
Alexsays
I figured out the issue. D’oh on my part. I am using the correct Click to Deploy version of WP, however i was in the wrong SHELL somehow.
If you click the dropdown on the SSH button on the instance page, and choose open in new window, you get to the right spot where the commands work.
However, if you choose “view gcloud command” it’s opens up in the bottom pane of the window in a gcloud shell CLI environment. I was typing in all the commands successfully up until it couldn’t find that directory in the cloudshell CLI. Very confusing that you end up in 2 different environments. Perhaps the cloud shell is the hypervisor layer, and the other brings you directly inside the debian image OS. Not quite sure, but that solved things for me. Maybe that will help others who ran into the same issue and are definitely using the right click to deploy version.
Victorsays
The tutorial was very objective and helped me a lot, thank you for sharing! Great work!
hi joe. can you assist me step by step how to install DV ssl from CA? i assume that i just need to upload the 3 file and it will be jump to step 4 of your tuts. am i correct? also what is the command line for searching the path of the file that i just uploaded? by the way, your tuts is very helpfull on my first project. this is my second project on GCE. thank you so much.
You are correct about the process. I had a similar question which I just recently answered – you can view it here.
I’m glad the tutorials have been helpful, and please reach out if you have any questions,
Joe
Subhadeep Kolaysays
Hello, Along with the domain I purchased the SSL certificate in Namecheap. I am using WordPress click to deploy in compute engine. I have updated the name server, my site is running. Since I already have an SSL certificate how can I add my existing certificate to my WordPress site in compute engine. Please help me out.
Start at step 4 of the tutorial after you’ve uploaded the NameCheap certificates to your server. The upload can be done via FTP, which I cover in this tutorial.
Also, when you add the certificate file paths to your default-ssl.conf file in step 4, you will need to make sure that the file paths accurately reflect the correct paths to the NameCheap certificates on your server, not the path to the Let’s Encrypt certificates.
Joe, I have walked through the steps successfully four times but I am during step 3 (Generate Certificates) on the first command it errors out as such:
——————————————-
Error:
Creating virtual environment…
Installing Python packages…
Traceback (most recent call last):
File “/tmp/tmp.6cVBam4RAz/pipstrap.py”, line 184, in
exit(main())
File “/tmp/tmp.6cVBam4RAz/pipstrap.py”, line 165, in main
for path, digest in PACKAGES]
File “/tmp/tmp.6cVBam4RAz/pipstrap.py”, line 120, in hashed_download
response = opener(using_https=parsed_url.scheme == ‘https’).open(url)
File “/usr/lib/python2.7/urllib2.py”, line 437, in open
response = meth(req, response)
File “/usr/lib/python2.7/urllib2.py”, line 550, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib/python2.7/urllib2.py”, line 469, in error
result = self._call_chain(*args)
File “/usr/lib/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 656, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File “/usr/lib/python2.7/urllib2.py”, line 437, in open
response = meth(req, response)
File “/usr/lib/python2.7/urllib2.py”, line 550, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib/python2.7/urllib2.py”, line 475, in error
return self._call_chain(*args)
File “/usr/lib/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 558, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 503: Backend is unhealthy
I ran a test for your certificates and it appears that they’re configured correctly.
The only issue I notice when I visit your website are some insecure content errors, which are a front-end problem and are unrelated to your server configuration. Check out this tutorial here where I go into details on how to address insecure content errors.
I think I found a solution to my earlier comment. It’s not at all perfect because the “green lock” is still not showing – that’s another thing I’ll have to resolve. But at least my site is now loading *yey!*.
I had to create a firewall rule (this step has been flashing all along on my Deployment Manager home):
Open HTTPS traffic
This firewall rule is not enabled. To allow specific network traffic from the Internet, create a firewall rule to open HTTPS traffic for target tag “xxx-tcp-443”. Learn more
If you are using Google Cloud SDK, type the following command in the terminal (provided):
This solved my initial problem… Your tutorials btw made my wordpress migration to GCP a smooth ride, thank you so much!
Thanks for brining this to my attention! I appreciate you sharing your solution, as it brings an important issue to to my attention.
In step 2 of this tutorial, it’s necessary to check the two firewall boxes to enable both HTTP and HTTPS traffic. I realize that these boxes are left unchecked by default, so I will revise the tutorial to emphasize their importance.
Hi,
I tried the steps but failed in #7. I couldn’t open my site anymore. I tried modifying wp-config.php directly to replace ‘WP_SITEURL’ and ‘WP_HOME’ to point to https instead of http. And then moved it back to http because it still didn’t work. Kept on restarting apache for every file change I make… still not successful. The error I got from the error.log is “server certificate does NOT include an ID which matches the server name.”
Is there anything that I’m missing? Please help… Thank you!
I am getting this error and I don’t know what I did wrong.
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
I went to the details and it is give me this:
Nov 01 17:26:02 elev8-vm apachectl[494]: AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/default-ssl.
Nov 01 17:26:02 elev8-vm apachectl[494]: SSLCertificateFile: file ‘/etc/letsencrypt/live/elev8expo.com/cert.pem’ doe
Nov 01 17:26:02 elev8-vm apachectl[494]: Action ‘start’ failed.
Nov 01 17:26:02 elev8-vm apachectl[494]: The Apache error log may have more information.
Nov 01 17:26:02 elev8-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Nov 01 17:26:02 elev8-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
— The result is failed.
Nov 01 17:26:02 elev8-vm systemd[1]: apache2.service: Unit entered failed state.
Nov 01 17:26:02 elev8-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Nov 01 17:26:02 elev8-vm sudo[487]: pam_unix(sudo:session): session closed for user root
Nov 01 17:29:28 elev8-vm sshd[525]: Invalid user staff from 91.121.90.133 port 35276
Nov 01 17:29:28 elev8-vm sshd[525]: input_userauth_request: invalid user staff [preauth]
Nov 01 17:29:28 elev8-vm sshd[525]: Received disconnect from 91.121.90.133 port 35276:11: Normal Shutdown, Thank you
Nov 01 17:29:28 elev8-vm sshd[525]: Disconnected from 91.121.90.133 port 35276 [preauth]
Can you help me fix it my site is not working right now?
The first section of the error message indicates that there is an error with your certificate configuration:
AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/default-ssl and SSLCertificateFile: file β/etc/letsencrypt/live/elev8expo.com/cert.pemβ doe
This type of error is common, and unfortunately there can be multiple causes. Below are a couple of solutions to try:
1. Open your default-ssl.conf file again (sudo nano /etc/apache2/sites-enabled/default-ssl.conf) and scroll down to the line with your SSL certificate file listed SSLCertificateFile:/etc/letsencrypt/live/elev8expo.com/cert.pem and make sure there are not space after any of the 3 certificate-file lines. If there are, use the backspace button on your keyboard to remove the excess spaces. Save the file and restart Apache.
2. Change the owner or permission level of your cert.pem file to see if that’s causing the error. You can change the permission level by running the following command:
Let me know which (if any) of these solutions work for you.
Thanks,
Joe
Taylorsays
I got through the main setup process, but ran into a snag with your instruction for auto-renewal.
Typing in “sudo mv certbot-auto /etc/letsencrypt/” to the SSH console genrates the response “mv: cannot stat βcertbot-autoβ: No such file or directory”
The file was named certbot-auto.1 because you had more than one certbot installation in that directory at some point. The solution is to rename the file to ‘certbot’ by running the following command:
sudo mv certbot-auto.1 certbot-auto
After you’ve renamed the file using the above command, try moving it again:
sudo mv certbot-auto /etc/letsencrypt/
Good luck,
Joe
Taylorsays
I executed the name change command, but hitting enter just re-shows the starting prompt.
Again I tried the ‘sudo mv certbot-auto /etc/letsencrypt/’ command and received:
‘mv: cannot stat βcertbot-autoβ: No such file or directory’
Ok – so what is the output when you run the ls command?
Taylorsays
I should also add – this was a TOTALLY new google cloud setup, the only thing we did prior to going through this SSL setup was to execute the one-click install WP VM instance.
This said, there would be no reason for an existing cerbot scheme to already exist or have any additional configuration settings.
JCsays
Thank you this absolutely helped me!
I am new to cloud hosting and it’s people like you that makes it easier and possible to enter a new market.
Just one question I have that I don’t seem to find, we have SSL up now but that is not http/2, how do we enable HTTP/2 does that enable with load balancing?
I am getting the following code when trying to restart the server. This happens after editing the wordpress.conf file.
”
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
”
i am stuck and https isn’t working may be because of
sudo nano /etc/apache2/sites-available/wordpress.conf
under this command
i haven’t found VirtualHost tag
where i can put following command…
Thank you for reply.
there is a issue with database connectivity after some days as you told to Kawish see below for reference,can you make another video as per with updated Click to deploy.
I have a question (that maybe you have already answered in another tutorial, but this is the one I keep coming back to so I figured it might be useful to know here for others.) This setup works wonders for how I have my website. I have moved to virutal hosting multiple sites under one instance. It seems that the last site I create the SSL certificate for trumps all others and everything starts to point to that folder instead.
I would recommend adding all of your websites to a single certificate file, then configuring each site to use the same certificate. This will use less resources if you run a job to automatically renew the certificates.
Regarding everything pointing to the new folder, this is an issue with your server configuration and is likely not related to the certificate itself.
I didn’t even consider that as a possibility! I ran it once with my first domain I was testing, then ran it again with the second domain. So when I try the first domain (without typing httpS) it starts to redirect to the secure version and tells me that there’s a security issue… then tries to point to the second domains URL. So I configured my SSL setup is in correct. I am guessing that I can just -d domain1.com -d domain2.com to set everything up?
Yes – it will simplify your configuration quite a bit. If you have numerous domains and subdomains, your certificate issuing command would be (replace example.com with actual domain name):
I just realized though, it would require /var/www/html/domain -d domain1.com /var/www/html/domain2 -d domain2.com though right? Are you able to do additional paths for that? I would guess having it at the root domain (/var/www/html/) would cause all types of issues .
The webroot location that you include in the certificate issuing command is used for the purpose of validating your domains each time a certificate is issued/renewed. The correct syntax for issuing a certificate for multiple domains/subdomains in separate directories on a single instance is discussed in this Let’s Encrypt thread – for example:
Thank you for the great tutorial.
Honestly, I wasn’t expecting it to be that complex… I don’t know why I was even expecting the SSL certificate would be magically available “by default”… well, maybe I’m just a newbie.
I follow the first tutorial I found on the youtube channel at: https://www.youtube.com/watch?v=qEgTUL5ZLV4. Crucially, before realize there was a new tutorial, I followed the old one to the point of installing “git”… Curiously, when I’ve entered the “sudo -i” command, first I get a series of text with an error, but when i’ve enetered again, it magically “root” me. However, in this new tutoria I’ve discover that I don’t need to log in as root.
However, after following to the letter the instructions above… of course the site went offline! π
I’ve recheck carefully everything, enter as root administrator again and cancel git.
Currently, my site is still offline. The issue seems to be a mismatch in the servername given on the first line of the code to add to the WP config file. I’ve tried to edit it into different versions (http://, with and without the “www”), but Apache server won’t restart: I get this error:
“Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.”
Using “journalctl | tail”, I got:
“Sep 29 23:00:11 wordpress-1-vm systemd[1]: Failed to start The Apache HTTP Server.
Sep 29 23:00:11 wordpress-1-vm systemd[1]: apache2.service: Unit entered failed state.
Sep 29 23:00:11 wordpress-1-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Sep 29 23:02:26 wordpress-1-vm sshd[11122]: Invalid user pi from 211.43.127.239 port 34952
Sep 29 23:02:26 wordpress-1-vm sshd[11122]: input_userauth_request: invalid user pi [preauth]
Sep 29 23:02:26 wordpress-1-vm sshd[11124]: Invalid user pi from 211.43.127.239 port 34954
Sep 29 23:02:26 wordpress-1-vm sshd[11124]: input_userauth_request: invalid user pi [preauth]
Sep 29 23:02:26 wordpress-1-vm sshd[11122]: Connection closed by 211.43.127.239 port 34952 [preauth]
Sep 29 23:02:26 wordpress-1-vm sshd[11124]: Connection closed by 211.43.127.239 port 34954 [preauth]
Sep 29 23:02:56 wordpress-1-vm google-accounts[895]: INFO Removing user astrogim.”
Which sounds like something frigging serious… don’t it? This is, pretty much, as far as I can go with my limited understanding of Linux and command line. So, hear my message:
Who is user pi? Is that your Linux user? It looks like the permissions for the user aren’t configured correctly. Check out this thread here for more information and a potential solution.
Let me know if you have any questions,
Joe
Nolan Ausays
Followed the step on second time and successfully added SSL on my wordpress site.
Can you assist me in resolving the error below, after following the steps outlined, I tried to test the certificate and received the following error:
Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests
Try these other domain names (extracted from the certificates):
click-to-deploy-5b8e9883-8711-a22c-e510-224be2229225.c.cloud-marketplace-ops.internal
What does this mean?
We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It’s possible that:
The web site does not use SSL, but shares an IP address with some other site that does.
The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
The web site uses a content delivery network (CDN) that does not support SSL.
The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
The server is showing a dummy certificate that came pre-installed with the software stack.
If the domain name is an alias for another website, then the domain alias should be added to the SSL certificate for the primary domain on the ‘other’ (main) website’s server. In this particular instance, the ‘SSL checker’ is still picking up on the dummy certificates – which indicates that the SSL certificates haven’t been added to your configuration file (wordpress.conf).
I would recommend checking out this section of the Apache docs for information about configuring separate virtualhosts in order to serve content from multiple domains under a single IP Address.
I followed the steps and now I can’t pull up the home page for my website, is there any way for me to delete the SSL Certificate and start over from the beginning?
You can place a # symbol to the left of the certificate files in order to ‘deactivate’ them. You will also need to add the # symbol next to the https redirect at the top of the .conf file. You will also need to change your WordPress URLs back to http on your settings page.
Unfortunately the Click-to-deploy stack was updated recently, and there have been some major changes. I am going to have to update the tutorial.
In the meantime, try pasting the code from this comment into your wordpress.conf file. After pasting the code, remember to change the lines with the domain names from 1pagezen.com to your own domain name.
After doing that, save the file and restart apache:
Hi I need help with Nginx configuration. I am using nginx google click to deploy vm instances. Certificates have been generated but need help with configuration
Hi. I am using this command: sudo nano /etc/apache2/sites-available/wordpress.conf
But am getting only this appearing. Can you advise please? This is preventing me from completing step 7. I used this tutorial once before in the exact way and had a positive outcome.
The stack is different from when the tutorial was first created. I am going to have to update it.
Check out this comment regarding the lines of code that should appear in your wordpress.conf file. Try copying and pasting those lines into the file, making sure to use your own domain name in the three redirect lines.
Please let me know if this works.
Thanks,
Joe
Prakashsays
Hello , Thanks for giving tutorial , all command was work but problem is ,Not able to start apache2 server i am getting error msg .
“root@wordpress-1-vm:/etc/letsencrypt# sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
root@wordpress-1-vm:/etc/letsencrypt# ”
I encountered the same issue and tried these commands but still encountered the same error. My site currently gives “ERR_CONNECTION_REFUSED.” Any ideas to get past this hurdle? This tutorial has been great so far!
after runing this coomand
sudo apachectl configtest
i get
AH00526: Syntax error on line 7 of /etc/apache2/sites-enabled/wordpress.conf:
Redirect takes one, two or three arguments, an optional status, then document to be redirected and destination URL
Action ‘configtest’ failed.
The Apache error log may have more information.
The configtest is used to determine whether your Apache configuration is correct before restarting your server.
In this case, there’s an issue with one of the directives on the 7th line down in your wordpress.conf (this could be a typo or it could be incorrect formatting). Feel free to respond to this message with the existing directives in your wordpress.conf, and I will help you debug.
You write wonderfully concise instructions. The level of detail is always spot on to not digress into things not important to the steps. The video is just icing on the cake.
I have used many of your instructions to great effect but was very concerned about this change and the number of steps involved. It worked perfectly (three times for three sites).
I’m glad the tutorial has worked for you. I will be working on improving the tutorial in the next few weeks, so hopefully it will be even better the next time you use it.
Talk to you soon,
Joe
Eli Malkasays
Hey I would appreciate some help on the last part (HTTPS Redirect).
I have the same the same problem as the person below me. I did everything correctly step by step twice (Deleted VM and did it again) and it’s still the same result.
I entered “sudo nano /etc/apache2/sites-available/wordpress.conf” and this is what I got. https://imgur.com/a/9JKD72y
My website works perfectly fine.
I did what you suggested by switching to root and entered both of the commands below and I got the same result as the first one.
I just created a new Click-to-deploy instance and it appears that there were changes to the wordpress.conf file, as I’m seeing the same thing that you are.
Try adding a # symbol to the left of each of the three lines of code in the file in order to deactivate them. Then, add the code following code snippet:
<Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/html/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Also, remember to replace 1pagezen.com with your own domain name (in the code snippet). I haven’t tested this yet, so please let me know if it works. Remember, you will have to restart Apache for the changes to take effect.
Regarding browser caching, I don’t have a tutorial on the subject yet but hope to in the near future.
Thanks and looking forward to hearing from you soon,
Joe
Eli Malksays
Thank you for your quick reply but I found an easy solution. I found a plugin called “Really Simple SSL” that instantly moved my entire site to SSL π
Hi Leron
Thank you very much for your really helpful tutorials!
I had the same problem and couldn’t access my site because of too many redirects. So I copied and pasted the above code for the wordpress.conf file.
Very important: You then have to restart Apache! I know, you mentioned it, but I want to make it clear here in the comment to help others with the same problem.
Probably I know my mistake. When I executed this comment line, “sudo nano /etc/apache2/sites-available/wordpress.conf” I mistakenly changed “wordpress” term with my website domain name “kagitkarton”.
And when I execute sudo -i and then following comments, again this statements appear:
Options -Indexes
I also record a screen video and I am adding the ling below.
I hope it will help you to understand my problem.
Don’t worry about the sudo -i command that I mentioned in my previous response – this was only a workaround since we hadn’t yet identified the problem.
That being said, after watching the video, it appears that there is a lot missing from your wordpress.conf file. If this is a new installation, I would simply create a new VM and try again. Otherwise, you will have to add the code from the initial configuration back into your wordpress.conf file.
Another question: does your website continue to work in spite of the wordpress.conf file being nearly empty?
Talk to you soon,
Joe
Sarkhansays
Hi Joe,
I run the the command now and the same result.
Options -Indexes
I repeated the steps few times but same result.
My website works but when I enter the links, pages are broken. Like that:
The requested URL /mywebpage/ was not found on this server.
Now, as you said I will try to create new VM and I will inform you about the result. I hope it will work.
I tried all the ways but I couldn’t get any affect. At last I created new project but again same issue. So I decided to use Bitnami with a new project. I created my hosting with bitnami, my website works but at the end red not secure error appears on the browser when I enter my website.
I followed your entire tutorial for Click-to-Deploy WordPress on Google Cloud Platform. Everything went well – including the SSL certs installation and static IP address assignment.
My website is home-tuition.sg
This few days, I suddenly discovered an error message “Error establishing a database connection” whenever I tried to reach my own website (you can try and see the error message). I have not changed any settings. Google’s documentation suggested an issue with the SSL certs. I ran a SSL test but it looked ok (I’m no IT expert, so I’m not sure).
Can you help me to have a look and tell me what’s wrong?
This is a common error in WordPress and is likely unrelated to your SSL configuration.
Whenever I experience that error, it’s because my database connection credentials aren’t defined correctly in my wp-config.php file. So the first thing I would recommend doing is opening your wp-config.php file and checking that your database connection settings are correct (hostname, password, database name, etc.).
Also, do a Google search for “WordPress Error establishing a database connection” – you will find many troubleshooting tips from other users who have experienced this same issue.
Hope this helps and let me know if you have any questions,
Joe
Nirajsays
Hi, I followed instruction upto this code,./certbot-auto renew –dry-run
However SSL installed. I was getting this on each code run
Sudo: effective uid is not 0, is sudo installed setuid root?
Is this a problem of some kind and need to be solved then how?
how to disable free ssl from gcloud because after installing ssl on my client site we cannot share any think to facebook, if you have any solution please guide me how to rectify this error. This is my first time on google cloud and learn lot of things form your website http://www.onepagezen.com you can say i completely install wordpress from you site but i stuck here on facebook issue, please if you have any solution how to share on facebook (client required) or how to disable https to http.
Your very detailed tutorial gives me courage to pursue Google Cloud Hosting even if I’m new to this creating a WordPress website. You’ve been very responsive also to our questions which makes it more easy for us to resolve issues along the way.
As a form of gratitude, I would like to raise a small issue on this tutorial that causes me errors.
On Step 6, the first 2 lines of the code with the SSL certificate files has an extra spaces at the end which causes an error. A couple of comments here are related to the this issue so if you can update that part, it would prevent similar future errors and comments.
Were you able to get your domain name integrated with your website?
And thanks for the feedback – I was able to find and delete the extra spaces that you were referring to.
Thanks,
Joe
Marksays
Hi Leron,
Yes, I was able to setup my domain name with my website.
Thanks to your very detailed tutorials and to your effort on answering issues we encountered. Everytime I encounter an issue I make it sure to read the comments or use CTRL + F in Chrome to search for same questions that you might have answered.
Your answers to our questions helps a lot. I was on the brink of giving up Google Cloud Computing due to errors I encountered but your answers to our questions helped me solve errors along the way.
Hopefully you won’t get tired of helping us with Google Cloud Computing.
I’m happy to know that the comments have been valuable to you! I’ve also heard from a few other users who mentioned that they appreciated the comments at the end of each tutorial, especially when troubleshooting. I’m happy to know that people are taking advantage of this resource.
Also, I’m glad to hear that you were able to push past the brink of giving up. I know how frustrating GCP and AWS can be, especially when first starting out.
Thanks again for the feedback and I look forward to hearing from you in the future.
Joe
Birshu Sarmasays
Hi,
One of the reason of my website slowness is ssl taking time to load, Please give me advise how to improve performance while loading ssl. My site is: https://nenow.in
It is normal that SSL will cause your website to load more slowly, but the effect should be negligible.
If you are noticing a significant increase in load times after configuring SSL, it could indicate that there is another issue at play.
Analyze your website on GTMetrix.com, and click on the Waterfall tab to get a breakdown of which of your website’s components are responsible for the longer than average load time.
Hope this information helps and let me know if you have any questions,
Joe
Highlight the text in the file in order to copy it, then add it to your load balancer. Do this for the other 2 cert files as well, as you will have to add all 3 of the cert files to your load balancer:
There is no easy way reassign the certificate to a new URL, because your system has been configured (based on the tutorial) to serve HTTPS from your original URL.
To fix the issue, you will have to first configure your website with the new domain name. After the new domain name is working properly with your website, then you can issue a new SSL certificate for that domain.
After you issue certificates for the new domain, you will have to delete the old certificate paths from your default-ssl.conf file and replace them with the new certificate paths. You’ll also have to change the redirect at the top of your wordpress.conf file to point to the new domain.
Hope this helps, and let me know if you have any questions.
Joe
Hello we tried all steps but getting error like ” your website is
“Your connection is not private
Attackers might be trying to steal your information from http://www.sivanyoga.net (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID”
When I do an SSL test on your domain, the SSL checker isn’t recognizing any of the Let’s Encrypt SSL certificates.
What I would recommend doing is going back through the tutorial and making sure that you’ve covered all of the steps. Keep in mind that Step 6 is where you explicitly tell your server to use the newly generated certificates.
Hope this information helps and let me know if you have any questions.
Joe
Another great job explaining the subject. I share Juan ‘s thoughts also, would be better to change the url’s in wordpress before the apache restart. My site went away, came back as deleted & the gcp dsahboard showed a welcome start a new project page while still showing showing my instance in the navigation menu. I hit the drop arrow & selected my instance and it would loop me back to the dashboard with the welcome page again. My website said it was deleted while displaying https with out the lock only the ! insecure page warning. I could not get the wp-admin page to load. I think this might be a chrome thing. I deleted all browser settings, signed out of my account, rebooted & the site was up, I could log in change to https & the world was right again!
I did this with the earlier version. For some reason the link to the updated version was grayed out! I did notice there wasn’t any suggestion to change the permalink structure in this video. Your video’s did make this a snap to do, so thank you. Let me know what you think the problem was.
Thanks
Al
I am going to be updating the tutorial soon, with updated auto-renewal instructions as well as moving the restart command to the very end of the tutorial.
I’m not sure what caused your issue specifically, however, I’m glad to hear you were able to get the issue resolved. On another note, when developing on Chrome I make frequent use of the Strong Proxy extension and free proxy services such as hide.me. This serves as a way to bypass the caching functionality in your Chrome browser without having to repeatedly edit your browser settings.
It’s possible you’ll find these tools helpful if you’re not already using them.
Thanks again for the feedback, and talk to you soon.
Joe
Dalisays
Really looking forward to the updated tutorial, Joe!
It’s great that it will include auto-renewal instructions as well.
Wonder if it will include instructions for wildcard certificates too?
I’m going to be publishing a CDN tutorial and a caching tutorial in the next few weeks. After that is when I will get started on the tutorial updates.
In the meantime, if you have any specific questions or run into any errors – please let me know.
Talk to you soon,
Joe
Dalisays
Great, thanks for the update!
Yes, we really wonder what we should do right now.
We have used your tutorials exact steps to set up SSL for sites in WordPress Multisite Network. The only thing we needed to do, that is not in this tutorial, is configuration that needed to be done with WPMU DEVS Domain Mapping plugin, in order for every domain and subdomain in the network to get SSL. WMPU DEVS plugin also makes it possible to selectively turn on or off SSL for individual sites in the network, really useful function. We have several sites with full domain names (like: domain1.com, domain2.com, domain3.com) and large number of sites that exist only with subdomain names (subdomain1.domain1.com, subdomain2.domain1comβ¦ subdomain101.domain1.com). Our biggest problem with the current tutorial is that we have a large (and growing) number of subdomains, and we need to separately add all those subdomains according to this tutorial, every time we add new subdomain to our network. So if we add subdomain102.domain1.com, we need to redo everything each and every time for all domains and subdomain, and the number of especially subdomains is growing fast. This is where the new wildcard Letβs Encrypt wildcard functionality would really be of tremendous help. It is becoming impossible otherwise. So what we concretely wonder about: where do we go from here? In other words: how do we go from the current configuration to the wildcard based, self-updating configuration instead, from the current position weβre in, step by step, without jeopardizing the network or risking downtime (there are many live sites affected).
It sounds like you have the ideal use case for a Wildcard certificate.
I would recommend that you create a new VM and first get comfortable implementing Wildcard certificates. See if you can get it working as intended with a similar configuration as you have now (use a test domain).
If you can get it working correctly, then reissue and overwrite the existing certificates with the wildcard certificates. The certificate issuing process for wildcard should be similar to the existing process.
Hope you’re able to get it working and let me know if you have any questions,
Joe
leosays
Not sure what isn’t working. Tried and followed the same step twice, and still not able to get it working. The entire site is down.
I tried to request for certbot many times and failed and got this error message:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: golocalplace.com,www.golocalplace.com: see https://letsencrypt.org/docs/rate-limits/
Certbot only allows you to request a certain amount of certificates per day, per domain. It appears that you made too many requests, so Let’s Encrypt has temporarily disabled new certificate requests for that domain. The only thing you can do is wait.
Check out the link in the error message for more information about how long you have to wait before you can make a new request.
Also, you’d have to change the server alias in your wordpress.conf file to:
*.example.com
Anyways – I wouldn’t recommend following the instructions above as they haven’t been tested, but they should give you a general idea of how a wildcard configuration could be implemented. Also check out this thread from Let’s Encrypt for more information.
Use at your own risk, and let me know if you have any questions.
Thanks,
Joe
Philsays
I’m getting stuck at step 3. I’m getting:
/var/www/html/ does not exist or is not a directory
There are numerous solutions such as implementing a Captcha or disabling access after too many failed login attempts. Deciding which solution to implement depends on what you’re trying to accomplish.
Please provide additional details and I will see how I can help.
you saved my time. Been searching for a solution on various forums… this served the purpose.
I have a question. How to increase file upload size on google cloud? You have one tutorial for bitnami. Is it same for one click deploy ?
Hey Joe! I’ve found an issue with the step 6 of your tutorial. The quotation marks for the certificates address are not needed. I removed them and it worked great. Thanks! π
Hi,
Thank you for those useful tutorials!
I followed these steps, and https is working properly for my website. However, I can’t login to enter wp-admin.
If I enter username and pass; ERROR: The password you entered for the username user is incorrect.
If I click on “lost your password” and enter my email: ERROR: There is no user registered with that email address.
Can you help me?
Did you use the All-in-One WP Migration plugin? If you did, you will need to use the password of the site that was migrated to login to WordPress.
Also, your email won’t work because you will need to configure SMTP; either way, the SSL configuration would not affect your WordPress login credentials, so there is another issue at play.
Thanks for the great post!
I had a question though and I’m sure you already posted it, but I cannot find the information I need anywhere.
I have a 3rd party SSL certificate and I want to just apply it to google cloud wordpress. I have a trouble to understand how to do it.
The process of installing 3rd party SSL is much different from using Let’s Encrypt SSL.
You will have to issue a CSR, send the CSR to your 3rd party SSL prodvider, then wait for them to issue the certificates. Once they issue the certificates, you will download them, then upload them to your server, then include the file paths to their location on your server exactly like in step 6 of this tutorial. Other than that, the other instructions in this tutorial will be the same.
Hope this helps and let me know if you have any questions,
Joe
Thanks for the feedback Nishant – I’m glad the tutorial helped you! π
Christysays
Our website is on google cloud with a load balancer. We followed your tutorial to do everything except load balancing. Our site have problem with https redirects.
Hi Christy,
I don’t offer support for load balancing configurations, but you may find this thread useful.
Hope this helps and let me know if you have any questions,
Joe
cierrasays
I’m having trouble with my Multi-site installation. all of my subsites have their own domain registered, it seems the forced redirect to the main site has something to do with the SSL. Any Help would be great, the plugins haven’t worked for me.
Hi Cierra,
Check out this section of the guide from Bitnami on how to configure Mutisite with multiple different domain names. For SSL, issue a single certificate with all of the domains listed in that single certificate. I hope to have a multisite tutorial available in the near future.
I hope this information helps and let me know if you have any questions,
Joe
I fixed it. I had to update the https.conf. I had to change overide from allow none to allow all. This would allow the .htacess file overide the virtual host for the subsites.
Thank you for the tutorial. I did exactly as mentioned in the tutorial, but could not get to the last step for changing the settings in wordpress admin account.
Each time I was trying to login to wordpress admin, the page showed error site redirected too many times. The same is the case when I try to open my website.
This issue is usually caused by having multiple redirects in your conf files.
Where did you configure your redirects? There should only be one and it should be at the top of your wordpress.conf file (step 7).
Run the command cd /etc/apache2/sites-available/ to list your conf files. Open up each one using the nano command and make sure that there aren’t any additional redirects already included in the files. Also – do a search for the your htaccess file, open it, and make sure there isn’t a redirect included therein.
Hope this helps and let me know if you have any questions,
Joe
I did the exact setu and now I have permalink problem.
I cannot access any other page than my homepage with permalink to postname .
I tried may different repair on the htaccess file and it is no working, I accessed the phpmyadmin DB and looked around to fing no solutions there. Any idea why I would get this error.
Hi, your instructions worked perfectly, and I have been able to setup a site with SSL.
I’m trying to take this one step further, to create an autoscaling, autohealing, loadbalanced wordpress site that also uses Google CDN. I am able to do all of it, and the https version of the site works well. However, if you enter just the naked domain name in the browser, it gives a 404 error.
I’ve had issues configuring GCP’s load balancers in the past, and it was usually a similar type of problem where the www-version of the domain wasn’t resolving properly.
Anyways – regarding your issue in particular, I checked the console there are a few errors which appear to be preventing SSL from working properly: Access to Font at ‘https://riderzone.review/wp-content/themes/skil/assets/fonts/fontawesome-webfont.woff2?v=4.5.0’ from origin ‘http://riderzone.review’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://riderzone.review’ is therefore not allowed access.
I did a Google search on the error and here’s what I found: Resource 1 and Resource 2. Also, this Github gist might be exactly what you’re looking for.
Thanks a lot for your reply, it was a little dumb of me not to Inspect the page on Chrome.
I did solve the issue though. Turns out it was happening because I wanted my site to load without www. In the tutorial above, for the HTTPS redirect, you use the following command:
Also, the site URL inside WordPress for me did not have WWW. Now that I have changed these settings, it’s working. Take a look at riderzone.review if you’d like to try.
I have noticed a new issue though. Running a speed test on GTmetrix, the site now loads slower than it used to before I made this setup. I had expected the load time to go below 3 seconds, it has gone above 5! Surprising considering the fact that I’m using Google CDN.
Hi Akhil,
I’m happy to hear you resolved the issue.
And I took a look at the GTMetrix score and it wasn’t recognizing the CDN.
An alternative configuration is to serve all of your WordPress media from a bucket which is configured with Google Cloud CDN.
This would cut back on the load times for international visitors, as media files generally account for the higher load times.
If you’re able to get the CDN working right, please let me know the solution.
Talk to you soon,
Joe
James NBsays
Hi,
Mistakenly installed this in my LAMP installation. Now it’s showing insecure badge lock.. I need to remove or revoke this certificate. I have deleted all relevant files in /letsencrypt and /ssl files but it’s still showing the same.. Is there a way I can remove/revoke this certificate?
These instructions will work for any LAMP installation. The instructions might be slightly different, but the key concepts are the same.
If you want to remove the certificate, you can simply comment them out, or remove their file paths from your server’s conf file.
Make sure to un-comment the dummy (snakeoil) certificates when you do this.
Hey, great article helped me a lot. 1 issue though I could never find the wordpress.conf file. I looked everywhere. My website is not redirecting non www to www or vise versa. Any idea what I can do to resolve this issue?
You can run the following command to search for the wordpress.conf file location:
sudo find / -type f -name wordpress.conf
Let me know if you have any questions,
Joe
Rafaelsays
Hi Leron,
Yes, I’m using multisite, but I’m not using multiple domains. In fact, it is just one domain because my setting is to use subdirectory and not subdomain.
Your /site1/ and /site2/ directories would be covered under the SSL certificate because they are served from your SSL-enabled domain. For that reason, you won’t have to include these additional URLs in your certificates. The only instance when you would need to included them is if you had enabled subdomains such as https://www.site1.yoursite.com.
As far as your issue, I’m not sure what it could be. Configuring multisite is not for beginners and there are a million things that can go wrong, so you will need to troubleshoot.
If you’re using the Bitnami Multisite stack, I would follow their documentation – that’s helped me configure Multsisite in the past.
In that case, you could use these instructions for installing multiple WordPress modules on the same stack. Unfortunately the documentation doesn’t provide instructions on how to integrate with your existing stack, so you may have to look around for online resources. I’ve never configure multiple WordPress installations in separate sub-directories, so it’s not something I have much experience with it.
If you’re able to get it to work, please share your process – I know myself and many other users would be interested to learn.
Thanks,
Joe
Rafaelsays
Hi Joe,
Sure I will.
I’m trying bitnami multiple wordpress modules in order to check if the users can use the same login section for all wordpress installation.
Thanks
rafaelsays
Hi Joe,
I’m still trying to figure out how to set SSL on WordPress click-to-deploy using multisite with subdirectory (not a subdomain).
Run the command cd /var/log/ then cat syslog – this will print any errors in your Apache server.
Additionally, try restarting your Apache server. If it can’t restart due to a configuration issue, it will print the error to the terminal.
Let me know if you have any questions,
Joe
Rafaelsays
Hi Leron, thanks again for the tutorial.
I got the same issue. I run the command cd /var/log/ then cat syslog , I tried to restart again, and got the same error message:
”
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
”
What could I do?
Rafaelsays
Hi Lion, here is the error
Mar 10 20:26:34 wordpress-multisite-1-vm apachectl[25037]: AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/wordpress.conf:
Mar 10 20:26:34 wordpress-multisite-1-vm apachectl[25037]: ServerAlias only used in
But I don’t have extra space here. What could I do?
This error message is saying that there’s an issue with the directives in your wordpress.conf file on line 6.
You will have to look online at resources to find the correct directives to use at the top of your wordpress.conf file. Unfortunately, the configuration will be different from what is instructed in this tutorial because you are configuring your server to handle multiple domains.
Hi,
After running the second command I got this output. Next step is to enter email. But I have no option. Please help
Thanks
Garry
gsbenipal@wordpress-1-vm:~$ ./certbot-auto certonly –webroot -w /var/www/html/ -d reazy.ca -d http://www.reazy.ca
Requesting to rerun ./certbot-auto with root privileges…
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.
Help for certbot itself cannot be provided until it is installed.
–debug attempt experimental installation
-h, –help print this help
-n, –non-interactive, –noninteractive run without asking for user input
–no-bootstrap do not install OS dependencies
–no-self-upgrade do not download updates
–os-packages-only install OS dependencies and exit
-v, –verbose provide more output
-q, –quiet provide only update/error output;
implies –non-interactive
All arguments are accepted and forwarded to the Certbot client when run.
gsbenipal@wordpress-1-vm:~$
Requesting to rerun ./certbot-auto with root privileges…
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.
Help for certbot itself cannot be provided until it is installed.
–debug attempt experimental installation
-h, –help print this help
-n, –non-interactive, –noninteractive run without asking for user input
–no-bootstrap do not install OS dependencies
–no-self-upgrade do not download updates
–os-packages-only install OS dependencies and exit
–install-only install certbot, upgrade if needed, and exit
-v, –verbose provide more output
-q, –quiet provide only update/error output;
implies –non-interactive
All arguments are accepted and forwarded to the Certbot client when run.
Comment above describes the same error message, i tried running your command which you have suggested him
Make sure you’re installing to your home directory, so run the command cd before running the command to install certbot.
Then use the ls command to view the existing copies of certbot in the home directory, then use the rm -r certbot-auto to delete any existing installs. Do this for all of the installs, as you probably have a certbot-auto.1 and .2 and so on…
After doing this, try doing the tutorial again from step 1. Remember your can copy and paste the commands directly from the tutorial, but only the commands in the grey boxes. Any text that you copy and paste from outside of the grey text boxes may cause formatting issues.
If this doesn’t work, please submit follow-up comments to the WP-Cloud-Support page and I will assist you there.
Hello, Thanks so much your website has helped me a lot.
I have a question because this tutorial has caused some issues.
I set up SSL cert’s for my website when I was using a “placeholder URL”
The SSL worked Great, however now I want to change my DNS and use the proper URL for my website. I’ve updated my DNS and I’ve deleted my SSL certificates and worked backwards through your tutorial removing the code from
However this has taken down my website.
When I enter my WordPress GCP IP address into a browser, it forwards to my old placeholder URL.
Why is my IP address forwarding to this old URL?
How can I get my Compute Engine to restore to defaults before I did this
As you can imagine, I can no longer see my website and the WordPress backend no longer works.
Hi Joe!
I’m back again. Sorry. I seem to of crashed my website again. (error message:This site canβt be reached)
I followed all the steps, but had to open and close the SSH window a few times to get the commands to work. I wasn’t sure if the ctrl o and ctrl x were working.
When I did the last command from step 8. ‘sudo service apache2 restart’
I got this error message:
Job for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details.
So i tried to see what was wrong and it said this:
claire@wordpress-1-vm:~$ systemctl status apache2.service
β apache2.service – LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Drop-In: /lib/systemd/system/apache2.service.d
ββforking.conf
Active: failed (Result: exit-code) since Tue 2018-02-13 11:13:25 UTC; 21min ago
Process: 15642 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 2774 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 17828 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
claire@wordpress-1-vm:~$ journalctl -xn
No journal files were found.
I also tried to open the file in SSH but couldn’t
/etc/apache2/sites-enabled/default-ssl.conf
-bash: /etc/apache2/sites-enabled/default-ssl.conf: Permission denied
I also tried in filezilla but wasn’t able to open “Error: local: unable to open /default-ssl.conf
Error: Critical file transfer error”
Most of the time these errors occur because there is a syntax error in one of your config files.
You can also check in your system log by executing cd /var/log && cat syslog
I would recommend you go back through the tutorial and make sure that your virtualhost headings in your wordpress.conf and default-ssl.conf match the headings from the images given in the tutorial.
Give it a look and let me know what you find.
Also, let me know if you have any questions.
Joe
how do i edit the default-ssl.conf file? i do have a syntax error line 39.
Let me know what you think of the below, I ran the cd /var/log && cat syslog:
claire@wordpress-1-vm:~$ cd /var/log && cat syslog
Feb 13 11:13:25 wordpress-1-vm systemd[1]: Starting LSB: Apache2 web server…
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: Starting web server: apache2 failed!
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: The apache2 configtest failed. … (warning).
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: Output of config test was:
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: AH00526: Syntax error on line 39 of /etc/apache2/sites-enabled/default-ssl.conf:
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: Action ‘configtest’ failed.
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: The Apache error log may have more information.
Feb 13 11:13:25 wordpress-1-vm systemd[1]: apache2.service: control process exited, code=exited status=1
Feb 13 11:13:25 wordpress-1-vm systemd[1]: Failed to start LSB: Apache2 web server.
Feb 13 11:13:25 wordpress-1-vm systemd[1]: Unit apache2.service entered failed state.
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: AH00526: Syntax error on line 39 of /etc/apache2/sites-enabled/default-ssl.conf
In step 6 of the tutorial, we walk through how to edit the default-ssl.conf file. Line 39 is most likely one of the lines that contains the path to one of your 3 certificate files.
The problem is most likely because you have extra spacing after the certificate file path. In Apache, you are not allowed to have extra “spaces” after the file path – so go to that location and hit the backspace key a few times until it lines up next to the end of the text.
Thanks for your help, I managed to fix the syntax error and complete the tutorials. And my site came back π
But I noticed I don’t have the green lock ‘secure’ , only the is there anything else I have missed?
Thanks,
thank you so much for all
I have problem with my website https://www.pregnantwomanclub.com/ website is down and i cant login to dashboard i see message “Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
There is an error with your Apache server configuration.
If you try restarting the server, are you notified of an error message?
Try to execute the following command in your SSH terminal: sudo service apache2 restart
Talk to you soon,
Joe
Jansays
Thank you so much for clearly awesome tutorial,
unfortunately, I tried it 3times and the site still has error: ERR_SSL_PROTOCOL_ERROR
Please, any ideas what can be the issue?
Thank you very much
Hi Jan,
Where are you seeing that message?
Does your website load properly?
Jansays
Thank you for your kind reply Amin,
I see this on https://mywebsite…
On the http://mywebsite is the actual website
I have change the URL in wordpress admin – but I can’t even access to the admin – it jumps to https://mywebsite… /wp-admin with the same error :((
Thank you very much
Jansays
PS: I mean I can’t access to wp-admin after I followed the step 9. Update WordPress URLs
Jansays
Dear Amin,
I really hope you can help.
I’m now without the community website for last 3days… I again followed your instructions and when I try to restart the server, I go this error:
XXX@YYY-vm:~$ sudo service apache2 restart
Job for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details.
So I tried
XXX@YYY-vm:~$ sudo service apache2 graceful
[FAIL] Reloading web server: apache2 failed!
[warn] The apache2 configtest failed. Not doing anything. … (warning).
Output of config test was:
AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
Action ‘configtest’ failed.
The Apache error log may have more information.
so, I checked the error log:
[Sat Feb 10 15:52:40.777797 2018] [mpm_prefork:notice] [pid 5957] AH00171: Graceful restart requested, doing restart
[Sat Feb 10 15:52:40.875570 2018] [mpm_prefork:notice] [pid 5957] AH00163: Apache/2.4.10 (Debian) configured — resuming normal operations
[Sat Feb 10 15:52:40.875586 2018] [core:notice] [pid 5957] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Feb 10 20:27:18.728671 2018] [mpm_prefork:notice] [pid 5957] AH00169: caught SIGTERM, shutting down
[Sat Feb 10 20:27:19.827696 2018] [mpm_prefork:notice] [pid 9186] AH00163: Apache/2.4.10 (Debian) configured — resuming normal operations
[Sat Feb 10 20:27:19.827740 2018] [core:notice] [pid 9186] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Feb 10 20:27:52.351397 2018] [mpm_prefork:notice] [pid 9186] AH00171: Graceful restart requested, doing restart
[Sat Feb 10 20:27:52.415210 2018] [mpm_prefork:notice] [pid 9186] AH00163: Apache/2.4.10 (Debian) configured — resuming normal operations
[Sat Feb 10 20:27:52.415229 2018] [core:notice] [pid 9186] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Feb 10 20:46:15.525418 2018] [mpm_prefork:notice] [pid 9186] AH00169: caught SIGTERM, shutting down
…
If you have any ideas, please, please let me know… feel free to contact me via email too if you wish.
Open up your /etc/apache2/sites-enabled/default-ssl.conf file and go to line 42.
On line 42, there is probably the path to one of your SSL certificate files.
Now – make sure there are no extra space characters after the line. Just use your arrow key to move your selector over the entire line, and when you get to the end, your selector should jump to the next line.
The extra spacing is likely what is causing the error, so use backspace to delete any extra space characters at the end of the line.
Also, make sure there is no spacing after either of the other 2 lines.
Please do this then restart your server and try again.
This is a common issue that occurs when you recently pointed your domain name to Google Cloud but the domain name servers haven’t had enough time to propagate.
So – if your DNS is configured properly, I would wait an hour before trying again. If it doesn’t work after an hour or so, it typically means that there is an error in your DNS configuration.
If you got it to work – great. If not, try again and let me know if you run in to any issues.
thanks for the good work i have a question i want to remove letsencrypt free ssl from google cloud and i install new paid ssl from comondo how do i go about that i am really struggling to remove my free ssl from google cloud
To deactivate the certificates, you can either put a # next to the certificate paths, or completely remove them – depending on your preference.
To remove Let’s Encrypt files from your disk, use the rm command to delete the letsencrypt folder from your /etc/ directory.
The steps to configure Comodo certificates are much different, but whoever you’re buying the certificate from will have instructions on their website on how to install Comodo certificates on Apache.
Good luck and let me know if you have any questions!
Juan Pasalaguasays
Excellent tutorial. Thanks!
Just a quick comment –
Why not enable the WordPress URLs before setting the HTTPS redirects? The way you have it interfered with the CSS rendering of my setup and wouldn’t let me access the wp-admin panel.
Hi Juan,
Thank you for the feedback!
You make a very good point, and there isn’t a reason behind it.
I will look into your suggestion for improving the tutorial, and will give it a test run with configuring URL’s before the redirect.
Best,
Joe
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: http://www.lipidcomplex.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for http://www.lipidcomplex.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
tomy_biton@lipidcomplex1-vm:~$
Hi Tomy,
This error typically means that your DNS changes still haven’t taken affect.
Take a look at this tutorial and make sure you followed the instructions properly.
Let me know if you have any questions. π
Hi Lidia,
Why are you changing the root directory to var/html/.tmb?
And the command is ./certbot-auto renew – try running that command.
If you want, copy and paste the certbot-auto command that you entered and I will take a look.
And it’s not a problem that you entered many domains on your certificate – I think you’are allowed up to 100 or so, so you can still add more if needed.
Hope this helps! π
Awesome video and instructions. I am getting away from the plugin WP-Encrypt because of the issues I was experiencing. Looking to deploy this solution for my clients. One issue though , I am receiving a “Type: unauthorized / Detail: Invalid response from” when running “./certbot-auto certonly –webroot -w /var/www/html/ -d mydomain.com -d http://www.mydomain.com“. My dns info is all good, and I actually manage it through Google Domains. The ‘a’ record points to the instance external ip in compute engine. Would this be related to my previous install of WP-Encrypt? I am somewhat lost at this point. Any suggestions would be great. Thanks.
Hi Justin,
This typically occurs if your nameservers aren’t properly pointing to your A record in your Cloud DNS, usually because the nameservers were changed recently.
I would give it some time. If it still doesn’t work after a few hours, it may be a problem that I have never come across.
Talk to you soon,
Joe
Hi Leron, I had commented on other tutorial thread about 302 header code.
I followed the instructions on this thread and still getting the same error code. Its just that I feel 301 header code are better in terms of SEO when redirecting http to https
After doing all these thing, I’m unable to access phpmyadmin or site both. I’m also unable to change the wordpress url (http to https). What should I do to change them. How to access phpmyadmin through SSH browser. Where I found all command for SSH for GCP.
Thank you Leron !
Hi there,
Thank you for our all instructions. But My website is having an error. My adress is right, I do not know how to fix this problem :(. Here is the error;
<met"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Hi Alper,
This error means that your Cloud DNS isn’t properly configured, and that your domain isn’t being validated.
Go back and check out this tutorial and make sure that you configured all of the steps properly.
Please reach out to me if you have any other questions,
Joe
Thak you for your consideration. But I am afraid, all the DNS settigns are right, they are exactly the way that you wrote. Also my website has already been running for 3 months. Additionally, I just wanted to add free SSL , but it does not work :(.
What else can I try ? If you are not so bussy, I can let you to connect my computer via Teamveaver or remotely.
Hi Chathura,
I have not encountered this error before. However, check out this link for more information on how to solve the issue.
Talk to you soon, π
Joe
after this command ……..
./certbot-auto certonly –webroot -w /var/www/html/ -d indiabuz.com -d http://www.indiabuz.com
error msg………..
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for
exact set of domains: indiabuz.com,www.indiabuz.com
Hi Madan,
This error occurs when you’ve entered a certificate issuing command for a certain set of domains within a short period of time.
You may have to wait awhile before running the certificate issuing command again. Check out this article on rate limits for more information.
Talk to you soon, π
Joe
I was able to follow the step above to successfully implement the SSL. However today I received an email from lets encrypt that my cert was expiring in 9 days. I entered the below info per your instructions:
You mentioned that the code checks for a cert renewals 2 times per day. When does it actually renew the cert? Is it daily or a few days before expiration? I guess I’m a little confused because certs last 3 months and i would assume that a few days before cert expiration that it would renew the cert.
Is there a manual way to renew the cert just in case too?
In the first version of the SSL tutorials, the certbot-auto script was saved in the /tmp directory. Because of this, many users faced issues with their certificates not auto-renewing properly.
I initially addressed this issue with Isabel, and we devised a solution to the problem which you can view here.
To manually renew your certificate, navigate to the directory where the certbot-auto files are located. For instance, if you follow the instructions from the link above, your certbot-auto files will be downloaded to the directory /etc/letsencrypt/certbot. You can navigate to that directory by running the command cd /etc/letsencrypt/certbot. Once there, you can run the following command to manually renew your certificate files: certbot-auto renew
Let me know if you have any issues with the instructions, or if something doesn’t work for you.
Talk to you soon, π
Joe
Dimisays
Hi Joe,
I tried the new instructions but the command
sudo git clone https://github.com/certbot/certbot
gives me— command not found
I have the click to deploy version.
The certificates expired and when I manually entered the ./certbot-auto renew command it worked. Why is the cron not working then?
Thanks
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Any idea why it wont let me generate a certificate for a subdomain?
You have to add all of the domains/subdomains for your website in a single certificate issuing command. If you want to secure additional subdomains for a website that already has SSL configured, you’ll have to run a different command or reissue the original command including the additional subdomains that you want to secure.
The error that you’re seeing means there is an issue with your Cloud DNS configuration.
Talk to you soon, π
Joe
Jsays
Dear Leron,
I followed all your steps of this tutorial and it worked just like you showed in the video. It was wonderful. I really like how you explained everything. I think this is one of the most technical things I have ever done on a computer and at first I was skeptical of it being something easy or straightforward, so that’s why I double checked and even triple checked that everything I was doing was exactly like you did. And when it worked I was really happy. Thank you!
To anyone following this tutorial, I want to say that the best thing you want to do is pay a lot of attention to every step and make sure you follow it precisely like it’s said. It worked for me.
Hey J,
Thanks for posting a comment!
I am glad to hear that the tutorial worked for you, and thanks for sharing your tips for success!
Best regards,
Joe
Hilalsays
Thank you for all your useful tutorials! I followed your instructions and installed SSL certificates, but they have now expired. The cron task did not auto-renew. Please help me renew them. Can’t even get the ‘dry run’ to work.
root@***:~# ./certbot-auto renew –dry-run
-bash: ./certbot-auto: No such file or directory
Thank you for your excellent tutorials.
I have a question though.I have a WordPress multi-site installation.I have already installed an SSL certificate for the primary site.I have followed through the steps to generate certificates for the second site but I haven’t been able to install them because I am not sure of the syntax for two sites at step 7 at this point:
Or should I create another wordpress.conf file and place the second site’s variables there?
I skipped steps 2,5 and 6 because I had already done them on the first install.
Don’t create another wordpress.conf file. With multisite configurations, your wordpress.conf file needs to be configured for the PRIMARY domain in your multisite configuration. The additional domains, whether they are top-level or sub-domains, should be mapped from the front-end using a domain mapping plugin.
Check out this Bitnami documentation for additional instructions. Also – the configuration instructions are nearly identical regardless of whether you’re using the Bitnami or Click-to-Deploy WordPress stack.
Hope this answers your question! π
Talk to you soon,
Joe
Mitisays
I work out following your steps. But I choose WordPress Multisite (Solution provided by Google Click to Deploy) as I prefer php7. The problem is the result from typing sudo nano /etc/apache2/sites-available/wordpress.conf
The console shows only
Options -Indexes
Then I can’t go further process. Do you have any suggestion for this issue?
The error occured when I type sudo service apache2 restart
The result is
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
Then I type journalctl -xe
The result is
miti@wordpress-multisite-1-vm:~$ journalctl -xe
Oct 27 16:30:42 wordpress-multisite-1-vm sudo[6471]: pam_unix(sudo:session): session closed for user root
Oct 27 16:30:49 wordpress-multisite-1-vm sudo[6476]: miti: TTY=pts/0 ; PWD=/home/miti ; USER=root ; COMMAND=/usr/sbin/a2enmod ssl
Oct 27 16:30:49 wordpress-multisite-1-vm sudo[6476]: pam_unix(sudo:session): session opened for user root by miti(uid=0)
Oct 27 16:30:49 wordpress-multisite-1-vm sudo[6476]: pam_unix(sudo:session): session closed for user root
Oct 27 16:30:58 wordpress-multisite-1-vm sudo[6489]: miti : TTY=pts/0 ; PWD=/home/miti ; USER=root ; COMMAND=/usr/sbin/service apache2 restart
Oct 27 16:30:58 wordpress-multisite-1-vm sudo[6489]: pam_unix(sudo:session): session opened for user root by miti(uid=0)
Oct 27 16:30:58 wordpress-multisite-1-vm systemd[1]: Stopping The Apache HTTP Server…
— Subject: Unit apache2.service has begun shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun shutting down.
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/wordpress.conf:
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: ServerAlias only used in
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: Action ‘stop’ failed.
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: The Apache error log may have more information.
Oct 27 16:30:58 wordpress-multisite-1-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: Stopped The Apache HTTP Server.
— Subject: Unit apache2.service has finished shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has finished shutting down.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: apache2.service: Unit entered failed state.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: Starting The Apache HTTP Server…
— Subject: Unit apache2.service has begun start-up
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun starting up.
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/wordpress.conf:
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: ServerAlias only used in
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: Action ‘start’ failed.
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: The Apache error log may have more information.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
There is a syntax error in your wordpress.conf file; on line 2 from what it looks like. This is the reason why your Apache service is failing to restart.
If you haven’t yet resolved the issue, you can copy and paste the top half of your .conf file into the comments and I will check for anything unusual.
Aug 16 09:54:12 wordpressjireh-vm apachectl[16803]: ServerAlias only used in
Aug 16 09:54:12 wordpressjireh-vm apachectl[16803]: Action ‘stop’ failed.
Aug 16 09:54:12 wordpressjireh-vm apachectl[16803]: The Apache error log may have more information.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: Stopped The Apache HTTP Server.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: apache2.service: Unit entered failed state.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: Starting The Apache HTTP Server…
Aug 16 09:54:12 wordpressjireh-vm apachectl[16810]: AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/word
press.conf:
Unofrtunately this is all I have inside my wordpress.conf file unlike the screenshot you have above…
Hi Miti,
I am not sure the multisite configuration has a wordpress.conf file located in the same directory as a standalone Click-to-Deploy configuration.
Have you checked to see if the file is at that location? You can run sudo ls /etc/apache2/sites-available/
Let me know what you find. π
Talk to you soon,
Joe
RAGHAV BHALLAsays
Thanks for pointing me this updated tutorial, followed it and got the SSL setup on my first website within 5 minutes. Amazing stuff.
Just had one question in mind, I’ve already made a snapshot of my VM after the SSL was setup so in future say if I restore this snapshot or maybe clone it and then point the static IP i was using for this VM to the cloned VM, will the SSL function properly on the cloned VM right away or will I have to do this again?
Hi Raghav,
I am glad the tutorial worked for you!
If you are restoring the website snapshot to the existing VM, it should work just as normal.
If you restore the snapshot to a new VM it would have to have the same DNS configuration that was used when originally configuring the certificates. It may or may not work out of the box, if not, you would just have to make some basic adjustments to your DNS and Apache.
Would you have any interest in doing a tutorial on the Cloud Load Balancer? π
It looks like you could offload the SSL to that, but I’m not sure if you can do SSL with letsencrypt.
I’d like to be able to scale up if there’s a crazy spike in traffic, but scale back if nothing’s happening.
I have been working on a load balancing tutorial, and hope to have it released soon.
The one I am currently working on is a cross region load balancer to distribute traffic to instances based on their proximity to the user. However, I will also do a tutorial on the scenario you described, in which new instances would be automatically deployed to handle sudden spikes in traffic based on CPU utilization.
Another issue I am trying to justify is the cost of running the load balancer service, which ended up being significant (~$20-$40/month). This would arguably make the service impractical for anything except for large (and profitable) sites that see heavy levels of traffic.
Anyways, I hope to have the tutorial released soon. I am just trying to make it as simplified and easy to follow as possible. π
Hey Leron,
You again saved me with SSL setup. I was trying to use Cloudflare to setup its free SSL for my client’s GCP hosted site, but it didn’t work properly after countless tries. Decided to try this tutorial and it all went exactly the same like you explained.
Hey Shyam,
I am glad to know that the tutorial was helpful for you!
Thanks for taking the time to write about your experience with CloudFlare vs. the tutorial.
Talk to you soon, π
Joe
/var/www/html/ does not exist or is not a directory
following your tutorial, it stops at step 3. before the console asks me for email address or to agree, etc. with the same error I have seen others mention on this page and your youtube channel. a solution would help many π Your help is appreciated. Your tutorials are valuable!
using:
username@machinename-vm:~$ ./certbot-auto certonly –webroot -w /var/www/html/ -d domain.com -d http://www.domain.com
…
…
…
at the end:
Processing triggers for libc-bin (2.19-18+deb8u10) …
Creating virtual environment…
Installing Python packages…
Installation succeeded.
/var/www/html/ does not exist or is not a directory
username@machinename-vm:~$
Hi,
I had someone else experience that error recently.
I am going to try and re-create the error on a test account and see what I can find.
Talk to you soon, π
Joe
I retried again. same issue. I was able to verify /var exists. However within /var there is not a www directory. see here: https://www.screencast.com/t/fPk1lywniLx
*SOLVED*
the issue was following the wrong “version” of your tutorial. For me, I needed the click to deploy Bitnami version of SSL tutorial. after locating that – your steps were flawless. So anytime in the future other users are experiencing that same error (saw a few others post it), the answer is just wrong tut.
I am glad you were able to get the issue resolved.
It is true that the Bitnami and Click-to-Deploy versions have different root directories. I falsely assumed the problem was something obscure and complex. Thanks for sharing how you resolved the problem, as I am sure this will help other users in the future. π
Best regards,
Joe
Sarkhansays
Hi,
Can you please explain your solution a bit more explicitly.
What is the right tutorial and would you please be a little more open while saying “click to deploy Bitnami version of SSL tutorial” ?
It looks like your certificates are configured properly for your domain mytraveltrips.in – you just need to fix the mixed content errors.
If you want me to look at the /var/www/html/ error, copy and paste the contents of your SSH window into the comments so that I can see the command that is causing the error.
Hey Andrew,
Thanks for sharing the article!
I know lots of people (including myself) will be thrilled to have wildcard capability.
I agree that it will be an invaluable tool for WP multisite users!
Best regards,
Joe
Hi Oleksandr,
Thank you for following up to notify me that the error had to do with GCP.
I am glad to know that the error resolved itself π
Best regards,
Joe
cyrilsays
Hi, I found this tutorial very easy to follow, greatly detailed.
I have tried to reproduce it for another app from Bitnami ( Mautic) any idea of what I should adapt ? because it failed so far.
Hi Cyril,
I am glad you found the tutorial easy to follow. π
This tutorial will not work with Bitnami configurations because the directory structure is different. This tutorial works for the Click-to-Deploy version of WordPress on GCP and most other Apache configurations with a similar directory structure.
If you want to install SSL for a Bitnami application, try this tutorial.
The instructions will be nearly identical – however, I can’t say for certain.
If you give it a try, let me know how it goes. If you experience any problems I can try and help you through them. π
Talk to you soon,
Joe
What did you think of this revised version of the Click-to-Deploy SSL certificate tutorial?
Did you find it easier, more challenging, not much different?
Please share your questions and comments below!
Thanks,
Joe
Hi Bishal,
What is the error message that you are seeing?
Let me know and I will help you to find a solution to this problem. π
Talk to you soon,
Joe
Steve says
Hi Leo,
Thank you for your support. I created the new website: http://www.orlistat.shop by Click to deploy on Google Cloud. But when I tried to backup and export the file via All-in-on-WP Migration. I got the error: Failed-server problem and I cannot download the file as usual. I think I should modify something in SSH panel but I do not know how to do. Could you please tell me how to do please? Thank you so much for your help Joe
Leron Amin says
Hi Steve,
It seems like there’s an issue with your server.
Where are you seeing the ‘failed server’ problem? This isn’t a common issue, so you’ll need to provide addition information regarding the error in order for me to help you troubleshoot.
Talk to you soon,
Joe
candra says
thank you so much, dude! im so glad http to https is worth it. the first im so confused and failed because i didn’t see i have to change your domain to be my domain. lol
smoking and relax step by step and yeah you can see bro. my blog succes to be https and expired Aug 01, 2021. yeay
sorry, im a newbie about gcp. and then i alwyas go back to this blog for tutorial gcp.
cheers
Leron Amin says
Thanks for the excellent feedback Candra – I’m glad to hear you were able to get it working!
Mex says
Thank you so much for your invaluable and comprehensive guides, I followed your guide religiously but getting to the point to restart the apache server with the command ‘sudo service apache2 restart’ only to get the error below.
“Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.”
Please how do I troubleshoot this error?
Leron Amin says
Hi Mex,
It’s possibly a syntax error.
You can execute the following command in your terminal to view additional details relating to the error:
Let me know if you have other questions,
Joe
Mex says
Thank you so much for your response. I already fixed starting all over again.
Sagar Ghai says
Hey,
Awesome tutorial. Works perfect without any error for a WordPress VM on GCP.
But after following all the steps, I still get a Not secure in front of my website. I followed all the steps. Is there a reason you could attribute this to?
Sagar Ghai says
Surprisingly, When I visit ghaimotors.in, it shows not secure but when I visit ghaimotors.in/wp-admin it shows secure.
Leron Amin says
Hi Sagar,
It’s probably due to ‘mixed content’ errors. I go over how to fix ‘mixed content’ errors in this tutorial.
Let me know if you have other questions,
Joe
AceoStar says
This worked perfectly. My only request is please remove the other outdated documenation! As best I can tell, these are the instructions that are required to get Google’s WordPress click to deploy set up under SSL. I spent a lot of time looking at https://onepagezen.com/free-ssl-certificates-wordpress-google-cloud-click-to-deploy/ which did not work for me. As best I can tell, these are meant for the same purpose, but you need to manually set up the certs for this to work.
Leron Amin says
Hi AceoStar,
Thank you for providing this valuable feedback. I added a link at the top of the outdated tutorial.
Much appreciated!
Joe
buzzingbee says
THANKS for the tutorial, but I have issues, after I follow all of your instructions my website is still “not secure”
What I changed is this part on /etc/apache2/sites-available/wordpress.conf
ServerName mywebsite.com
ServerAlias http://www.mywebsite.com
Redirect permanent / https://mywebsite.com/
I only want my viewers to access the non-www version.
any idea??
Leron Amin says
Hi Buzzingbee,
The “not secure” issues are generally a result of mixed content errors.
I cover mixed content errors and how to fix them in this tutorial.
Let me know if you have questions,
Joe
buzzingbee says
Hi Joe,
Thanks for your hint. Turns out that the issue lies from the Elementor. Now my web is all settled.
Leron Amin says
That’s great news BuzzingBee – I’m glad you were able to get the issue resolved!
Ajendra says
Very informative article I’ve found!
How can I use Coudflare generated Origin Certificate for Full (strict) SSL in Google Cloud Hosting??
And, when I switch to Full from Flexible, it shows Cloudflare Error 521 Website is down, switching back to Flexible, makes all perfect. What’s the solutions for this? I’ve added Cloudflare IPs to GCP Firewall whitelist and TCP ports also.
Thanks.
Leron Amin says
Hi Alejandra,
If you need SSL on your origin server, I’d recommend installing it separately. I go over the instruction on how to do that in this tutorial.
That being said – if you’re running a blog or any type of website that doesn’t involve transferring sensitive information between the user and your server – then just stick with the Flexible SSL, as it will make your life much easier.
Please reach out if you have questions,
Joe
Andrew says
Thank you for the amazing tutorial.
You are the legend!
Leron Amin says
Thanks for the feedback Andrew!
Andrew says
I have question. when I type domain name on the address, it shows HTTPS, but not on the external IP address, stated as number. Is this right?
Leron Amin says
Hi Andrew,
I wouldn’t worry about it because nobody will be trying to access your website via it’s external IP.
That being said, you do have the option of configuring a rewrite rule to redirect the IP to your domain name, as shown here.
Just make sure you’re comfortable with editing files in case you end up needing to revert the changes.
Let me know if you have questions,
Joe
Apurva Popat says
hey i am stuck in a redirect loop, tried many things but not able to figure out. can please guide me step by step to find out the problem.
my domain is drapurvapopat.com
http==>https
https==>https
this is a danger redirect loop i am stuck in .
actually my certificate was expired, i tried to renew it using automatic certbot installment. it showed me a option to redirect all to https and i clicked yes.
i also tried to remove redirect permanent to https but things are not working.
please i am a nontechnical guy (a doctor) please help me
Leron Amin says
Hi Apurva,
The redirect loops is occuring because you selected the option to configure an additional redirect with the certbot script, even though you’d already configured a redirect as part of step 5 of the tutorial.
To fix the issue, I’d recommend deleting (or commenting out) the redirect that you configured in step 5 of the tutorial.
Hope this helps, and please reach out if you have questions!
Joe
Holly says
Thank you SOOOO much for this awesome tutorial! This was incredibly helpful. You’re awesome!
Leron Amin says
Thanks for the feedback Holly!
Alex Wang says
hi Leron, will this work with wordpress-Openlitespeed? Running Ubuntu..
Leron Amin says
Hey Alex,
The openlitespeed WordPress solution already comes pre-configured with an SSL script that runs when you SSH into the VM for the first time. This script will allow you to configure the certificates, choose your preferred domain name, and setup auto-renewal.
Let me know if you have questions,
Joe
Jan says
HI, there
thansk for the tutoria, it all went ok upto restarting the apache, i get this error ( I am not a programer, spent last few hours googling the fix but no luck, relly apretiate if you could help. Thanks
“sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.”
and here is the journalctl -xe :
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: Starting The Apache HTTP Server…
— Subject: Unit apache2.service has begun start-up
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun starting up.
Apr 11 15:37:04 salvalacerveza-vm apachectl[13402]: apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error
Apr 11 15:37:04 salvalacerveza-vm apachectl[13402]: Action ‘start’ failed.
Apr 11 15:37:04 salvalacerveza-vm apachectl[13402]: The Apache error log may have more information.
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
— The result is failed.
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: apache2.service: Unit entered failed state.
Apr 11 15:37:04 salvalacerveza-vm sudo[13396]: pam_unix(sudo:session): session closed for user root
Apr 11 15:37:04 salvalacerveza-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
jan says
Hi, I have done the setup again by following your newer version how to install tha ssl, all good up to the wp login. Now I get this php code insted of the wp admin interface.
<?php
/**
* Dashboard Administration Screen
*
* @package WordPress
* @subpackage Administration
*/
and so on, ( only pasted here the first few lines.) Any help? Is is due the apache not able to run php.? Thanks a lot for your time.
Jan
Leron Amin says
Hi Jan,
Was the website running correctly via HTTP before you tried configuring the SSL certificates?
At any point did you edit any of the PHP files? Do you have any caching plugins enabled (these can occasionally cause errors)?
Talk to you soon,
Joe
Leron Amin says
Hi Jan,
In the error message output, there’s a line which states that the error type is a syntax error, and the location of the error:
apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax error
To fix the error, open your apache2.conf file, navigate to line 225 (if you’re using Nano editor, you can jump to line by typing CTRL + _). Once you’ve located and fixed the error, enter CTRL + X, then Y, then Enter, in order to save the file. Lastly, try restarting your server again.
Let me know if you have questions,
Joe
Allan says
Hi, thanks for the tutorial. My site always got hacked few days after installing the SSL certificates. Is there anyway to avoid it?
Leron Amin says
Great question Allan,
I’m sorry to hear that! There are a few things I recommend doing to lessen the impact of your site getting hacked.
The first is to take regular snapshots of your VM instance. Having recent snapshots will allow you to quickly restore your website to it’s original state if it get’s compromised.
The next is to ensure that you have a strong password and two-factor authentication enabled on your Google account. This ensures that, even if the site itself is hacked, you still have access to your account and the resources required to quickly restore the website to it’s original state.
Let me know if you have additional questions,
Joe
Lisbeth says
Thank you very much for this tutorial! You save my site! I was struggling past 24 hours until I reach to your tutorial and finally make it!
Leron Amin says
Thanks for the feedback Lisbeth – I’m glad to hear the tutorial was helpful!
Ashish says
I get this error [ Directory ‘/etc/apache2/sites-available’ does not exist ] when im on step 4. Configure the Certificates. Any help would be really appreciated.
Leron Amin says
Hi Ashish,
What do you see when you run ‘ls’ from the etc/apache2/ directory?
Talk to you soon,
Joe
Muhannad says
Thanks for the clear and easy-to-follow guide. Worked perfectly well from the first attempt.
Leron Amin says
Happy to help – and great job completing the tutorial on the first attempt!
Rushikesh says
My domain name showing external ip address in URL Section and also WP address & Site address section is not showing in my WP (General Setting).
I cant understand what to do…
Leron Amin says
Hi Rushikesh,
Both URL options should display in your WordPress General settings.
If not, open up your wp-cofig.php file for editing, and add your site URLs by following the examples in this documentation.
Let me know if you have questions,
Joe
Yanni says
Brilliant – worked for me! Thank you for writing up such a succinct tutorial.
One comment I’ll add is that I wanted to make sure the crontab got saved, so I had to do:
sudo crontab -l
To make sure it was in the crontab.
Yanni.
Leron Amin says
Awesome tip Yanni – thank you for sharing!
Abhinav Goel says
Hi there! Excellent posts. I used your posts to set up ssl. But am unable to set up the auto renewal.
When I copy paste this command “45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart”, only this part gets pasted “/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart”
Then I manually entered the part that was left unpasted. But there is a slash in the beginning for the command, that is not getting deleted. So, this is the command I entered
“/45 2 * * 6 cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart”
This is the error I am getting
“Error 486 Pattern not found 45 2 * * 6 cd”
Please help. Thanks!
Leron Amin says
Hi Abhinav,
The command needs to be pasted without the leading / at the beginning:
Let me know if you have questions,
Joe
sanyam jain says
sir i am getting this error
/var/www/html/ does not exist or is not a directory
on downloading certificates
Leron Amin says
Hi Sanyam,
Try navigating the directory structure one level at a time. For instance:
Also, make sure you’re using Click-to-deploy and not Bitnami, as the file structures differ.
Let me know if you have questions,
Joe
Leron Amin says
No problem!
Glenn says
Every guide you write makes it so eeeaaasssy. Can you write a tutorial for my life?
Leron Amin says
Thanks Glenn – glad you’re enjoying the tutorials!
ivan says
Thank you for the very clear and effective tutorial.
For future readers who encounter an error like this:
Failed to start LSB: data collector for Treasure Data.
What I did was to change my custom meta to:
google-logging-enable 1
Piyush says
Hey there,
I’m a big follower of your work or profession and most of scripts learned from your articles and youtube.
I’m requesting you to give us solution to setup SSL in AWS bitnami wordpress.
Thank you
Leron Amin says
Thanks for the feedback Piyush- there have been a lot of requests for this tutorial, so it’s something I will look into!
Matthew Painter says
Thankyou – A quality tutorial and worked a treat. I linked to your page as a reference.
Leron Amin says
Thanks for the feedback Matthew!
Vishwajeet Kumar says
I was able to rollback to old setting to make the site live but not able to enable SSL. Do you think if Rewrite rule make any issue when enabling the SSL?
Thanks for your help.
Leron Amin says
Hi Vishwajeet,
The rewrite rules have the potential to break your website if they’re not configured properly. That being said, the rewrite rules don’t determine whether or not SSL is properly configured, they just allow you to determine how you’d like Apache to route traffic to your server (such as sending traffic to the HTTPS version of your website, for instance).
Which error message are you seeing when you try to access your domain?
Talk to you soon,
Joe
Tikyda Couassi-Ble says
Thanks a lot, a lot, a lot for making this tutorial on how to set up the SSL certificate and how to renew it. I wish you a good day.
Drew Kachurak says
I get a challenge failed error:
Challenge failed for domain http://www.theframework.app
http-01 challenge for http://www.theframework.app
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: http://www.theframework.app
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for http://www.theframework.app
I followed your guide for pointing my domain to GCP but I’m stuck here.
Tried updating the domain in WordPress and now the admin panel won’t load.
Any ideas?
Leron Amin says
Hi Drew,
It looks like you were able to get the issue resolved, is that correct?
It’s possible that you tried generating the certificate to soon after purchasing the domain, as NXDOMAIN isn’t a typical error.
Hope this helps, and let me know if you have questions!
Joe
alejandro says
Hi leron!
i have an issue and i canΒ΄t acces to my website i check error.log with this server certificate does NOT include an ID which matches the server name and i canΒ΄t to solve it
Leron Amin says
Hi Alejandro,
Did you change the domain when you executed the certificate issuing command? It not, this is likely what’s causing the mismatch (see step 3 of the tutorial).
Let me know,
Joe
Adi says
Hi Leron,
Thanks for this tutorial. I set up the SSL for my site following this tutorial.
I subsequently converted my installation to multisite. I am using different domains on the subsites. Is there anything I should keep in mind while following the tutorial for the other domains?
Thanks for the help.
Adi
Leron Amin says
Hi Adi,
You can either use a wildcard certificate for the subdomains (which Let’s Encrypt started offering not too long ago), or you can simply issue the certificate with each of the subdomains listed in the certificate issuing command.
Make sure to check out Bitnami’s multisite documentation, as it gives a pretty good overview of what a multisite configuration would look like with Apache, regardless of whether you’re using their WordPress Multisite solution.
Talk to you soon,
Joe
Eliyahou Malka says
Hello,
I followed the tutorial and once everything was done my site wasn’t loading, the server was refusing the connection. I see that a few others had the same problem as me.
I found the solution if you can please update your tutorial. You need to allow HTTPS traffic in your firewall directly in your instance. By default it’s not allowed which is why the server is refusing to connect.
Like so https://imgur.com/a/BUJWU3i
Leron Amin says
Thank you for this valuable feedback Eliyahou!
Ben says
Hi,
I’ve completed all the steps until we need to restart apache and I am getting the following error —
Aug 21 23:24:46 prod-site-vm systemd[1]: Starting The Apache HTTP Server…
Aug 21 23:24:46 prod-site-vm apachectl[29876]: AH00526: Syntax error on line 40 of /etc/apache2/sites-enabled/default-ssl.conf:
Aug 21 23:24:46 prod-site-vm apachectl[29876]: SSLCertificateFile: file ‘/etc/letsencrypt/live/priorityroofs.com/cert.pem’ does not exist or is empty
Aug 21 23:24:46 prod-site-vm apachectl[29876]: Action ‘start’ failed.
Aug 21 23:24:46 prod-site-vm apachectl[29876]: The Apache error log may have more information.
Aug 21 23:24:46 prod-site-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Aug 21 23:24:46 prod-site-vm systemd[1]: Failed to start The Apache HTTP Server.
Aug 21 23:24:46 prod-site-vm systemd[1]: apache2.service: Unit entered failed state.
Aug 21 23:24:46 prod-site-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
~
~
Leron Amin says
Hi Ben,
First, navigate to that file in the shell and make sure it actually exists. If it does, open your default-ssl.conf for editing and jump to the line where you added β/etc/letsencrypt/live/priorityroofs.com/cert.pemβ. Now, make sure there isn’t any additional space characters on either side of the 3 lines with the paths to your certificates. If there are extra space characters, delete them. Next, save the file and restart your Apache server.
Be advised that this is a common issue that occurs when space characters are inadvertently added to file paths. Because the system doesn’t know how to interpret them, it throws an error.
Let me know if you have any questions,
Joe
Latish says
Hi Leron,
I also faced the same error with Apache restart – the website also was not loading at this point.
So, I reverted the changes done in both the .conf files, however my website still doesn’t load.
“Firefox canβt establish a connection to the server at example.com”
Is there an easy way to revert back to the non-SSL state?
Thanks
Leron Amin says
Hi Latish,
You can go backwards through the tutorial to undo the steps, but that probably won’t fix the issue. If it were an issue that could be fixed simply by disabling SSL, then you’d see a different type of error in your Firefox browser.
Keep in mind, to disable SSL for the site you’ll also have to disable the Apache modules that were enabled in step 6 of the tutorial. Additionally, you’ll have to change your WordPress site URLs back to the HTTP version. After you’ve done this, make sure to restart your Apache server.
Hope this helps and let me know if you have questions,
Joe
Latish says
Thanks, Joe,
Just like you mentioned undoing of the steps did not solve the problem. I additionally undid step 6 too, using these 2 commands:
1. sudo a2ensite wordpress
2. sudo a2dismod ssl
However, it is the apache restart that is failing. Not sure, how it reached this state, or what is causing the error though:
β apache2.service – The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-08-28 05:42:25 UTC; 38s ago
Process: 2271 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Aug 28 05:42:25 wordpress-1-vm systemd[1]: Starting The Apache HTTP Server…
Aug 28 05:42:25 wordpress-1-vm apachectl[2271]: AH00534: apache2: Configuration error: No MPM loaded.
Aug 28 05:42:25 wordpress-1-vm apachectl[2271]: Action ‘start’ failed.
Aug 28 05:42:25 wordpress-1-vm apachectl[2271]: The Apache error log may have more information.
Aug 28 05:42:25 wordpress-1-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Aug 28 05:42:25 wordpress-1-vm systemd[1]: Failed to start The Apache HTTP Server.
Aug 28 05:42:25 wordpress-1-vm systemd[1]: apache2.service: Unit entered failed state.
Aug 28 05:42:25 wordpress-1-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Leron Amin says
Hi Latish,
When an Apache restart fails, it will generally throw a message with an error code attached. In the case, the error and corresponding message is AHOO534: apache2: Consiguration error: no MPM loaded. Copy this text and paste it into Google, and see what resources show up.
I went through the process described above and found a couple of resources on Stack Overflow which described the error as having to do with the correct Apache modules not being loaded – see the following resources here and here.
Hope this helps and let me know if you have any questions,
Joe
Vishal Sanghi says
Hi
Thank you for the such a nice tutorial. I have one problem where my website without www shows clear certificate both main url as well as wp-admin but when I add www in front it says it is unsecure.
you can check on – https://trendilook.com
Not working – https://www.trendilook.com
Both are active and you can check please help i am stuck
Leron Amin says
Hi Vishal,
It looks like your certicate wasn’t issued correctly – it’s showing it was issued for the development subdomain.
Re-issue your certificate and include first your root domain, followed by the www-version of your domain, followed by all of the subdomains that you wish to add to your certificate.
Hope this helps and let me know if you have any questions,
Joe
Aman says
Thank you, this is an awesome tutorial. I’ve been using your tutorials to move my test site to GCP
However I am stuck on Step #3. This is the command I run:
./certbot-auto certonly –webroot -wΒ /var/www/html/Β -dΒ renegaderunaways.xyzΒ -dΒ www.renegaderunaways.xyz
And this is what I get:
./certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
/var/www/html/ -d renegaderunaways.xyz -d http://www.renegaderunaways.xyz does not exist or is not a directory
I checked for the directory /var/www/html/ and can actually see it in my deployment.
Can you please help?
Leron Amin says
Hi Aman,
Check out this link for information regarding the insecure permissions error.
You need to execute the certbot-auto script from the directory which holds your certbot installation. Are you executing the script from the correct directory location?
Let me know if you have questions,
Joe
Aman says
Hi Joe,
Yes, I am executing it in the right directory (installed in the same directory and checked that it is present).
My understanding is that the insecure permissions warning should not hamper step #2?
Leron Amin says
That’s correct Aman – were you able to get the issue resolved?
Aman says
I did. Thanks for checking.
The problem was silly : the command I copied from your tutorial to my notepad changed the “–webroot” to “βwebroot” (notice the hyphens). Seems macbook notes app changes character encoding.
My website http://www.renegaderunaways.xyz is running on SSL now, thanks to your tutorial. Very useful, keep it up!
Leron Amin says
Hi Aman,
I’m glad to hear you were able to get the issues resolved!
Thanks for the update!
Joe
Syed Zuber says
idesign702@wordpress-1-vm:~$ sudo mv certbot-auto /etc/letsencrypt/
mv: cannot stat ‘certbot-auto’: No such file or directory
idesign702@wordpress-1-vm:~$
Not sure what to do
Leron Amin says
Hi Syed,
Make sure to run the command ls to ensure certbot-auto actually exists in your current directory.
If it doesn’t, you will need to reinstall it by following the steps in step 2 of the tutorial.
Let me know if you have questions,
Joe
Johnny Meza says
omg this tutorial made ssl installation too easy! Thank you so much! A big bonus is that auto renewal cron job. I don’t think I’ll install SSL any other way now.
Denise says
Hi Joe,
I just wanted to say thank you for providing this very valuable video. You made it easy for a novice to follow and successfully add an SSL certificate to my website! I can not thank you enough for taking the time to produce this tutorial.
Leron Amin says
Thanks for the feedback Denise – I’m glad to hear the tutorial helped you!
Leron Amin says
To save the file, try CTRL+X, then Y, then Enter.
Asif says
Is there any tutorial for rolling back to previous settings, if someone failed to follow proper guide? I would really appreciate that. I made an error and site is not loading π
Leron Amin says
Hi Asif,
Follow this tutorial to create disk snapshots, then restore your VM from a snapshot in case anything goes wrong.
Hope this helps and let me know if you have questions,
Joe
Joni cohen says
Thanks for sharing the article!
I know lots of people (including myself) will be thrilled to have wildcard capability.
I agree that it will be an invaluable tool for WP multisite users!
Best regards,
Joe
phillips says
Hi, I found this tutorial very easy to follow, greatly detailed.
I have tried to reproduce it for another app from Bitnami ( Mautic) any idea of what I should adapt ? because it failed so far.
many thank
Leron Amin says
Hi Phillips,
There are instructions for configuring SSL for Bitnami’s Mautic solution which you can view here.
Hope this helps and let me know if you have questions,
Joe
Molly says
Thank you, perfect tutorial.
Leron Amin says
Thanks for the feedback Molly!
Mahabubur Rahman says
Hello
Thank you for sharing content about GCP. your content is awesome and perfect for the beginner like me.
keep up the good work mate. thanks again for your tutorial.
Leron Amin says
Thanks for the great feedback Mahabubur!
Amine says
thanks a lot for this great job, it should’ve took you a lot of time.
Much love from Algeria
Manu says
Hi Leron,
Thank you for the tutorial. It has been very helpful. For the last one year I have been running https without any issues. However, it seems my certificates did not auto renew and my site is down view invalid certificate.
I tried regenerating certificates. However, I am getting the following error: –
Error [Errno 12] Cannot allocate memory while executing command python setup.py egg_info
Exception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/basecommand.py”, line 215, in main
status = self.run(options, args)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/commands/install.py”, line 324, in run
requirement_set.prepare_files(finder)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_set.py”, line 380, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_set.py”, line 634, in _prepare_file
abstract_dist.prep_for_dist()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_set.py”, line 129, in prep_for_dist
self.req_to_install.run_egg_info()
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/req/req_install.py”, line 439, in run_egg_i
nfo
command_desc=’python setup.py egg_info’)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/utils/__init__.py”, line 667, in call_subpr
ocess
cwd=cwd, env=env)
File “/usr/lib/python2.7/subprocess.py”, line 710, in __init__
errread, errwrite)
File “/usr/lib/python2.7/subprocess.py”, line 1231, in _execute_child
self.pid = os.fork()
OSError: [Errno 12] Cannot allocate memory
=====================================================
Certbot has problem setting up the virtual environment.
Based on your pip output, the problem can likely be fixed by
increasing the available memory.
Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
Please help me resolve this.
Thanking you for your support.
Regards,
Manu
Leron Amin says
Hi Manu,
Try following the instructions from the error message to create a temporary swap file.
Try renewing again after creating the swap file.
Let me know if you have any questions,
Joe
Manu says
Hi Leron,
I followed the instructions from the error message and I was able to renew the certificates.
Thank you for your help. You are doing a tremendous job.
Regards,
Manu
Eduardo says
Got this error:
Requesting to rerun ./certbot-auto with root privileges…
/var/www/html/ does not exist or is not a directory
google cloud micro-f1 VM, running ubuntu minimal 16 something LTS (configured within google cloud).
Installed wordpress with docker-compose tutorial. WordPress site is running, can add plugins, posts, pages, so it’s ok.
Leron Amin says
Hi Eduardo,
I haven’t tested this tutorial with WordPress running in containers – so I’m not sure the solution.
Try checking if /var/www/html/ exists as the webroot, as the directory structure may be entirely different.
Let me know if you have questions,
Joe
pguy says
hi !!! thanks for all
when i click on crtl+x nothing happen
Claire says
This really helped me a lot and was so straight forward.
But after installing a second website on Google click to deploy, I am having trouble setting up SSLs for that as I get a conflict.
Can you do a tutorial or help me out?
Alternatively, I tried installing a site to a subfolder on the main website, however, I am having trouble pointing a domain to that folder.
Thank you
Leron Amin says
Hi Claire,
Are you using WordPress multisite? If not, I’d recommend doing so if you’re configuring multiple WordPress websites on the same machine.
To do this with Click-to-deploy, it would be more complex, but you could potentially set up separate virtual hosts for each of the WordPress installs and then use a single SSL certificate to handle SSL for each of the domains.
Let me know if you have questions,
Joe
Vignesh Rajulu says
Hi I have followed everystep carefully but now I am not able to open my site with either http or https.
Error message: server ip address could not be found
Please help me
Leron Amin says
Hi Vignesh,
This sounds like a networking error; which usually are caused by an IP address mismatch between your CloudDNS and your Google Cloud instance.
Please check the comments to this tutorial for potential fixes.
Joe
Alan Scott says
Hello, can someone help me out with this error message I get every time I try to run the Apache restart command. I have tried deleting the instance and reinstalling at least 5 times now, and still no luck. Thank you for your help!
What it first says:
g147190599qru@incki-test-wordpress-vm:~$ sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
Feb 26 04:10:38 incki-test-wordpress-vm sudo[10273]: pam_unix(sudo:session): session opened for user root by g1471
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Stopping The Apache HTTP Server…
— Subject: Unit apache2.service has begun shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun shutting down.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: AH00526: Syntax error on line 43 of /etc/apache2/sites-e
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: SSLCertificateFile: file ‘/etc/letsencrypt/live/inckites
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: Action ‘stop’ failed.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10279]: The Apache error log may have more information.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Stopped The Apache HTTP Server.
— Subject: Unit apache2.service has finished shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has finished shutting down.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Unit entered failed state.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Starting The Apache HTTP Server…
— Subject: Unit apache2.service has begun start-up
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun starting up.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: AH00526: Syntax error on line 43 of /etc/apache2/sites-e
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: SSLCertificateFile: file ‘/etc/letsencrypt/live/inckites
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: Action ‘start’ failed.
Feb 26 04:10:38 incki-test-wordpress-vm apachectl[10286]: The Apache error log may have more information.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Feb 26 04:10:38 incki-test-wordpress-vm sudo[10273]: pam_unix(sudo:session): session closed for user root
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
— The result is failed.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Unit entered failed state.
Feb 26 04:10:38 incki-test-wordpress-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
lines 1726-1767/1767 (END)
Alan Scott says
Sorry, here is the journalct | tail log
Feb 26 04:15:17 incki-test-wordpress-vm google-accounts[954]: INFO Adding user g147190599qru to the Google sudoers
group.
Feb 26 04:15:17 incki-test-wordpress-vm google_accounts_daemon[954]: Adding user g147190599qru to group google-sudo
ers
Feb 26 04:15:17 incki-test-wordpress-vm gpasswd[10362]: user g147190599qru added by root to group google-sudoers
Feb 26 04:15:25 incki-test-wordpress-vm google-accounts[954]: INFO Adding user g147190599qru to the Google sudoers
group.
Feb 26 04:15:25 incki-test-wordpress-vm google_accounts_daemon[954]: Adding user g147190599qru to group google-sudo
ers
Feb 26 04:15:25 incki-test-wordpress-vm gpasswd[10378]: user g147190599qru added by root to group google-sudoers
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: Accepted publickey for g147190599qru from 173.194.90.35 port 4
1420 ssh2: ECDSA SHA256:YfwodcWon8peJG2VuhPMo3/Ra3/ysQ9M/dTSHQTCzhc
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: pam_unix(sshd:session): session opened for user g147190599qru
by (uid=0)
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: lastlog_openseek: Couldn’t stat /var/log/lastlog: No such file
or directory
Feb 26 04:15:25 incki-test-wordpress-vm sshd[10366]: lastlog_openseek: Couldn’t stat /var/log/lastlog: No such file
or directory
Jack Allred says
Hey Joe,
I went through all the steps and got stuck when i left the ssh console. When I try to access my site or the site admin panel using http or https, the connection times out. I have https traffic allowed. I’m not sure how to proceed. Thanks for any help.
Leron Amin says
Is your website still down?
Rasiq Shandar says
my website is also down after the tuturial
Daniel Soloway says
Thanks for this awesome tutorial!
One important note – this caused me lots of headache.
When you generate the Certificates, it tells you which files were created. For example:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mysite.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mysite.com/privkey.pem
Your cert will expire on 2019-05-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
—-
The files here are what must be pasted in step 4!
You have 3 files, but certbot only created two for me.
This caused Apache to not restart and the site to do down.
Thanks again for your hard work!
Angus says
Hi Joe,
Firstly, let me say thank you for the amazing tutorial.
I’m just having an issue with my website. It says https://www.sytes.co.uk/ so I know the SSL must be active, but for some reason it’s saying “Your connection to to this site is not fully secure” (I am using Google chrome)
However when I type in https://www.sytes.co.uk/wp-admin to login to my site, it has the full SSL with the green padlock.
I would really appreciate some help on this π
Many thanks
Kind regards,
Angus
Leron Amin says
Hi Angus,
I’m glad to hear you’ve enjoyed the tutorials – thanks for the feedback!
It sounds like a ‘mixed content’ error. I’d recommend checking out this tutorial for instructions on how to fix the issue.
Let me know if you have any questions!
Joe
Daniel Vitor Peneda Hasse says
Hi Joe,
Thank you for your amazing job making this tutorial.
I’m having the following issue:
When I perform this command:
./certbot-auto certonly –webroot -w /var/www/html/ -d midiaaqui.com.br -d http://www.midiaaqui.com.br
Here is the result:
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for midiaaqui.com.br
http-01 challenge for http://www.midiaaqui.com.br
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. midiaaqui.com.br (http-01): urn:ietf:params:acme:error:connection ::
The server could not connect to the client to verify the domain :: Fetching https://www.midiaaqui.com
.br.well-known/acme-challenge/QavMwG3xYpIzXrWJfN-xRgv3SnBqgWpydS6aRiar9N0: Error getting validation d
ata, http://www.midiaaqui.com.br (http-01): urn:ietf:params:acme:error:connection :: The server could not co
nnect to the client to verify the domain :: Fetching https://www.midiaaqui.com.br.well-known/acme-cha
llenge/iSQdhrVO68dwzwxUK7B3-04XDcrukUAs8OPICqz5s-c: Error getting validation data
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: midiaaqui.com.br
Type: connection
Detail: Fetching
https://www.midiaaqui.com.br.well-known/acme-challenge/QavMwG3xYpIzXrWJfN-xRgv3SnBqgWpydS6aRiar9N0
:
Error getting validation data
Domain: http://www.midiaaqui.com.br
Type: connection
Detail: Fetching
https://www.midiaaqui.com.br.well-known/acme-challenge/iSQdhrVO68dwzwxUK7B3-04XDcrukUAs8OPICqz5s-c
:
Error getting validation data
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Leron Amin says
Hi Daniel,
Your server is attempting to use HTTPS without a valid certificate – which is what is causing the error. In order to validate your domain, certbot sends a request to your domain – and if it can’t access your domain (which it can’t in this case due to the HTTPS error), then certbot will throw an error.
To fix this problem, you need to remove the HTTPS redirect (the three lines of code toward the top of the wordpress.conf file which start with ServerName), which were added in step 5 of the tutorial. Next, you will have to uncomment the snakeoil certificates, and comment the SSL certificates – basically a reversal of the second part of step 4 of the tutorial. After doing this, try to run the certificate issuing command again.
Let me know if you have questions,
Joe
Daniel Vitor Peneda Hasse says
Thank you very much!
sachin panwar says
will it work for wordpress installed via runcloud (free version)?
Leron Amin says
I have not tested this tutorial with runcloud – but it’s possible that other users have.
Vishal Sanghi says
This is simply awesome. I have learnt many things for all your tutorials. Thanks a lot for sharing this. I am able to do the configuration of three SSLs on the single IP with this tutorial. Thanks again.
Just wanted to check what is validity of this SSL and is auto renew is compulsory to do.
Leron Amin says
Hi Vishal,
The certificates are valid for three months, and configuring auto-renewal is not compulsory; you can simply ‘cd’ into the directory that contains ‘certbot-auto’ and execute the following command to run the auto-renewal script:
Let me know if you have any questions,
Joe
Aei says
Hey, great tutorial, just kind of stuck
getting an error when trying to restart
Jan 31 03:46:56 bhp-wp-vm apachectl[5857]: apache2: Syntax error on line 225 of /etc/apache2/apache2.conf: Syntax e
Jan 31 03:46:56 bhp-wp-vm apachectl[5857]: Action ‘start’ failed.
Jan 31 03:46:56 bhp-wp-vm apachectl[5857]: The Apache error log may have more information.
Jan 31 03:46:56 bhp-wp-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Jan 31 03:46:56 bhp-wp-vm sudo[5851]: pam_unix(sudo:session): session closed for user root
Jan 31 03:46:56 bhp-wp-vm systemd[1]: Failed to start The Apache HTTP Server.
I opend /etc/apache2/apache2.conf: Syntax e but not to sure what the syntax should be
Leron Amin says
Hi Aei,
There is a syntax error on line 225 of your apache2.conf file.
To fix the problem, open the apache2.conf file, then jump to line 225 by following the instructions here. Then, identify the syntax error, save the file, and restart Apache.
Hope this helps and let me know if you have questions,
Joe
Leron Amin says
Hi David,
There were multiple comments on this date which referenced this issue. It looks like it was a temporary issue with Certbot; were you able to get the issue resolved?
Talk to you soon,
Joe
Erick Guerra says
Love your content, I seem to to have a use for your GCP and WP “one-click-deploy” related
tutorials.
I have an issue after following your tut and got to changing the “WordPress” and ‘Site’ Url. No the server does seem to respond.
Here is the link to a more full description of my proplem.
https://stackoverflow.com/questions/54374017/adding-http-s-ssl-to-wp-one-click-deploy-gcp-took-to-long-to-respond
any help would be greatly appriciated,
-Erick Guerra
Leron Amin says
Hi Eric,
It looks like you were able to get the issue resolved based on the answer to this question here.
Joe
Adnan Merchant says
Hello sir,
Thank you so much for helping me
when i add ./certbot-auto certonly –webroot -w /var/www/html/ -d trendsdoor.com -d http://www.trendsdoor.com
i get error
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
please help! thank you
Leron Amin says
Hi Adnan,
It looks like you were able to get the website working – what was your solution? I am asking because I’ve seen a couple of recent comments from users with the same issue.
Thanks and talk to you soon,
Joe
mimi says
How can I fix this
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
xception:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/cli/base_command.py”, line 176, i
n main
status = self.run(options, args)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/commands/install.py”, line 393, i
n run
use_user_site=options.use_user_site,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/__init__.py”, line 57, in ins
tall_given_reqs
**kwargs
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 919, in
install
use_user_site=use_user_site, pycompile=pycompile,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/req/req_install.py”, line 445, in
move_wheel_files
warn_script_location=warn_script_location,
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 583, in move_whee
l_files
outrows = get_csv_rows_for_installed(reader)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/pip/_internal/wheel.py”, line 565, in get_csv_r
ows_for_installed
for fpath, digest, length in old_csv_rows:
ValueError: too many values to unpack
=====================================================
Leron Amin says
Hi Mimi,
I noticed numerous comments from other users who were experiencing a similar issue – were you able to get it resolved?
Let me know,
Joe
Antony says
I tried using this tutorial, it turns out well but at certain instances i keep losing the green lock. Any help?
Leron Amin says
Hi Antony,
If the green lock is disappearing on certain pages – that may be caused by insecure content errors. Check out step 1 of this tutorial on how to resolve insecure content errors.
Let me know if you have questions,
Joe
bode says
Hello Joe
i followed all your instructions to this stage of command sudo nano /etc/apache2/sites-available/wordpress.conf to edit the wordpress.conf file but the problem i have is confusing because in your tutorial after executing the command its suppose to come up with three lines of code to be deleted but on my server i have more than three lines making it difficult to identify the files for deletion. I dont want to mess things up since i cant identify the lines to be deleted how can you help.
Regards
Leron Amin says
Hi Bode,
The older Click-to-deploy WordPress configuration file has many lines of code, whereas the new configuration only has a few.
Just make sure the contents of the file match the instructions as provided in the tutorial.
Hope this helps and let me know if you have any questions,
Joe
Sandeep Pal says
Hi,
First of thanks for such great and helpful tutorials, who have made our life very easier, especially of a guy like me who doesn’t know much about this stuff.
Here’s one problem, i have recently migrated my website http://www.palbrosinfotainment.com which i transferred from a free hosting site to GCP after watching your tutorial last year in mid of 2018.
few days ago, my free tier plan had got exhausted and then i had to migrate my website from their. i have again signed up for GCP(With someone else’s details :)).
I watched somebody’s video on youtube about how to migrate manually with help of duplicator plugin. i followed all the steps that were shown in the video and now i am able to access my website.
But this time there are few problems that i am facing.
1. i followed all the instruction for SSL certificate that you told in the tutorial and i received success messages also during installation time but my website is still showing unsafe http.
2. There are few plugins on my website which when i am trying to delete not getting deleted , getting server busy and try later error.
I am in serious need , don’t know what has happened and how to solve it.
Please help.
Thanks in anticipation
Leron Amin says
Hi Sandeep,
I took a look at your website’s SSL configuration and it’s showing that your website is using placeholder certificates.
I would recommend going back through the tutorial and checking if your configuration files match the directive outlined in the tutorial.
Let me know if you have any questions, and talk to you soon.
Joe
Sandeep pal says
Hi,
What is placeholder certificate ?
How to check the configuration files?
Leron Amin says
Hi Sandeep,
The placeholder certificates exist in the Bitnami WordPress stack – which makes me think you may have used the wrong tutorial. Configuring SSL for the Bitnami version of WordPress on Google Cloud is an entirely different process than Click-to-deploy.
The configuration files are the files that end with the .conf extension – they are edited several times throughout the tutorial.
Hope this helps and let me know if you have any questions,
Joe
Sandeep Pal says
Hi Amin,
First of all thanks a lot for these prompt responses, are really helpful.
Actually i have commented on this tutorial page but actually i had followed bitnami one only(the one you have suggested).
I again followed the same process, skipped step no.6 as recommended on the website. There is one step in the tutorial when we have to replace two instruction in wordpress configuration file, i saw the instructions were already the correct one their.
I must tell you that i am also using one plugin on this site that is Really Simple SSL could that be the reason, i thought and then i uninstalled that but still nothing changed my site is still not reflecting HTTPS.
Please see if still you can help me out in this.
Thanks In Anticipation
SP
Leron Amin says
Hi Sandeep,
It looks like you were able to get the issue resolved.
Please reach out if you have any questions or concerns!
Thanks,
Joe
Sandeep pal says
Hey,
I don’t know how but my issue has got resolved.
Thanks
Gerardo says
Hello there! Thank you for your tutorials.
I got the following error after on Step 6, trying to restart the apache server
gguerrab@wordpress-1-vm:~$ sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
I tried to find solutions and ran the following commands:
sudo apt-get -o DPkg::Options::=”–force-confmiss” –reinstall install apache2
sudo apt-get purge apache2
sudo apt-get install apache2
apt-get purge libapache2-mod-php5 php5
apt-get install libapache2-mod-php5 php5
I think I made it worse.
now I can’t access my website (statnote.com) or wp-admin.
any ideas?
thank you
Leron Amin says
Hi Gerardo,
You will have to check either βsystemctl status apache2.serviceβ and βjournalctl -xeβ for details on what caused the error. To do this, execute the following commands:
Also, the four commands that you executed in attempt to fix the problem likely broke the system configuration beyond repair. I would recommend restoring the website from a backup if you have one available. Otherwise, you’re in for a long troubleshooting journey ahead.
Let me know if you have any questions,
Joe
Graeme says
Thanks for the tutorials they are very useful. I completed the SSL steps but can only access mysite/wp-admin using unsafe mode in Chrome. It is showing as not secure and if I try without safe mode I get ERR_CERT_COMMON-NAME_INVALID. Did I miss something?
Leron Amin says
Hi Graeme – it looks like you were able to get it working! What was the problem?
Grateful User says
THANK YOU SO MUCH, I ran thru this ARTICLE LIKE 10 TIMES, BUT FINALLY IT WORKED!!! SO APPRECIATIVE WHAT YOU PUT OUT HERE!!!
Leron Amin says
Thanks Jennifer – glad to hear you were able to get the certificates working!
Lyon Ye says
Hi Joe,
I restore my Joomla websites under /var/www/html folder, as per your instruction, when go to sudo nano /etc/apache2/sites-available/ I only find 3 files, 000-default.conf, default-ssl.conf, and lamp-server.conf, which file will I edit and add the following code?
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName http://www.1pagezen.com
ServerAlias 1pagezen.com
Redirect permanent / https://www.1pagezen.com/
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Leron Amin says
Hi Lyon,
These instructions have only been tested with the WordPress Click-to-deploy solution. Try using the generic Certbot/Let’s Encrypt installer available here. Select your server (Apache), as well as your operating system, which you can find on your solution’s deployment page.
Let me know if you have questions!
Joe
Amir El-Gohary says
Hello Leron,
I did all the steps, but I have this error on the browser:
This site canβt be reached
And this error in the SSH “Important Notes” after writing this command, ./certbot-auto certonly –webroot -w /var/www/html/ -d 1pagezen.com -d http://www.1pagezen.com
DNS problem: SERVFAIL looking up CAA for
Leron Amin says
Hi Amir,
Did you make sure to replace 1pagezen.com with your own domain name in the certificate issuing command?
If you didn’t, you will have to change the command and re-issue the certificates.
Let me know if that helps,
Joe
Amir El-Gohary says
Hello Leron,
Yes, I confirmed this many times, and also confirmed all the steps
Leron Amin says
Hi Amir,
I’m not sure what the issue is, but it likely has to do with your DNS configuration.
First, make sure that your website is accessible via HTTP using your domain name. It needs to be working beforehand, as it is required as part of Certbot’s domain validation process.
Further, do a Google search for “DNS problem: SERVFAIL looking up CAA” – I recently performed this search and found plenty of resources from Let’s Encrypt with instructions on how to fix the error.
Let me know if you have questions,
Joe
Avi Z says
Hello,
We followed your instructions to the T, confirmed that everything was done correct, however when done we cannot access the site. We get an error saying “This site canβt be reached” on the web browser.
When checking the ssl on sllhopper, the site is resolved however it notes
“No SSL certificates were found on ourmily.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall.’
We truly do not know how to proceed.
The only installation different was that we installed the one click multisite installation of wordpress through the market place.
Any help would be appreciated.
Leron Amin says
Hi Avi,
Verify that your instance is allowing HTTPS traffic.
Go to your VM instances dashboard. Click on your instance. Next, click the βEditβ button at the top of the page, then scroll down toward the bottom of the instance settings and make sure that the box that says βAllow HTTPS Trafficβ is checked. Then click the βSaveβ button at the bottom of the page.
Let me know if you have questions,
Joe
Jesse Clevenger says
I’m glad i found this comment. I didnt have the https box checked. Thank you for the tutorial!!!
Vlad Yushvah says
Hello Loren,
Thank you for these instructions.
I ran into a problem though. I tried command to restart Apache server and got the following message:
sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
I am not sure what this all means. I went ahead and restarted VM, but now can’t access website at all. I can’t access WP admin by ip either. Please advise, what can be done.
Regards,
Vlad
Leron Amin says
Hi Vlad,
Run the following commands from the error message for additional feedback regarding what caused the error:
Additionally, run the following command:
Check the output from each of these commands in order to gather clues as to what’s causing your error.
Let me know if you have questions,
Joe
Vlad Yushvah says
Hello Joe,
Your advise led to clues, which I was able to fix. Thank you.
Now I have an issue with 301 redirects from http to https. I did follow your instructions from 301 redirect article, but no luck. If you visit inetcrypto.com, it will take you to a non secure site.
Please advise
Leron Amin says
Hi Vlad,
I’m glad you were able to get the issue resolved!
The HTTP to HTTPS redirection is handled by the following directive from step 7 of the tutorial:
The 301 redirect article is for re-routing pages/assets that have been deprecated – it’s not for configuring HTTP to HTTPS functionality for your web server.
Regarding your website, everything appears to be working fine. I noticed some ‘mixed content’ errors in the console, which I go over how to fix in step 1 of this tutorial. Regarding the menu links not working – check out this tutorial; you may have to update your WordPress menu links through the WordPress dashboard.
Please reach out if you have any questions,
Joe
Julien says
Hello,
When i try create certificat i have error message :
Replacing certbot-auto…
Saving debug log to /var/letsencrypt/log/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for http://www.yopbox.com
http-01 challenge for yopbox.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. http://www.yopbox.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the cl
ient to verify the domain :: Fetching http://www.yopbox.com/.well-known/acme-challenge/D38oUe4qPEV6XeeBcTXSvL-v6lz8KDmLLkqvSiSyovc: Conne
ction refused, yopbox.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the do
main :: Fetching http://yopbox.com/.well-known/acme-challenge/tIXmO59nUVpaO099rLk19ExsnyVtG42qhUXO1ghKBTE: Connection refused
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: http://www.yopbox.com
Type: connection
Detail: Fetching
http://www.yopbox.com/.well-known/acme-challenge/D38oUe4qPEV6XeeBcTXSvL-v6lz8KDmLLkqvSiSyovc:
Connection refused
Domain: yopbox.com
Type: connection
Detail: Fetching
http://yopbox.com/.well-known/acme-challenge/tIXmO59nUVpaO099rLk19ExsnyVtG42qhUXO1ghKBTE:
Connection refused
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Can you help me please ?
My website is offline π
Amir El-Gohary says
Hello,
Did u solve this ?
Tom P says
Hello Joe,
Thank you for the tutorial video. After I followed and complete the your guideline steps, I tried to sign in “https://trendyls.com/wp-admin”. But, I couldn’t sign in the WP front end. It does not recognize the user name and/or password.
I followed this below but it did work neither.
https://onepagezen.com/domain-name-configuration-wordpress-google-cloud/#comment-7740
Thank you
Leron Amin says
Hi Tom,
If you migrated the site using the All-in-one WP Migration plugin, the password will be your original WordPress password – not the new one. If you didn’t migrate the site, open the GCP sidebar menu and navigate to Marketplace > Your Solutions, then click on the WordPress solution that you deployed: the username and password will be listed therein.
Let me know if you have questions,
Joe
Tom P. says
Hi Joe,
Yes. I did migrate the site using the All-in-one WP Migration plugin. I have tried the password my original WordPress password again, but it did not take it.
It didn’t recognize either the import site or export site passwords after the migration. I seeked the support team from All in One Migration for help . The Support Tech sent me an adminer.php and have it uploaded to the root directory. I enabled to sign in the WP admin after that. Now, it couldn’t let me sign in after the completion of creating SSL certificates for the site. I have tried all the passwords that I found. Please give me any suggestions. Thank Tom
Tom P. says
Hi Joe,
The issue is solved. I can sign in WP-Admin now. I have the Tech Support from All in One Migration sent me the reset password (adminer.php) file.
Thank you for your help.
Tom
Leron Amin says
No problem Tom – I’m glad you were able to get it worked out!
Graham Widgery says
Hi. Thanks for the great tutorial. Got my site secure.
I have one issue though. Some of the pages (the homepage) show the full padlock on chrome and says ‘Connection is Secure’, however some of the other pages (how it works) show the exclamation point on chrome and says ‘Your connection to this site is not fully secure’. Suggesting that the images are not secure.
Any idea what might cause that?
Leron Amin says
Hi Graham,
Those are likely ‘mixed content’ errors. They are very common and occur when your website is using image links with an http:// instead of https:// prefix. I go over how to fix mixed content errors in step 1 of this tutorial.
Please reach out if you have any questions!
Joe
lura says
Sir, Please Tell Me How To Solve This Problem? View This Image Link https://imgur.com/a/elmjwsv
Leron Amin says
Hi Lura,
The error is presenting itself because you made too many certificate requests within a set period of time.
You will have to wait awhile before trying to issue certificates again.
Let me know if you have questions,
Joe
Cricket says
On the Cerbot website, it says: “Since Certbot is packaged for your system, all you’ll need to do is apt-get the following packages. ”
And, “Certbot has an Apache plugin, which is supported on many platforms, and automates certificate installation. Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. ”
See: https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
My question is, is the method recommended by Certbot a better method? It has a lot less steps and also doesn’t require any manual editing of server configuration files.
Also, will the changes we make to default-ssl.conf file, for example, not be overridden during an update/upgrade?
Leron Amin says
Hi Cricket,
I haven’t tested that method with Bitnami, but it should work just fine with Click-to-deploy. That being said, I can’t vouch for the auto-renewal configuration.
Also, I haven’t had any issues with default-ssl being overwritten after an upgrade.
If you give the install a try, let me know how it goes.
Thanks,
Joe
Cricket says
It worked fine, Joe! I can’t thank you enough for the tutorials – you have helped me and many others immensely and may you be blessed in abundance for that!
Leron Amin says
Thanks for the feedback and kind words Cricket – I’m glad to hear you were able to get it working!
Michell Concepcion says
Hello,
I can not update the URLs on my WordPress page because it no longer loads.
It remains loading and then a blank page appears saying (You can not access this site http://www.xoaccesorios.store took too long to respond.)
No error appeared in the previous steps. Please help me.
Leron Amin says
Hi Michell,
Use this workaround to temporarily force-change your URLs in order to access your dashboard again.
Let me know if you have questions,
Joe
Zan says
Hi,
I try to follow your instruction:
./certbot-auto certonly –webroot -w /var/www/html/ -d 1pagezen.com -d http://www.1pagezen.com (change domain name)
I get this message:
Requesting to rerun ./certbot-auto with root privileges…
Upgrading certbot-auto 0.27.1 to 0.28.0…
Replacing certbot-auto…
/var/www/html/ does not exist or is not a directory
How to fix it?
Leron Amin says
Hi Zan,
Are you using the Click-to-deploy version of WordPress on Google Cloud?
What is the output when you run the following command:
Talk to you soon,
Joe
Ardy says
Joe I have same error and run the command as you suggested and here is what I get:
-bash: cd: /var/www/html/: No such file or directory
Leron Amin says
Hi Ardy,
/var/www/html is the webroot of the Click-to-deploy version of WordPress on GCP. This directory doesn’t exist in the Bitnami version.
If you can’t locate the directory, check out this tutorial of Linux commands, including commands for navigating your system’s directories.
Let me know if you have questions,
Joe
Alex says
I have this problem as well. I used the click to deploy WordPress version, not the bitnami and I am unable to find the /var/www/html directory even after searching around in the shell with the directory commands.
Did something change perhaps in the click to deploy image after this blog post?
Leron Amin says
Hi Alex,
I just deployed a Click-to-deploy image and the /var/www/html directory does exist. To test this, SSH into your instance and run the following command:
If this doesn’t work for you, it’s possible that you deployed the wrong image. When you first deploy the WordPress Click-to-deploy image from the Google Cloud Marketplace, make sure that you deploy the Click-to-deploy ‘virtual machine’ option, and not the container option.
To further elaborate, if you do a search for ‘WordPress Click’ in the Google Cloud Marketplace, you will see several WordPress Click-to-deploy options: they are all different. You need to deploy the ‘virtual machine’ option.
Let me know if you have any questions,
Joe
Alex says
I figured out the issue. D’oh on my part. I am using the correct Click to Deploy version of WP, however i was in the wrong SHELL somehow.
If you click the dropdown on the SSH button on the instance page, and choose open in new window, you get to the right spot where the commands work.
However, if you choose “view gcloud command” it’s opens up in the bottom pane of the window in a gcloud shell CLI environment. I was typing in all the commands successfully up until it couldn’t find that directory in the cloudshell CLI. Very confusing that you end up in 2 different environments. Perhaps the cloud shell is the hypervisor layer, and the other brings you directly inside the debian image OS. Not quite sure, but that solved things for me. Maybe that will help others who ran into the same issue and are definitely using the right click to deploy version.
Victor says
The tutorial was very objective and helped me a lot, thank you for sharing! Great work!
yudikrisno says
hi joe. can you assist me step by step how to install DV ssl from CA? i assume that i just need to upload the 3 file and it will be jump to step 4 of your tuts. am i correct? also what is the command line for searching the path of the file that i just uploaded? by the way, your tuts is very helpfull on my first project. this is my second project on GCE. thank you so much.
best regards
Leron Amin says
Hi Yudikrisno,
You are correct about the process. I had a similar question which I just recently answered – you can view it here.
I’m glad the tutorials have been helpful, and please reach out if you have any questions,
Joe
Subhadeep Kolay says
Hello, Along with the domain I purchased the SSL certificate in Namecheap. I am using WordPress click to deploy in compute engine. I have updated the name server, my site is running. Since I already have an SSL certificate how can I add my existing certificate to my WordPress site in compute engine. Please help me out.
Leron Amin says
Hi Subhadeep,
Start at step 4 of the tutorial after you’ve uploaded the NameCheap certificates to your server. The upload can be done via FTP, which I cover in this tutorial.
Also, when you add the certificate file paths to your default-ssl.conf file in step 4, you will need to make sure that the file paths accurately reflect the correct paths to the NameCheap certificates on your server, not the path to the Let’s Encrypt certificates.
Let me know if you have questions,
Joe
Craig Williams says
Joe, I have walked through the steps successfully four times but I am during step 3 (Generate Certificates) on the first command it errors out as such:
——————————————-
Error:
Creating virtual environment…
Installing Python packages…
Traceback (most recent call last):
File “/tmp/tmp.6cVBam4RAz/pipstrap.py”, line 184, in
exit(main())
File “/tmp/tmp.6cVBam4RAz/pipstrap.py”, line 165, in main
for path, digest in PACKAGES]
File “/tmp/tmp.6cVBam4RAz/pipstrap.py”, line 120, in hashed_download
response = opener(using_https=parsed_url.scheme == ‘https’).open(url)
File “/usr/lib/python2.7/urllib2.py”, line 437, in open
response = meth(req, response)
File “/usr/lib/python2.7/urllib2.py”, line 550, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib/python2.7/urllib2.py”, line 469, in error
result = self._call_chain(*args)
File “/usr/lib/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 656, in http_error_302
return self.parent.open(new, timeout=req.timeout)
File “/usr/lib/python2.7/urllib2.py”, line 437, in open
response = meth(req, response)
File “/usr/lib/python2.7/urllib2.py”, line 550, in http_response
‘http’, request, response, code, msg, hdrs)
File “/usr/lib/python2.7/urllib2.py”, line 475, in error
return self._call_chain(*args)
File “/usr/lib/python2.7/urllib2.py”, line 409, in _call_chain
result = func(*args)
File “/usr/lib/python2.7/urllib2.py”, line 558, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 503: Backend is unhealthy
———————————
My command was:
./certbot-auto certonly –webroot -w /var/www/html/ -d thyme-collective.com -d http://www.thyme-collective.com
Any ideas?
Thanks Joe!
Craig
Leron Amin says
Hey Craig,
I ran a test for your certificates and it appears that they’re configured correctly.
The only issue I notice when I visit your website are some insecure content errors, which are a front-end problem and are unrelated to your server configuration. Check out this tutorial here where I go into details on how to address insecure content errors.
Let me know if you have questions,
Joe
Maven Pol says
I think I found a solution to my earlier comment. It’s not at all perfect because the “green lock” is still not showing – that’s another thing I’ll have to resolve. But at least my site is now loading *yey!*.
I had to create a firewall rule (this step has been flashing all along on my Deployment Manager home):
Open HTTPS traffic
This firewall rule is not enabled. To allow specific network traffic from the Internet, create a firewall rule to open HTTPS traffic for target tag “xxx-tcp-443”. Learn more
If you are using Google Cloud SDK, type the following command in the terminal (provided):
This solved my initial problem… Your tutorials btw made my wordpress migration to GCP a smooth ride, thank you so much!
Leron Amin says
Hi Maven,
Thanks for brining this to my attention! I appreciate you sharing your solution, as it brings an important issue to to my attention.
In step 2 of this tutorial, it’s necessary to check the two firewall boxes to enable both HTTP and HTTPS traffic. I realize that these boxes are left unchecked by default, so I will revise the tutorial to emphasize their importance.
Thanks,
Joe
Maven Pol says
Hi,
I tried the steps but failed in #7. I couldn’t open my site anymore. I tried modifying wp-config.php directly to replace ‘WP_SITEURL’ and ‘WP_HOME’ to point to https instead of http. And then moved it back to http because it still didn’t work. Kept on restarting apache for every file change I make… still not successful. The error I got from the error.log is “server certificate does NOT include an ID which matches the server name.”
Is there anything that I’m missing? Please help… Thank you!
Taylor D Williams says
I am getting this error and I don’t know what I did wrong.
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
I went to the details and it is give me this:
Nov 01 17:26:02 elev8-vm apachectl[494]: AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/default-ssl.
Nov 01 17:26:02 elev8-vm apachectl[494]: SSLCertificateFile: file ‘/etc/letsencrypt/live/elev8expo.com/cert.pem’ doe
Nov 01 17:26:02 elev8-vm apachectl[494]: Action ‘start’ failed.
Nov 01 17:26:02 elev8-vm apachectl[494]: The Apache error log may have more information.
Nov 01 17:26:02 elev8-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Nov 01 17:26:02 elev8-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
— The result is failed.
Nov 01 17:26:02 elev8-vm systemd[1]: apache2.service: Unit entered failed state.
Nov 01 17:26:02 elev8-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Nov 01 17:26:02 elev8-vm sudo[487]: pam_unix(sudo:session): session closed for user root
Nov 01 17:29:28 elev8-vm sshd[525]: Invalid user staff from 91.121.90.133 port 35276
Nov 01 17:29:28 elev8-vm sshd[525]: input_userauth_request: invalid user staff [preauth]
Nov 01 17:29:28 elev8-vm sshd[525]: Received disconnect from 91.121.90.133 port 35276:11: Normal Shutdown, Thank you
Nov 01 17:29:28 elev8-vm sshd[525]: Disconnected from 91.121.90.133 port 35276 [preauth]
Can you help me fix it my site is not working right now?
Leron Amin says
Hi Taylor,
The first section of the error message indicates that there is an error with your certificate configuration:
AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/default-ssl and SSLCertificateFile: file β/etc/letsencrypt/live/elev8expo.com/cert.pemβ doe
This type of error is common, and unfortunately there can be multiple causes. Below are a couple of solutions to try:
1. Open your default-ssl.conf file again (
sudo nano /etc/apache2/sites-enabled/default-ssl.conf) and scroll down to the line with your SSL certificate file listed SSLCertificateFile:/etc/letsencrypt/live/elev8expo.com/cert.pem and make sure there are not space after any of the 3 certificate-file lines. If there are, use the backspace button on your keyboard to remove the excess spaces. Save the file and restart Apache.2. Change the owner or permission level of your cert.pem file to see if that’s causing the error. You can change the permission level by running the following command:
Let me know which (if any) of these solutions work for you.
Thanks,
Joe
Taylor says
I got through the main setup process, but ran into a snag with your instruction for auto-renewal.
Typing in “sudo mv certbot-auto /etc/letsencrypt/” to the SSH console genrates the response “mv: cannot stat βcertbot-autoβ: No such file or directory”
How do I get around this?
Leron Amin says
Hi Taylor,
Make sure you are in your home directory. Type:
Then type the following command to verify that Certbot actually exists in your home directory:
If it doesn’t exist, re-download it:
Let me know if you have any questions,
Joe
Taylor says
I started a new SSH session, typed in ‘cd’ just to make sure I was home. I then typed ‘ls’ an received the response ‘certbot-auto.1’
I then typed in ‘sudo mv certbot-auto /etc/letsencrypt/’ but still get ‘mv: cannot stat βcertbot-autoβ: No such file or directory’ as the response
Leron Amin says
Hi Taylor,
The file was named certbot-auto.1 because you had more than one certbot installation in that directory at some point. The solution is to rename the file to ‘certbot’ by running the following command:
After you’ve renamed the file using the above command, try moving it again:
Good luck,
Joe
Taylor says
I executed the name change command, but hitting enter just re-shows the starting prompt.
Again I tried the ‘sudo mv certbot-auto /etc/letsencrypt/’ command and received:
‘mv: cannot stat βcertbot-autoβ: No such file or directory’
Leron Amin says
Ok – so what is the output when you run the
lscommand?Taylor says
I should also add – this was a TOTALLY new google cloud setup, the only thing we did prior to going through this SSL setup was to execute the one-click install WP VM instance.
This said, there would be no reason for an existing cerbot scheme to already exist or have any additional configuration settings.
JC says
Thank you this absolutely helped me!
I am new to cloud hosting and it’s people like you that makes it easier and possible to enter a new market.
Just one question I have that I don’t seem to find, we have SSL up now but that is not http/2, how do we enable HTTP/2 does that enable with load balancing?
Thank you again!
Leron Amin says
Hi JC,
HTTP2 is a separate module that needs to be both enabled and added to your Apache configuration.
I don’t have a tutorial on the subject now, but hope to have one shortly. In the meantime, check out this DigitalOcean article on the subject.
Do note that the HTTP2 module is only compatible with the later releases of Apache (2.4.17+).
Talk to you soon,
Joe
Edward says
Hi,
I am getting the following code when trying to restart the server. This happens after editing the wordpress.conf file.
”
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
”
This is what I’ve added in that file:
”
VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName http://www.univrse.co.uk
ServerAlias univrse.co.uk
Redirect / https://univrse.co.uk/
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
”
It is very strage because it is working on another site I have befirst.one – but not on this one.
Any tips?
Many thanks.
Leron Amin says
Hi Edward,
I just revised the tutorial (take a look!) to account for the recent changes to the Click-to-deploy stack.
Please go over the new tutorial and check that your configuration matches.
Feel free to reach out if you have any questions,
Joe
JC says
Thanks Leron OnePageZen should be labelled Super Heros!!! Google should be paying you full time for this it’s really awesome huge huge thank you!
Leron Amin says
I wish Google were paying me full time… or anything for that matter! π
Eduard says
It is working now.
You re a star.
Thanks
Leron Amin says
Thanks Eduard! π
Kawish Shafiq says
Hi,
i am stuck and https isn’t working may be because of
sudo nano /etc/apache2/sites-available/wordpress.conf
under this command
i haven’t found VirtualHost tag
where i can put following command…
ServerName http://www.1pagezen.com
ServerAlias 1pagezen.com
Redirect permanent / https://www.1pagezen.com/
there is only
Options -Indexes
these lines
and when i am restarting apache server its showing error in code.
please help
Leron Amin says
Hi Kawish,
I go over a workaround in this comment.
Let me know how it goes!
Joe
Youlong Chey says
I got this problem too.
Leron Amin says
Hi Youlong,
I just updated the tutorial. Please give it a look and let me know if you’re able to resolve your issue.
Thanks,
Joe
shiva says
how to protect wordpress website from hackers ….
Leron Amin says
Hi Shiva,
Here are a few quick tips, in order of importance:
1. Use strong passwords
2. Keep regular backups (snapshots) of your instance on Google Cloud, so that you can quickly restore your website in the case of an outage.
3. Use 2-factor authorization on all Google Cloud and domain name provider accounts.
4. Disable access to phpmyadmin via web browser (standard in Bitnami)
5. Use a tool such as Fail2ban to block suspicious IPs
Let me know if you have any questions,
Joe
shiva says
Thank you for reply.
there is a issue with database connectivity after some days as you told to Kawish see below for reference,can you make another video as per with updated Click to deploy.
October 8, 2018 at 2:37 pm
Hi Kawish,
I go over a workaround in this comment.
Let me know how it goes!
Joe
Leron Amin says
Hello Shiva,
I just updated the tutorial to make it compatible with the updated Click-to-deploy configuration.
Give the new tutorial a look and let me know if you have any questions,
Joe
Ollie Townsend III says
I have a question (that maybe you have already answered in another tutorial, but this is the one I keep coming back to so I figured it might be useful to know here for others.) This setup works wonders for how I have my website. I have moved to virutal hosting multiple sites under one instance. It seems that the last site I create the SSL certificate for trumps all others and everything starts to point to that folder instead.
Leron Amin says
Hi Ollie,
I would recommend adding all of your websites to a single certificate file, then configuring each site to use the same certificate. This will use less resources if you run a job to automatically renew the certificates.
Regarding everything pointing to the new folder, this is an issue with your server configuration and is likely not related to the certificate itself.
Let me know if you have any questions,
Joe
Ollie Townsend III says
I didn’t even consider that as a possibility! I ran it once with my first domain I was testing, then ran it again with the second domain. So when I try the first domain (without typing httpS) it starts to redirect to the secure version and tells me that there’s a security issue… then tries to point to the second domains URL. So I configured my SSL setup is in correct. I am guessing that I can just -d domain1.com -d domain2.com to set everything up?
Leron Amin says
Yes – it will simplify your configuration quite a bit. If you have numerous domains and subdomains, your certificate issuing command would be (replace example.com with actual domain name):
Ollie Townsend III says
I just realized though, it would require /var/www/html/domain -d domain1.com /var/www/html/domain2 -d domain2.com though right? Are you able to do additional paths for that? I would guess having it at the root domain (/var/www/html/) would cause all types of issues .
Leron Amin says
Hey Ollie,
That’s correct.
The webroot location that you include in the certificate issuing command is used for the purpose of validating your domains each time a certificate is issued/renewed. The correct syntax for issuing a certificate for multiple domains/subdomains in separate directories on a single instance is discussed in this Let’s Encrypt thread – for example:
Let me know if you have any questions,
Joe
Bruno A. Jimenez Reyes says
Thank you for the great tutorial.
Honestly, I wasn’t expecting it to be that complex… I don’t know why I was even expecting the SSL certificate would be magically available “by default”… well, maybe I’m just a newbie.
I follow the first tutorial I found on the youtube channel at: https://www.youtube.com/watch?v=qEgTUL5ZLV4. Crucially, before realize there was a new tutorial, I followed the old one to the point of installing “git”… Curiously, when I’ve entered the “sudo -i” command, first I get a series of text with an error, but when i’ve enetered again, it magically “root” me. However, in this new tutoria I’ve discover that I don’t need to log in as root.
However, after following to the letter the instructions above… of course the site went offline! π
I’ve recheck carefully everything, enter as root administrator again and cancel git.
Currently, my site is still offline. The issue seems to be a mismatch in the servername given on the first line of the code to add to the WP config file. I’ve tried to edit it into different versions (http://, with and without the “www”), but Apache server won’t restart: I get this error:
“Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.”
Using “journalctl | tail”, I got:
“Sep 29 23:00:11 wordpress-1-vm systemd[1]: Failed to start The Apache HTTP Server.
Sep 29 23:00:11 wordpress-1-vm systemd[1]: apache2.service: Unit entered failed state.
Sep 29 23:00:11 wordpress-1-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Sep 29 23:02:26 wordpress-1-vm sshd[11122]: Invalid user pi from 211.43.127.239 port 34952
Sep 29 23:02:26 wordpress-1-vm sshd[11122]: input_userauth_request: invalid user pi [preauth]
Sep 29 23:02:26 wordpress-1-vm sshd[11124]: Invalid user pi from 211.43.127.239 port 34954
Sep 29 23:02:26 wordpress-1-vm sshd[11124]: input_userauth_request: invalid user pi [preauth]
Sep 29 23:02:26 wordpress-1-vm sshd[11122]: Connection closed by 211.43.127.239 port 34952 [preauth]
Sep 29 23:02:26 wordpress-1-vm sshd[11124]: Connection closed by 211.43.127.239 port 34954 [preauth]
Sep 29 23:02:56 wordpress-1-vm google-accounts[895]: INFO Removing user astrogim.”
Which sounds like something frigging serious… don’t it? This is, pretty much, as far as I can go with my limited understanding of Linux and command line. So, hear my message:
THANK YOU IN ADVANCE FOR ANY HELP OUT THERE GUYS!
Leron Amin says
Hey Bruno,
Glad the tutorial was helpful to you!
Who is user pi? Is that your Linux user? It looks like the permissions for the user aren’t configured correctly. Check out this thread here for more information and a potential solution.
Let me know if you have any questions,
Joe
Nolan Au says
Followed the step on second time and successfully added SSL on my wordpress site.
Many thanks of your great work.
Leron Amin says
Thanks for the feedback Nolan – I’m glad to hear the tutorial worked for you!
Kristoff Hamilton says
Hey Leron,
Can you assist me in resolving the error below, after following the steps outlined, I tried to test the certificate and received the following error:
Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests
Try these other domain names (extracted from the certificates):
click-to-deploy-5b8e9883-8711-a22c-e510-224be2229225.c.cloud-marketplace-ops.internal
What does this mean?
We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It’s possible that:
The web site does not use SSL, but shares an IP address with some other site that does.
The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
The web site uses a content delivery network (CDN) that does not support SSL.
The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
Thank you
Leron Amin says
Hi Kristoff,
The server is showing a dummy certificate that came pre-installed with the software stack.
If the domain name is an alias for another website, then the domain alias should be added to the SSL certificate for the primary domain on the ‘other’ (main) website’s server. In this particular instance, the ‘SSL checker’ is still picking up on the dummy certificates – which indicates that the SSL certificates haven’t been added to your configuration file (wordpress.conf).
I would recommend checking out this section of the Apache docs for information about configuring separate virtualhosts in order to serve content from multiple domains under a single IP Address.
Let me know if you have any questions,
Joe
Kristoff Hamilton says
I followed the steps and now I can’t pull up the home page for my website, is there any way for me to delete the SSL Certificate and start over from the beginning?
Leron Amin says
Hi Kristoff,
You can place a # symbol to the left of the certificate files in order to ‘deactivate’ them. You will also need to add the # symbol next to the https redirect at the top of the .conf file. You will also need to change your WordPress URLs back to http on your settings page.
Let me know if you have any questions,
Joe
Nolan Au says
me too…
Peter says
Big thanks! I was able to get my client website secured!
R says
When I open
sudo nano /etc/apache2/sites-available/wordpress.conf
The only lines I see in it are:
Options -Indexes
I don’t see the stuff to put that code inside of… am I missing something?
Leron Amin says
Hi R,
Unfortunately the Click-to-deploy stack was updated recently, and there have been some major changes. I am going to have to update the tutorial.
In the meantime, try pasting the code from this comment into your wordpress.conf file. After pasting the code, remember to change the lines with the domain names from 1pagezen.com to your own domain name.
After doing that, save the file and restart apache:
Let me know if you have any questions,
Joe
Seshu says
Hi I need help with Nginx configuration. I am using nginx google click to deploy vm instances. Certificates have been generated but need help with configuration
Nicolas Frichot says
Hi. I am using this command: sudo nano /etc/apache2/sites-available/wordpress.conf
But am getting only this appearing. Can you advise please? This is preventing me from completing step 7. I used this tutorial once before in the exact way and had a positive outcome.
Options -Indexes
Leron Amin says
Hi Nicolas,
The stack is different from when the tutorial was first created. I am going to have to update it.
Check out this comment regarding the lines of code that should appear in your wordpress.conf file. Try copying and pasting those lines into the file, making sure to use your own domain name in the three redirect lines.
Please let me know if this works.
Thanks,
Joe
Prakash says
Hello , Thanks for giving tutorial , all command was work but problem is ,Not able to start apache2 server i am getting error msg .
“root@wordpress-1-vm:/etc/letsencrypt# sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
root@wordpress-1-vm:/etc/letsencrypt# ”
Looking for your help .
Thanks
Leron Amin says
Hi Prakesh,
Don’t run the restart command as root user. If you’re using root user, you can switch to your default by running the following command:
After running the
exitcommand, switch to your home directory by running:Then try running the restart command again:
Let me know if you have any questions,
Joe
Jeremy Glassenberg says
Hi Joe,
I encountered the same issue and tried these commands but still encountered the same error. My site currently gives “ERR_CONNECTION_REFUSED.” Any ideas to get past this hurdle? This tutorial has been great so far!
Leron Amin says
Hi Jeremy,
Thanks for reaching out – were you able to get the issue resolved?
There can be many reasons for an ERR_CONNECTION_REFUSED, but first thing I would recommend is running:
If the system doesn’t return any errors, I would next verify that your DNS is configured properly.
Hope this helps and let me know if you have any questions,
Joe
sakshi says
after runing this coomand
sudo apachectl configtest
i get
AH00526: Syntax error on line 7 of /etc/apache2/sites-enabled/wordpress.conf:
Redirect takes one, two or three arguments, an optional status, then document to be redirected and destination URL
Action ‘configtest’ failed.
The Apache error log may have more information.
Leron Amin says
Hi Sakshi,
The configtest is used to determine whether your Apache configuration is correct before restarting your server.
In this case, there’s an issue with one of the directives on the 7th line down in your wordpress.conf (this could be a typo or it could be incorrect formatting). Feel free to respond to this message with the existing directives in your wordpress.conf, and I will help you debug.
Talk to you soon,
Joe
Craig says
Joe,
You write wonderfully concise instructions. The level of detail is always spot on to not digress into things not important to the steps. The video is just icing on the cake.
I have used many of your instructions to great effect but was very concerned about this change and the number of steps involved. It worked perfectly (three times for three sites).
Well Done!
-Craig
Leron Amin says
Hey Craig,
Thanks for the awesome feedback!
I’m glad the tutorial has worked for you. I will be working on improving the tutorial in the next few weeks, so hopefully it will be even better the next time you use it.
Talk to you soon,
Joe
Eli Malka says
Hey I would appreciate some help on the last part (HTTPS Redirect).
I have the same the same problem as the person below me. I did everything correctly step by step twice (Deleted VM and did it again) and it’s still the same result.
I entered “sudo nano /etc/apache2/sites-available/wordpress.conf” and this is what I got.
https://imgur.com/a/9JKD72y
My website works perfectly fine.
I did what you suggested by switching to root and entered both of the commands below and I got the same result as the first one.
“sudo nano /etc/apache2/sites-available/wordpress.conf”
“sudo nano /etc/apache2/sites-available/wordpress.conf”
Help?
Unrelated question, how do I leverage browser caching with google cloud?
Leron Amin says
Hi Eli,
I just created a new Click-to-deploy instance and it appears that there were changes to the wordpress.conf file, as I’m seeing the same thing that you are.
Try adding a # symbol to the left of each of the three lines of code in the file in order to deactivate them. Then, add the code following code snippet:
Also, remember to replace 1pagezen.com with your own domain name (in the code snippet). I haven’t tested this yet, so please let me know if it works. Remember, you will have to restart Apache for the changes to take effect.
Regarding browser caching, I don’t have a tutorial on the subject yet but hope to in the near future.
Thanks and looking forward to hearing from you soon,
Joe
Eli Malk says
Thank you for your quick reply but I found an easy solution. I found a plugin called “Really Simple SSL” that instantly moved my entire site to SSL π
Leron Amin says
Perfect – I’m glad to hear you got it working!
Patric says
Hi Leron
Thank you very much for your really helpful tutorials!
I had the same problem and couldn’t access my site because of too many redirects. So I copied and pasted the above code for the wordpress.conf file.
Very important: You then have to restart Apache! I know, you mentioned it, but I want to make it clear here in the comment to help others with the same problem.
Again, thank you very much!
Leron Amin says
Hey Patric – thanks for great tips! I’m glad you were able to get it working.
Kristoff Hamilton says
Do you have to ident the code or just copy and paste
Leron Amin says
Hi Kristoff,
Just copy and paste the code. You can indent it you find it more readable, but it is not necessary.
Let me know if you have any questions,
Joe
Sarkhan Latifov says
Hi Loren,
Thank you for your great tutorials.
This is my third website that I am trying to create. I have done first two websites using your great tutorials.
But now I faced with a problem.
I want to enable HTTPS Redirect at level seven (7. Enable HTTPS Redirect)
When I execute “sudo nano /etc/apache2/sites-available/wordpress.conf” file only
”
Options -Indexes
”
appears. So I am not able to go on next step.
Can you please guide me to fix this issue?
Thank you for your help.
Leron Amin says
Hi Sarkhan,
I’m glad to hear you’ve had success with the tutorials in the past.
As far as your issue – is it possible that the contents of the file were deleted?
Try switching to root user with
sudo -iand opening the file with the following command:Also, please include screenshots – maybe a GIF if possible – to show what happens when you run the command:
Talk to you soon,
Joe
Sarkhan says
Hi Loren,
Thank you for your interest.
Probably I know my mistake. When I executed this comment line, “sudo nano /etc/apache2/sites-available/wordpress.conf” I mistakenly changed “wordpress” term with my website domain name “kagitkarton”.
And when I execute sudo -i and then following comments, again this statements appear:
Options -Indexes
I also record a screen video and I am adding the ling below.
I hope it will help you to understand my problem.
https://www.youtube.com/watch?v=fv47K5m0EpA&feature=youtu.be
Thank you Loren. I hope I’m not disturbing you.
Leron Amin says
Hi Sarkhan,
Run the command exactly as shown:
Don’t worry about the
sudo -icommand that I mentioned in my previous response – this was only a workaround since we hadn’t yet identified the problem.That being said, after watching the video, it appears that there is a lot missing from your wordpress.conf file. If this is a new installation, I would simply create a new VM and try again. Otherwise, you will have to add the code from the initial configuration back into your wordpress.conf file.
Another question: does your website continue to work in spite of the wordpress.conf file being nearly empty?
Talk to you soon,
Joe
Sarkhan says
Hi Joe,
I run the the command now and the same result.
Options -Indexes
I repeated the steps few times but same result.
My website works but when I enter the links, pages are broken. Like that:
The requested URL /mywebpage/ was not found on this server.
Now, as you said I will try to create new VM and I will inform you about the result. I hope it will work.
Sincerely yours,
Sarkhan
Sarkhan Latifov says
Hi Leron,
I tried all the ways but I couldn’t get any affect. At last I created new project but again same issue. So I decided to use Bitnami with a new project. I created my hosting with bitnami, my website works but at the end red not secure error appears on the browser when I enter my website.
I will write this issue under related page.
Thank you for your help.
Andrew says
I followed your entire tutorial for Click-to-Deploy WordPress on Google Cloud Platform. Everything went well – including the SSL certs installation and static IP address assignment.
My website is home-tuition.sg
This few days, I suddenly discovered an error message “Error establishing a database connection” whenever I tried to reach my own website (you can try and see the error message). I have not changed any settings. Google’s documentation suggested an issue with the SSL certs. I ran a SSL test but it looked ok (I’m no IT expert, so I’m not sure).
Can you help me to have a look and tell me what’s wrong?
Many Thanks.
Leron Amin says
Hi Andrew,
This is a common error in WordPress and is likely unrelated to your SSL configuration.
Whenever I experience that error, it’s because my database connection credentials aren’t defined correctly in my wp-config.php file. So the first thing I would recommend doing is opening your wp-config.php file and checking that your database connection settings are correct (hostname, password, database name, etc.).
Also, do a Google search for “WordPress Error establishing a database connection” – you will find many troubleshooting tips from other users who have experienced this same issue.
Hope this helps and let me know if you have any questions,
Joe
Niraj says
Hi, I followed instruction upto this code,./certbot-auto renew –dry-run
However SSL installed. I was getting this on each code run
Sudo: effective uid is not 0, is sudo installed setuid root?
Is this a problem of some kind and need to be solved then how?
Mansoor Qureshi says
how to disable free ssl from gcloud because after installing ssl on my client site we cannot share any think to facebook, if you have any solution please guide me how to rectify this error. This is my first time on google cloud and learn lot of things form your website http://www.onepagezen.com you can say i completely install wordpress from you site but i stuck here on facebook issue, please if you have any solution how to share on facebook (client required) or how to disable https to http.
Mark says
Hi Leron,
Your very detailed tutorial gives me courage to pursue Google Cloud Hosting even if I’m new to this creating a WordPress website. You’ve been very responsive also to our questions which makes it more easy for us to resolve issues along the way.
As a form of gratitude, I would like to raise a small issue on this tutorial that causes me errors.
On Step 6, the first 2 lines of the code with the SSL certificate files has an extra spaces at the end which causes an error. A couple of comments here are related to the this issue so if you can update that part, it would prevent similar future errors and comments.
Hopefully I was able to help even a little.
Thank you very much!
Leron Amin says
Hey Mark,
Were you able to get your domain name integrated with your website?
And thanks for the feedback – I was able to find and delete the extra spaces that you were referring to.
Thanks,
Joe
Mark says
Hi Leron,
Yes, I was able to setup my domain name with my website.
Thanks to your very detailed tutorials and to your effort on answering issues we encountered. Everytime I encounter an issue I make it sure to read the comments or use CTRL + F in Chrome to search for same questions that you might have answered.
Your answers to our questions helps a lot. I was on the brink of giving up Google Cloud Computing due to errors I encountered but your answers to our questions helped me solve errors along the way.
Hopefully you won’t get tired of helping us with Google Cloud Computing.
Thanks a lot and more power to you!
Leron Amin says
Hi Mark,
Thanks for the feedback!
I’m happy to know that the comments have been valuable to you! I’ve also heard from a few other users who mentioned that they appreciated the comments at the end of each tutorial, especially when troubleshooting. I’m happy to know that people are taking advantage of this resource.
Also, I’m glad to hear that you were able to push past the brink of giving up. I know how frustrating GCP and AWS can be, especially when first starting out.
Thanks again for the feedback and I look forward to hearing from you in the future.
Joe
Birshu Sarma says
Hi,
One of the reason of my website slowness is ssl taking time to load, Please give me advise how to improve performance while loading ssl. My site is: https://nenow.in
Leron Amin says
Hi Birshu,
It is normal that SSL will cause your website to load more slowly, but the effect should be negligible.
If you are noticing a significant increase in load times after configuring SSL, it could indicate that there is another issue at play.
Analyze your website on GTMetrix.com, and click on the Waterfall tab to get a breakdown of which of your website’s components are responsible for the longer than average load time.
Hope this information helps and let me know if you have any questions,
Joe
prem says
hi where can i get the cert keys to create loadblancer?
thanks
prem
Leron Amin says
Hi Prem,
Switch to root user:
Open your cert file:
Highlight the text in the file in order to copy it, then add it to your load balancer. Do this for the other 2 cert files as well, as you will have to add all 3 of the cert files to your load balancer:
Hope this helps!
Joe
prem says
thankyou it works for me
Leron Amin says
Thanks for the feedback, Prem – I’m glad to hear you were able to get it working!
Nicolas Frichot says
You are amazing. 100% working π Let me know how I can return the favor. Thanks!!!
Leron Amin says
Thanks for the feedback Nicolas – I’m glad you got it working!
OT says
Hi Leron,
I have done those steps and it went great, but do you know how to delete/reset the SSL certificate so I can assign it to another url?
Regards,
Leron Amin says
Hi OT,
There is no easy way reassign the certificate to a new URL, because your system has been configured (based on the tutorial) to serve HTTPS from your original URL.
To fix the issue, you will have to first configure your website with the new domain name. After the new domain name is working properly with your website, then you can issue a new SSL certificate for that domain.
After you issue certificates for the new domain, you will have to delete the old certificate paths from your default-ssl.conf file and replace them with the new certificate paths. You’ll also have to change the redirect at the top of your wordpress.conf file to point to the new domain.
Hope this helps, and let me know if you have any questions.
Joe
Jaiveer Manjhi says
Waoooo!! It’s working… Thanks Dude π
Leron Amin says
Hey Jaiveer – I’m glad to hear you got it working!
shailesh tripathi says
Hello we tried all steps but getting error like ” your website is
“Your connection is not private
Attackers might be trying to steal your information from http://www.sivanyoga.net (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID”
Leron Amin says
Hello Shailesh,
When I do an SSL test on your domain, the SSL checker isn’t recognizing any of the Let’s Encrypt SSL certificates.
What I would recommend doing is going back through the tutorial and making sure that you’ve covered all of the steps. Keep in mind that Step 6 is where you explicitly tell your server to use the newly generated certificates.
Hope this information helps and let me know if you have any questions.
Joe
Sam says
This worked flawlessly, thank you for your time spent in putting this together!
Leron Amin says
Hey Sam,
Thanks for the feedback – I’m glad to hear you were able to get the tutorial working!
Joe
Allen says
Another great job explaining the subject. I share Juan ‘s thoughts also, would be better to change the url’s in wordpress before the apache restart. My site went away, came back as deleted & the gcp dsahboard showed a welcome start a new project page while still showing showing my instance in the navigation menu. I hit the drop arrow & selected my instance and it would loop me back to the dashboard with the welcome page again. My website said it was deleted while displaying https with out the lock only the ! insecure page warning. I could not get the wp-admin page to load. I think this might be a chrome thing. I deleted all browser settings, signed out of my account, rebooted & the site was up, I could log in change to https & the world was right again!
I did this with the earlier version. For some reason the link to the updated version was grayed out! I did notice there wasn’t any suggestion to change the permalink structure in this video. Your video’s did make this a snap to do, so thank you. Let me know what you think the problem was.
Thanks
Al
Leron Amin says
Hi Al,
Thanks for the feedback!
I am going to be updating the tutorial soon, with updated auto-renewal instructions as well as moving the restart command to the very end of the tutorial.
I’m not sure what caused your issue specifically, however, I’m glad to hear you were able to get the issue resolved. On another note, when developing on Chrome I make frequent use of the Strong Proxy extension and free proxy services such as hide.me. This serves as a way to bypass the caching functionality in your Chrome browser without having to repeatedly edit your browser settings.
It’s possible you’ll find these tools helpful if you’re not already using them.
Thanks again for the feedback, and talk to you soon.
Joe
Dali says
Really looking forward to the updated tutorial, Joe!
It’s great that it will include auto-renewal instructions as well.
Wonder if it will include instructions for wildcard certificates too?
That would be awesome!
Leron Amin says
Hi Dali,
Sounds good – I’m glad you’re looking forward to it.
I will include a note on Wildcard too: all it takes is changing the certificate issuing command.
Talk to you soon,
Joe
Dali says
Hi Joe,
any news on the updated version of this fantastic tutorial?
Including, especially: instructions for correctly setting up wildcard certificates along with auto-renewal?
Leron Amin says
Hey Dali,
I haven’t started working on it yet.
I’m going to be publishing a CDN tutorial and a caching tutorial in the next few weeks. After that is when I will get started on the tutorial updates.
In the meantime, if you have any specific questions or run into any errors – please let me know.
Talk to you soon,
Joe
Dali says
Great, thanks for the update!
Yes, we really wonder what we should do right now.
We have used your tutorials exact steps to set up SSL for sites in WordPress Multisite Network. The only thing we needed to do, that is not in this tutorial, is configuration that needed to be done with WPMU DEVS Domain Mapping plugin, in order for every domain and subdomain in the network to get SSL. WMPU DEVS plugin also makes it possible to selectively turn on or off SSL for individual sites in the network, really useful function. We have several sites with full domain names (like: domain1.com, domain2.com, domain3.com) and large number of sites that exist only with subdomain names (subdomain1.domain1.com, subdomain2.domain1comβ¦ subdomain101.domain1.com). Our biggest problem with the current tutorial is that we have a large (and growing) number of subdomains, and we need to separately add all those subdomains according to this tutorial, every time we add new subdomain to our network. So if we add subdomain102.domain1.com, we need to redo everything each and every time for all domains and subdomain, and the number of especially subdomains is growing fast. This is where the new wildcard Letβs Encrypt wildcard functionality would really be of tremendous help. It is becoming impossible otherwise. So what we concretely wonder about: where do we go from here? In other words: how do we go from the current configuration to the wildcard based, self-updating configuration instead, from the current position weβre in, step by step, without jeopardizing the network or risking downtime (there are many live sites affected).
Thank you very much, Joe!
Leron Amin says
Hi Dali,
It sounds like you have the ideal use case for a Wildcard certificate.
I would recommend that you create a new VM and first get comfortable implementing Wildcard certificates. See if you can get it working as intended with a similar configuration as you have now (use a test domain).
If you can get it working correctly, then reissue and overwrite the existing certificates with the wildcard certificates. The certificate issuing process for wildcard should be similar to the existing process.
Hope you’re able to get it working and let me know if you have any questions,
Joe
leo says
Not sure what isn’t working. Tried and followed the same step twice, and still not able to get it working. The entire site is down.
Leron Amin says
Hi Leo,
Were you able the get the website working?
Please share your domain name (you can send it via the contact form on the website if you prefer), and I will take a look.
Talk to you soon,
Joe
Heang says
Hi Leron,
I tried to request for certbot many times and failed and got this error message:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: golocalplace.com,www.golocalplace.com: see https://letsencrypt.org/docs/rate-limits/
Will you please help me solve this? Thanks!
Leron Amin says
Hi Heang,
Certbot only allows you to request a certain amount of certificates per day, per domain. It appears that you made too many requests, so Let’s Encrypt has temporarily disabled new certificate requests for that domain. The only thing you can do is wait.
Check out the link in the error message for more information about how long you have to wait before you can make a new request.
Hope this helps,
Joe
Tanveer says
Hi,
I am not using wordpress but i have LAMP setup on my Google cloud and i would like to have free SSL for my domain and for all my sub domains.
So by following this guide can i achieve that ?
Thanks
Leron Amin says
Hi Tanveer,
Yes – the tutorial will work for this use case. Just make sure the webroot (var/www/html/) is the same, although it usually will be in ~95% of cases.
Let me know if you have any questions or encounter any issues.
Talk to you soon,
Joe
Tanveer says
Hi Joe,
Thanks for your reply
Yes, the root directory is var/www/html Also I just want to ask you the tutorial will work for wildcard also ?
Thanks
Tanveer
Leron Amin says
Hi Tanveer,
The certificate issuing command is different for wildcard. From my understanding, it would be along the lines of:
Also, you’d have to change the server alias in your wordpress.conf file to:
Anyways – I wouldn’t recommend following the instructions above as they haven’t been tested, but they should give you a general idea of how a wildcard configuration could be implemented. Also check out this thread from Let’s Encrypt for more information.
Use at your own risk, and let me know if you have any questions.
Thanks,
Joe
Phil says
I’m getting stuck at step 3. I’m getting:
/var/www/html/ does not exist or is not a directory
I’m running the command using my domain from the:
username@wordpress-1-vm:~$
Leron Amin says
Hi Phil,
That looks right. And you’re using the WordPress Click-to-deploy solution offered through the cloud solutions library?
What is the output when you run the following command?
Talk to you soon,
Joe
mg33dev says
I get the exact same issue,
/var/www/html/ does not exist or is not a directory
I’ve checked and there is no www directory in var.
The only list I have in folder var is;
backups
cache
lib
local
/run/lock
log
mail
opt
run -> /run
spool
tmp
The actual ww root is;
/opt/bitnami/apps/wordpress/htdocs/
Leron Amin says
Hi Mg33dev,
This tutorial is for WordPress Click-to-deploy, not Bitnami.
For the Bitnami version (which you are using), check out this tutorial here.
Let me know if you have any questions,
Joe
ridz says
How to restrict wp-admin page access..adding only allow <> not working ..is it become it’s hosted in gcp?
Leron Amin says
Hi Ridz,
There are numerous solutions such as implementing a Captcha or disabling access after too many failed login attempts. Deciding which solution to implement depends on what you’re trying to accomplish.
Please provide additional details and I will see how I can help.
Thanks,
Joe
Qais says
PERFECT !
Leron Amin says
Thanks Qais!
Pankaj Sinha says
you saved my time. Been searching for a solution on various forums… this served the purpose.
I have a question. How to increase file upload size on google cloud? You have one tutorial for bitnami. Is it same for one click deploy ?
Leron Amin says
Hi Pankaj,
I’m glad the tutorial helped you!
The tutorial to increase file-upload size also has instructions for Click-to-deploy.
Thanks,
Joe
Rafael Silva says
Hey Joe! I’ve found an issue with the step 6 of your tutorial. The quotation marks for the certificates address are not needed. I removed them and it worked great. Thanks! π
Leron Amin says
Thanks for the feedback Rafael. Are you saying that it wasn’t working when you had the quotation marks? This is the first I’ve heard of this!
Talk to you soon,
Joe
devinos says
Hi,
Thank you for those useful tutorials!
I followed these steps, and https is working properly for my website. However, I can’t login to enter wp-admin.
If I enter username and pass; ERROR: The password you entered for the username user is incorrect.
If I click on “lost your password” and enter my email: ERROR: There is no user registered with that email address.
Can you help me?
Leron Amin says
Hi Devinos,
Did you use the All-in-One WP Migration plugin? If you did, you will need to use the password of the site that was migrated to login to WordPress.
Also, your email won’t work because you will need to configure SMTP; either way, the SSL configuration would not affect your WordPress login credentials, so there is another issue at play.
Let me know if you have any questions,
Joe
Ilya says
Thanks for the great post!
I had a question though and I’m sure you already posted it, but I cannot find the information I need anywhere.
I have a 3rd party SSL certificate and I want to just apply it to google cloud wordpress. I have a trouble to understand how to do it.
Leron Amin says
Hi Ilya,
The process of installing 3rd party SSL is much different from using Let’s Encrypt SSL.
You will have to issue a CSR, send the CSR to your 3rd party SSL prodvider, then wait for them to issue the certificates. Once they issue the certificates, you will download them, then upload them to your server, then include the file paths to their location on your server exactly like in step 6 of this tutorial. Other than that, the other instructions in this tutorial will be the same.
Hope this helps and let me know if you have any questions,
Joe
Nishant says
Sir, You are Awesome! Every Step worked perfectly for me and now i am running my new blog with https://. Thanks a ton!
Leron Amin says
Thanks for the feedback Nishant – I’m glad the tutorial helped you! π
Christy says
Our website is on google cloud with a load balancer. We followed your tutorial to do everything except load balancing. Our site have problem with https redirects.
Ex : http://example.com redirects to https://www.example.com
http://www.example.com not redirecting to https://www.example.com
We tried everything as per your post (adding redirect to wordpress.conf), but not working. Please help. Thank You.
Leron Amin says
Hi Christy,
I don’t offer support for load balancing configurations, but you may find this thread useful.
Hope this helps and let me know if you have any questions,
Joe
cierra says
I’m having trouble with my Multi-site installation. all of my subsites have their own domain registered, it seems the forced redirect to the main site has something to do with the SSL. Any Help would be great, the plugins haven’t worked for me.
Leron Amin says
Hi Cierra,
Check out this section of the guide from Bitnami on how to configure Mutisite with multiple different domain names. For SSL, issue a single certificate with all of the domains listed in that single certificate. I hope to have a multisite tutorial available in the near future.
I hope this information helps and let me know if you have any questions,
Joe
Cierra says
I fixed it. I had to update the https.conf. I had to change overide from allow none to allow all. This would allow the .htacess file overide the virtual host for the subsites.
Leron Amin says
Awesome – I’m glad to hear you were able to get the issue resolved.
Thanks for sharing the solution,
Joe
Manu says
Hi Leron,
Thank you for the tutorial. I did exactly as mentioned in the tutorial, but could not get to the last step for changing the settings in wordpress admin account.
Each time I was trying to login to wordpress admin, the page showed error site redirected too many times. The same is the case when I try to open my website.
Please help.
Thanking you,
Manu
Leron Amin says
Hello Manu,
Please provide some additional details regarding the error message that you’re seeing and I will see how I can help!
Talk to you soon,
Joe
Manu says
Hello Joe,
It is nice to see ur reply. I am getting d following error : –
This page isnβt working
http://www.fineaz.co.in redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
Though d page shows HTTPS, but the page does not open, neither the green lock sign appears.
P lease note, I was unable to carry out d last step since wordpress admin page stopped working.
please help.
Thanking you.
Manu
Leron Amin says
Hi Manu,
This issue is usually caused by having multiple redirects in your conf files.
Where did you configure your redirects? There should only be one and it should be at the top of your wordpress.conf file (step 7).
Run the command
cd /etc/apache2/sites-available/to list your conf files. Open up each one using the nano command and make sure that there aren’t any additional redirects already included in the files. Also – do a search for the your htaccess file, open it, and make sure there isn’t a redirect included therein.Hope this helps and let me know if you have any questions,
Joe
Marc-Andre Phaneuf says
I did the exact setu and now I have permalink problem.
I cannot access any other page than my homepage with permalink to postname .
I tried may different repair on the htaccess file and it is no working, I accessed the phpmyadmin DB and looked around to fing no solutions there. Any idea why I would get this error.
Marc-Andre Phaneuf says
I fixed the problem with this thread from stackoverflow
https://stackoverflow.com/questions/11253185/404-error-with-wordpress-ssl?rq=1
I added inside the default-ssl.conf the line suggested and it worked right away.
Leron Amin says
Hi Marc,
I’m glad you were able to get the issue resolved.
Thanks for sharing the solution!
Joe
Akhil says
Hi, your instructions worked perfectly, and I have been able to setup a site with SSL.
I’m trying to take this one step further, to create an autoscaling, autohealing, loadbalanced wordpress site that also uses Google CDN. I am able to do all of it, and the https version of the site works well. However, if you enter just the naked domain name in the browser, it gives a 404 error.
This appears to be a known issue (see https://stackoverflow.com/questions/38201969/redirecting-http-to-https-in-google-cloud/38202272). Basically Google cloud loadbalancer currently can’t force http to https. However, there’s a workaround to that, as is mentioned in the stackoverflow post above.
You’re supposed to add the following code to the .htaccess file.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
I have done that, and the naked domain now does load, however there’s no padlock. Do you have any suggestions as to what I can do to fix this?
You can check the domain at riderzone.review
Leron Amin says
Hi Akhil,
That sounds like an awesome project!
I’ve had issues configuring GCP’s load balancers in the past, and it was usually a similar type of problem where the www-version of the domain wasn’t resolving properly.
Anyways – regarding your issue in particular, I checked the console there are a few errors which appear to be preventing SSL from working properly:
Access to Font at ‘https://riderzone.review/wp-content/themes/skil/assets/fonts/fontawesome-webfont.woff2?v=4.5.0’ from origin ‘http://riderzone.review’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://riderzone.review’ is therefore not allowed access.
I did a Google search on the error and here’s what I found: Resource 1 and Resource 2. Also, this Github gist might be exactly what you’re looking for.
Let me know if you’re able to get it working!
Joe
Akhil says
Thanks a lot for your reply, it was a little dumb of me not to Inspect the page on Chrome.
I did solve the issue though. Turns out it was happening because I wanted my site to load without www. In the tutorial above, for the HTTPS redirect, you use the following command:
ServerName http://www.1pagezen.com
ServerAlias 1pagezen.com
Redirect permanent / https://www.1pagezen.com/
I was using this:
ServerName 1pagezen.com
ServerAlias http://www.1pagezen.com
Redirect permanent / https://1pagezen.com/
Also, the site URL inside WordPress for me did not have WWW. Now that I have changed these settings, it’s working. Take a look at riderzone.review if you’d like to try.
I have noticed a new issue though. Running a speed test on GTmetrix, the site now loads slower than it used to before I made this setup. I had expected the load time to go below 3 seconds, it has gone above 5! Surprising considering the fact that I’m using Google CDN.
Leron Amin says
Hi Akhil,
I’m happy to hear you resolved the issue.
And I took a look at the GTMetrix score and it wasn’t recognizing the CDN.
An alternative configuration is to serve all of your WordPress media from a bucket which is configured with Google Cloud CDN.
This would cut back on the load times for international visitors, as media files generally account for the higher load times.
If you’re able to get the CDN working right, please let me know the solution.
Talk to you soon,
Joe
James NB says
Hi,
Mistakenly installed this in my LAMP installation. Now it’s showing insecure badge lock.. I need to remove or revoke this certificate. I have deleted all relevant files in /letsencrypt and /ssl files but it’s still showing the same.. Is there a way I can remove/revoke this certificate?
Your suggestions will be appreciated.
Thanks
Leron Amin says
Hi James,
These instructions will work for any LAMP installation. The instructions might be slightly different, but the key concepts are the same.
If you want to remove the certificate, you can simply comment them out, or remove their file paths from your server’s conf file.
Make sure to un-comment the dummy (snakeoil) certificates when you do this.
Let me know if you have any questions,
Joe
Durga Bhurtel says
Thank you. It worked beautifully π
Leron Amin says
Awesome – I’m glad to hear it! π
Scott Weber says
Hi, thank you very much for this tutorial, it was a great help.
I have one problem however. None of the sites I used this on will auto renew their certs. I followed the tutorial to a tee every time.
Has anyone else had issues with auto renew, and is there any update addressing this? Thank you again
Leron Amin says
Hi Scott,
I created a separate tutorial on how to configure auto-renewal for Let’s Encrypt SSL certificates which you can view here.
Feel free to reach out to me if you have any questions regarding the tutorial!
Joe
Mike says
Will you be releasing a bitnami multisite tutorial anytime soon?
Leron Amin says
Hi Mike,
Yes I will be. That’s the next tutorial I will be doing (Bitnami).
Stay tuned,
Joe
Joel Gonzalez says
Hey, great article helped me a lot. 1 issue though I could never find the wordpress.conf file. I looked everywhere. My website is not redirecting non www to www or vise versa. Any idea what I can do to resolve this issue?
Thanks
Leron Amin says
Hi Joel,
You can run the following command to search for the wordpress.conf file location:
Let me know if you have any questions,
Joe
Rafael says
Hi Leron,
Yes, I’m using multisite, but I’m not using multiple domains. In fact, it is just one domain because my setting is to use subdirectory and not subdomain.
As I read a Standard SSL certificate can be used for Multisite installs with subdirectory paths such as https://www.your-site.com/site1/ and https://www.your-site.com/site2.
Based on that, I think this tutorial fits my website, but I’m guessing I’m doing something wrong.
Any clue?
Thank you again
Rafael
Leron Amin says
Hi Rafael,
Your /site1/ and /site2/ directories would be covered under the SSL certificate because they are served from your SSL-enabled domain. For that reason, you won’t have to include these additional URLs in your certificates. The only instance when you would need to included them is if you had enabled subdomains such as https://www.site1.yoursite.com.
As far as your issue, I’m not sure what it could be. Configuring multisite is not for beginners and there are a million things that can go wrong, so you will need to troubleshoot.
If you’re using the Bitnami Multisite stack, I would follow their documentation – that’s helped me configure Multsisite in the past.
Hope this helps,
Joe
Rafael says
Hi Joe,
Bitnami does not allow subdirectories.
Ok, thanks a lot.
Rafael
Leron Amin says
Hi Rafael,
In that case, you could use these instructions for installing multiple WordPress modules on the same stack. Unfortunately the documentation doesn’t provide instructions on how to integrate with your existing stack, so you may have to look around for online resources. I’ve never configure multiple WordPress installations in separate sub-directories, so it’s not something I have much experience with it.
If you’re able to get it to work, please share your process – I know myself and many other users would be interested to learn.
Thanks,
Joe
Rafael says
Hi Joe,
Sure I will.
I’m trying bitnami multiple wordpress modules in order to check if the users can use the same login section for all wordpress installation.
Thanks
rafael says
Hi Joe,
I’m still trying to figure out how to set SSL on WordPress click-to-deploy using multisite with subdirectory (not a subdomain).
If you have any clue, please let me know.
Thanks
nicolas says
I fallow 8 time the auto but my apache server is down and can’t restart
Job for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details.
I not found the solution, I control all syntax
regards
Leron Amin says
Hi Nicolas,
Run the command cd /var/log/ then cat syslog – this will print any errors in your Apache server.
Additionally, try restarting your Apache server. If it can’t restart due to a configuration issue, it will print the error to the terminal.
Let me know if you have any questions,
Joe
Rafael says
Hi Leron, thanks again for the tutorial.
I got the same issue. I run the command cd /var/log/ then cat syslog , I tried to restart again, and got the same error message:
”
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
”
What could I do?
Rafael says
Hi Lion, here is the error
Mar 10 20:26:34 wordpress-multisite-1-vm apachectl[25037]: AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/wordpress.conf:
Mar 10 20:26:34 wordpress-multisite-1-vm apachectl[25037]: ServerAlias only used in
But I don’t have extra space here. What could I do?
Leron Amin says
Hi Rafael,
This error message is saying that there’s an issue with the directives in your wordpress.conf file on line 6.
You will have to look online at resources to find the correct directives to use at the top of your wordpress.conf file. Unfortunately, the configuration will be different from what is instructed in this tutorial because you are configuring your server to handle multiple domains.
To be successful with multisite, utilize a Domain Mapping plugin and check out the Bitnami multisite documentation for step-by-step instructions.
Let me know if you have any questions,
Joe
Garry says
Hi,
After running the second command I got this output. Next step is to enter email. But I have no option. Please help
Thanks
Garry
gsbenipal@wordpress-1-vm:~$ ./certbot-auto certonly –webroot -w /var/www/html/ -d reazy.ca -d http://www.reazy.ca
Requesting to rerun ./certbot-auto with root privileges…
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.
Help for certbot itself cannot be provided until it is installed.
–debug attempt experimental installation
-h, –help print this help
-n, –non-interactive, –noninteractive run without asking for user input
–no-bootstrap do not install OS dependencies
–no-self-upgrade do not download updates
–os-packages-only install OS dependencies and exit
-v, –verbose provide more output
-q, –quiet provide only update/error output;
implies –non-interactive
All arguments are accepted and forwarded to the Certbot client when run.
gsbenipal@wordpress-1-vm:~$
Leron Amin says
HI Garry,
Based on the error message, it appears that certbot isn’t installed.
Install certbot by running the following command:
Let me know if you have any questions,
Joe
Garry says
Thanks
hawabaaz says
Hello Leron,
I am stuck at step 3
used this command
./certbot-auto certonly –webroot -wΒ /var/www/html/Β -dΒ hawabaaz.comΒ -dΒ www.hawabaaz.com
OUTPUT
./certbot-auto certonly –webroot -w /var/www/html/ -d hawabaaz.com -d http://www.hawabaaz.com
Requesting to rerun ./certbot-auto with root privileges…
Usage: certbot-auto [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
to both this script and certbot will be downloaded and installed. After
ensuring you have the latest versions installed, certbot will be invoked with
all arguments you have provided.
Help for certbot itself cannot be provided until it is installed.
–debug attempt experimental installation
-h, –help print this help
-n, –non-interactive, –noninteractive run without asking for user input
–no-bootstrap do not install OS dependencies
–no-self-upgrade do not download updates
–os-packages-only install OS dependencies and exit
–install-only install certbot, upgrade if needed, and exit
-v, –verbose provide more output
-q, –quiet provide only update/error output;
implies –non-interactive
All arguments are accepted and forwarded to the Certbot client when run.
Comment above describes the same error message, i tried running your command which you have suggested him
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
but no luck, it shows
$ wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
–2018-04-25 10:49:01– https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)… 151.101.0.201, 151.101.64.201, 151.101.128.201, …
Connecting to dl.eff.org (dl.eff.org)|151.101.0.201|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 62829 (61K) [application/octet-stream]
Saving to: βcertbot-autoβ
certbot-auto 100%[===============================================>] 61.36K –.-KB/s in 0.02s
2018-04-25 10:49:02 (2.65 MB/s) – βcertbot-autoβ saved [62829/62829]
saved
please HELP
Leron Amin says
Hi Hawabaaz,
Make sure you’re installing to your home directory, so run the command
cdbefore running the command to install certbot.Then use the
lscommand to view the existing copies of certbot in the home directory, then use therm -r certbot-autoto delete any existing installs. Do this for all of the installs, as you probably have a certbot-auto.1 and .2 and so on…After doing this, try doing the tutorial again from step 1. Remember your can copy and paste the commands directly from the tutorial, but only the commands in the grey boxes. Any text that you copy and paste from outside of the grey text boxes may cause formatting issues.
If this doesn’t work, please submit follow-up comments to the WP-Cloud-Support page and I will assist you there.
Talk to you soon,
Joe
Jeff says
Hello, Thanks so much your website has helped me a lot.
I have a question because this tutorial has caused some issues.
I set up SSL cert’s for my website when I was using a “placeholder URL”
The SSL worked Great, however now I want to change my DNS and use the proper URL for my website. I’ve updated my DNS and I’ve deleted my SSL certificates and worked backwards through your tutorial removing the code from
However this has taken down my website.
When I enter my WordPress GCP IP address into a browser, it forwards to my old placeholder URL.
Why is my IP address forwarding to this old URL?
How can I get my Compute Engine to restore to defaults before I did this
As you can imagine, I can no longer see my website and the WordPress backend no longer works.
Thanks!
Leron Amin says
Hi Jeff,
If you deleted the old certificates and updated your DNS, you should be able to reissue new certificates with your new domain without any issues.
If your browser is loading you old page (showing old URL), it is likely a caching issue with your browser, not with your DNS.
To fix the issue, try viewing the site through a proxy service such as Hide.me, and see if it loads the ‘new’ website.
Hope this helps,
Joe
Claire says
Hi Joe!
I’m back again. Sorry. I seem to of crashed my website again. (error message:This site canβt be reached)
I followed all the steps, but had to open and close the SSH window a few times to get the commands to work. I wasn’t sure if the ctrl o and ctrl x were working.
When I did the last command from step 8. ‘sudo service apache2 restart’
I got this error message:
Job for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details.
So i tried to see what was wrong and it said this:
claire@wordpress-1-vm:~$ systemctl status apache2.service
β apache2.service – LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Drop-In: /lib/systemd/system/apache2.service.d
ββforking.conf
Active: failed (Result: exit-code) since Tue 2018-02-13 11:13:25 UTC; 21min ago
Process: 15642 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 2774 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 17828 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
claire@wordpress-1-vm:~$ journalctl -xn
No journal files were found.
I also tried to open the file in SSH but couldn’t
/etc/apache2/sites-enabled/default-ssl.conf
-bash: /etc/apache2/sites-enabled/default-ssl.conf: Permission denied
I also tried in filezilla but wasn’t able to open “Error: local: unable to open /default-ssl.conf
Error: Critical file transfer error”
Let me know what you think…
Thanks,
Claire
Leron Amin says
Hi Claire,
Most of the time these errors occur because there is a syntax error in one of your config files.
You can also check in your system log by executing cd /var/log && cat syslog
I would recommend you go back through the tutorial and make sure that your virtualhost headings in your wordpress.conf and default-ssl.conf match the headings from the images given in the tutorial.
Give it a look and let me know what you find.
Also, let me know if you have any questions.
Joe
Claire says
Hi Joe,
how do i edit the default-ssl.conf file? i do have a syntax error line 39.
Let me know what you think of the below, I ran the cd /var/log && cat syslog:
claire@wordpress-1-vm:~$ cd /var/log && cat syslog
Feb 13 11:13:25 wordpress-1-vm systemd[1]: Starting LSB: Apache2 web server…
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: Starting web server: apache2 failed!
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: The apache2 configtest failed. … (warning).
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: Output of config test was:
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: AH00526: Syntax error on line 39 of /etc/apache2/sites-enabled/default-ssl.conf:
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: Action ‘configtest’ failed.
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: The Apache error log may have more information.
Feb 13 11:13:25 wordpress-1-vm systemd[1]: apache2.service: control process exited, code=exited status=1
Feb 13 11:13:25 wordpress-1-vm systemd[1]: Failed to start LSB: Apache2 web server.
Feb 13 11:13:25 wordpress-1-vm systemd[1]: Unit apache2.service entered failed state.
Leron Amin says
Hi Claire,
Feb 13 11:13:25 wordpress-1-vm apache2[17828]: AH00526: Syntax error on line 39 of /etc/apache2/sites-enabled/default-ssl.conf
In step 6 of the tutorial, we walk through how to edit the default-ssl.conf file. Line 39 is most likely one of the lines that contains the path to one of your 3 certificate files.
The problem is most likely because you have extra spacing after the certificate file path. In Apache, you are not allowed to have extra “spaces” after the file path – so go to that location and hit the backspace key a few times until it lines up next to the end of the text.
Check it out and let me know what you find.
Talk to you soon,
Joe
Claire says
Hi Joe,
Thanks for your help, I managed to fix the syntax error and complete the tutorials. And my site came back π
But I noticed I don’t have the green lock ‘secure’ , only the is there anything else I have missed?
Thanks,
Claire
Leron Amin says
Great job Claire,
You’re almost there. Now you need to fix the insecure content errors on your website.
I go over how to do that in this tutorial.
Claire says
YAY!! All fixed Thank you Joe!
Leron Amin says
Awesome! Glad you fixed it! π
sami says
thank you so much for all
I have problem with my website https://www.pregnantwomanclub.com/ website is down and i cant login to dashboard i see message “Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4.10 (Debian) Server at http://www.pregnantwomanclub.com Port 443″
help please
Leron Amin says
Hi Sami,
There is an error with your Apache server configuration.
If you try restarting the server, are you notified of an error message?
Try to execute the following command in your SSH terminal: sudo service apache2 restart
Talk to you soon,
Joe
Jan says
Thank you so much for clearly awesome tutorial,
unfortunately, I tried it 3times and the site still has error: ERR_SSL_PROTOCOL_ERROR
Please, any ideas what can be the issue?
Thank you very much
Leron Amin says
Hi Jan,
Where are you seeing that message?
Does your website load properly?
Jan says
Thank you for your kind reply Amin,
I see this on https://mywebsite…
On the http://mywebsite is the actual website
I have change the URL in wordpress admin – but I can’t even access to the admin – it jumps to https://mywebsite… /wp-admin with the same error :((
Thank you very much
Jan says
PS: I mean I can’t access to wp-admin after I followed the step 9. Update WordPress URLs
Jan says
Dear Amin,
I really hope you can help.
I’m now without the community website for last 3days… I again followed your instructions and when I try to restart the server, I go this error:
XXX@YYY-vm:~$ sudo service apache2 restart
Job for apache2.service failed. See ‘systemctl status apache2.service’ and ‘journalctl -xn’ for details.
So I tried
XXX@YYY-vm:~$ sudo service apache2 graceful
[FAIL] Reloading web server: apache2 failed!
[warn] The apache2 configtest failed. Not doing anything. … (warning).
Output of config test was:
AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile takes one argument, SSL Server Certificate file (‘/path/to/file’ – PEM or DER encoded)
Action ‘configtest’ failed.
The Apache error log may have more information.
so, I checked the error log:
[Sat Feb 10 15:52:40.777797 2018] [mpm_prefork:notice] [pid 5957] AH00171: Graceful restart requested, doing restart
[Sat Feb 10 15:52:40.875570 2018] [mpm_prefork:notice] [pid 5957] AH00163: Apache/2.4.10 (Debian) configured — resuming normal operations
[Sat Feb 10 15:52:40.875586 2018] [core:notice] [pid 5957] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Feb 10 20:27:18.728671 2018] [mpm_prefork:notice] [pid 5957] AH00169: caught SIGTERM, shutting down
[Sat Feb 10 20:27:19.827696 2018] [mpm_prefork:notice] [pid 9186] AH00163: Apache/2.4.10 (Debian) configured — resuming normal operations
[Sat Feb 10 20:27:19.827740 2018] [core:notice] [pid 9186] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Feb 10 20:27:52.351397 2018] [mpm_prefork:notice] [pid 9186] AH00171: Graceful restart requested, doing restart
[Sat Feb 10 20:27:52.415210 2018] [mpm_prefork:notice] [pid 9186] AH00163: Apache/2.4.10 (Debian) configured — resuming normal operations
[Sat Feb 10 20:27:52.415229 2018] [core:notice] [pid 9186] AH00094: Command line: ‘/usr/sbin/apache2’
[Sat Feb 10 20:46:15.525418 2018] [mpm_prefork:notice] [pid 9186] AH00169: caught SIGTERM, shutting down
…
If you have any ideas, please, please let me know… feel free to contact me via email too if you wish.
Thanks so much.
Leron Amin says
Jan,
Open up your /etc/apache2/sites-enabled/default-ssl.conf file and go to line 42.
On line 42, there is probably the path to one of your SSL certificate files.
Now – make sure there are no extra space characters after the line. Just use your arrow key to move your selector over the entire line, and when you get to the end, your selector should jump to the next line.
The extra spacing is likely what is causing the error, so use backspace to delete any extra space characters at the end of the line.
Also, make sure there is no spacing after either of the other 2 lines.
Please do this then restart your server and try again.
Let me know if it works!
Karan says
Hi, I used followed all your tutotials to set up my website on google cloud, but when i was installing SSl i got this error
– The following errors were reported by the server:
Domain: http://www.cbseresult2018.info
Type: unauthorized
Detail: Invalid response from
http://www.cbseresult2018.info/.well-known/acme-challenge/-eE8P9I76DfnC74sSHhRh7min-A_lbT6BW0i0ehT4pU:
“<meta
name="viewport" content="widt"
Domain: cbseresult2018.info
Type: unauthorized
Detail: Invalid response from
http://cbseresult2018.info/.well-known/acme-challenge/_NFsRct887lSD22qP1eZhc-EEihDeTnjIJJdW6GMX7Q:
"<meta
name="viewport" content="widt"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Leron Amin says
Hi Karen,
This is a common issue that occurs when you recently pointed your domain name to Google Cloud but the domain name servers haven’t had enough time to propagate.
So – if your DNS is configured properly, I would wait an hour before trying again. If it doesn’t work after an hour or so, it typically means that there is an error in your DNS configuration.
If you got it to work – great. If not, try again and let me know if you run in to any issues.
karan says
Thanks, The issue has been resolved now.
Leron Amin says
Great Karan – I’m glad you’ve resolved the issue!
antony vegas says
thanks for the good work i have a question i want to remove letsencrypt free ssl from google cloud and i install new paid ssl from comondo how do i go about that i am really struggling to remove my free ssl from google cloud
Leron Amin says
Hi Antony,
To deactivate the certificates, you can either put a # next to the certificate paths, or completely remove them – depending on your preference.
To remove Let’s Encrypt files from your disk, use the rm command to delete the letsencrypt folder from your /etc/ directory.
The steps to configure Comodo certificates are much different, but whoever you’re buying the certificate from will have instructions on their website on how to install Comodo certificates on Apache.
Good luck and let me know if you have any questions!
Juan Pasalagua says
Excellent tutorial. Thanks!
Just a quick comment –
Why not enable the WordPress URLs before setting the HTTPS redirects? The way you have it interfered with the CSS rendering of my setup and wouldn’t let me access the wp-admin panel.
Anyway, greatly appreciated.
Leron Amin says
Hi Juan,
Thank you for the feedback!
You make a very good point, and there isn’t a reason behind it.
I will look into your suggestion for improving the tutorial, and will give it a test run with configuring URL’s before the redirect.
Best,
Joe
Tomy B says
Thanks for great video i am gating this error
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: http://www.lipidcomplex.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for http://www.lipidcomplex.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
tomy_biton@lipidcomplex1-vm:~$
Please advice
Leron Amin says
Hi Tomy,
This error typically means that your DNS changes still haven’t taken affect.
Take a look at this tutorial and make sure you followed the instructions properly.
Let me know if you have any questions. π
Ashish says
Please do a video tutorial on how to install cpanel and whm on google cloud plateform.
Leron Amin says
I will add that to the list of tutorials.
Thanks for the recommendation! π
David says
Worked perfectly! Thank you so very much!
Leron Amin says
Glad it worked! Thanks for the feedback David π
Lidia says
Hi Leron,
I have made the 1st step – works, but I failed on the 2nd:
I receive this: /cerbot-auto: No such file or directory
I guess I have to change the directory to: var/html/.tmb instead: /var/www/html/
Basically I have entered 6 domain variations, is it too much and I should do it separately?:
./certbot-auto certonly –webroot -w /var/www/html/ -d omi.net.pl -d http://www.omi.net.pl -d omimediahouse.pl -d http://www.omimediahouse.pl -d omimediahouse.com -d http://www.omimediahouse.com
I will appreciate your help.
Leron Amin says
Hi Lidia,
Why are you changing the root directory to var/html/.tmb?
And the command is ./certbot-auto renew – try running that command.
If you want, copy and paste the certbot-auto command that you entered and I will take a look.
And it’s not a problem that you entered many domains on your certificate – I think you’are allowed up to 100 or so, so you can still add more if needed.
Hope this helps! π
Justin Allen says
Awesome video and instructions. I am getting away from the plugin WP-Encrypt because of the issues I was experiencing. Looking to deploy this solution for my clients. One issue though , I am receiving a “Type: unauthorized / Detail: Invalid response from” when running “./certbot-auto certonly –webroot -w /var/www/html/ -d mydomain.com -d http://www.mydomain.com“. My dns info is all good, and I actually manage it through Google Domains. The ‘a’ record points to the instance external ip in compute engine. Would this be related to my previous install of WP-Encrypt? I am somewhat lost at this point. Any suggestions would be great. Thanks.
Leron Amin says
Hi Justin,
This typically occurs if your nameservers aren’t properly pointing to your A record in your Cloud DNS, usually because the nameservers were changed recently.
I would give it some time. If it still doesn’t work after a few hours, it may be a problem that I have never come across.
Talk to you soon,
Joe
ansri says
Hi Leron, I had commented on other tutorial thread about 302 header code.
I followed the instructions on this thread and still getting the same error code. Its just that I feel 301 header code are better in terms of SEO when redirecting http to https
Jonathan Loiselle says
Hi Ansri,
i had the same issue as you but for fix it
Dont do the step 7 because it’s redirect with a 302
so for a 301 instead of doing the redirect in wordpress.conf go in your .htaccess
and you can go with a code like this:
RewriteEngine On
# Redirect non-www to https + www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect non-https to https
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Enjoy π
Madan says
After doing all these thing, I’m unable to access phpmyadmin or site both. I’m also unable to change the wordpress url (http to https). What should I do to change them. How to access phpmyadmin through SSH browser. Where I found all command for SSH for GCP.
Thank you Leron !
Madan says
Problem has been solved. I think its take some time to configure all thing. Thank you very much.
Leron Amin says
Great – I’m glad you were able to get the issue resolved π
ansri says
How do I serve both http and https versions of my site?
Leron Amin says
Hi Ansri,
The best way to do it depends on what you are trying to accomplish by serving both the http and https versions of your site.
You can check out this article for more information.
ansri says
When I run the command sudo crontab -e
“sudo: corntab: command not found”
Leron Amin says
Hi Ansri,
I would try running the command again:
Talk to you soon,
Joe
ansri says
Its working, I did not notice the typo, thanks!!
alper says
Hi there,
Thank you for our all instructions. But My website is having an error. My adress is right, I do not know how to fix this problem :(. Here is the error;
IMPORTANT NOTES:
– The following errors were reported by the server:
Domain: alpinpon.com
Type: unauthorized
Detail: Invalid response from
http://alpinpon.com/.well-known/acme-challenge/mSDDA3rb_gvNH6rkJwIBhsLUwMQNKSPy3ZWa4K-0uvE:
”
<met"
Domain: http://www.alpinpon.com
Type: unauthorized
Detail: Invalid response from
http://www.alpinpon.com/.well-known/acme-challenge/Gnd1-wnrhdQOiajm6VwtlBiLhnB85zsOkNWRHpVjC08:
"
<met"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Could you please help me about that ?
Leron Amin says
Hi Alper,
This error means that your Cloud DNS isn’t properly configured, and that your domain isn’t being validated.
Go back and check out this tutorial and make sure that you configured all of the steps properly.
Please reach out to me if you have any other questions,
Joe
alper says
Thak you for your consideration. But I am afraid, all the DNS settigns are right, they are exactly the way that you wrote. Also my website has already been running for 3 months. Additionally, I just wanted to add free SSL , but it does not work :(.
What else can I try ? If you are not so bussy, I can let you to connect my computer via Teamveaver or remotely.
alper says
Hi Leron,
Ok . I fixed it. Thanks anyway.
Leron Amin says
Great – I am glad to hear that you were able to get the issue resolved! π
Justin Allen says
What did you do? I am having the same issue. Thanks in advance.
Chathura says
After following this tutorial my website https://www.thunmulla.com returning a 500 internal server error. Apache error_log returns following error
“Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration”
Leron Amin says
Hi Chathura,
I have not encountered this error before. However, check out this link for more information on how to solve the issue.
Talk to you soon, π
Joe
Madan Manjhi says
after this command ……..
./certbot-auto certonly –webroot -w /var/www/html/ -d indiabuz.com -d http://www.indiabuz.com
error msg………..
An unexpected error occurred:
There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for
exact set of domains: indiabuz.com,www.indiabuz.com
please help…….
Leron Amin says
Hi Madan,
This error occurs when you’ve entered a certificate issuing command for a certain set of domains within a short period of time.
You may have to wait awhile before running the certificate issuing command again. Check out this article on rate limits for more information.
Talk to you soon, π
Joe
Madan Manjhi says
Thank you for all your useful tutorials…………. i’m big fans of your’s.
Leron Amin says
Thanks Madan.
I am glad the tutorials have been useful to you! π
Steve says
I was able to follow the step above to successfully implement the SSL. However today I received an email from lets encrypt that my cert was expiring in 9 days. I entered the below info per your instructions:
0 0 * * * cd && ./certbot-auto renew –quiet –no-self-upgrade
0 12 * * * cd && ./certbot-auto renew –quiet –no-self-upgrade
You mentioned that the code checks for a cert renewals 2 times per day. When does it actually renew the cert? Is it daily or a few days before expiration? I guess I’m a little confused because certs last 3 months and i would assume that a few days before cert expiration that it would renew the cert.
Is there a manual way to renew the cert just in case too?
Thanks!
Leron Amin says
Hey Steve,
In the first version of the SSL tutorials, the certbot-auto script was saved in the /tmp directory. Because of this, many users faced issues with their certificates not auto-renewing properly.
I initially addressed this issue with Isabel, and we devised a solution to the problem which you can view here.
To manually renew your certificate, navigate to the directory where the certbot-auto files are located. For instance, if you follow the instructions from the link above, your certbot-auto files will be downloaded to the directory /etc/letsencrypt/certbot. You can navigate to that directory by running the command cd /etc/letsencrypt/certbot. Once there, you can run the following command to manually renew your certificate files: certbot-auto renew
Let me know if you have any issues with the instructions, or if something doesn’t work for you.
Talk to you soon, π
Joe
Dimi says
Hi Joe,
I tried the new instructions but the command
sudo git clone https://github.com/certbot/certbot
gives me— command not found
I have the click to deploy version.
The certificates expired and when I manually entered the ./certbot-auto renew command it worked. Why is the cron not working then?
Thanks
Leron Amin says
Hi Dimi,
The command that you should use to download certbot is:
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
Check out the new tutorial on configuring auto-renewal.
Let me know if you have any other questions,
Joe
Eric says
Hi, great tutorial. It worked perfectly for my www subdomain.
I would like to add SSL to another sub-domain but after step 3 (Generate Certificates) its telling me that
– The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/GX__IROp4bp–PIUs-S5VoohWOwY99Ci_ndefJy0z-U:
”
<meta http-equiv="X-UA-Co"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Any idea why it wont let me generate a certificate for a subdomain?
Thanks!
Eric says
Quick note: my second sub-domain is located in another server therefore it has different ip address.
Thanks
Leron Amin says
Hi Eric,
That’s what is causing the DNS issue.
Talk to you soon, π
Joe
Leron Amin says
Hi Eric,
You have to add all of the domains/subdomains for your website in a single certificate issuing command. If you want to secure additional subdomains for a website that already has SSL configured, you’ll have to run a different command or reissue the original command including the additional subdomains that you want to secure.
The error that you’re seeing means there is an issue with your Cloud DNS configuration.
Talk to you soon, π
Joe
J says
Dear Leron,
I followed all your steps of this tutorial and it worked just like you showed in the video. It was wonderful. I really like how you explained everything. I think this is one of the most technical things I have ever done on a computer and at first I was skeptical of it being something easy or straightforward, so that’s why I double checked and even triple checked that everything I was doing was exactly like you did. And when it worked I was really happy. Thank you!
To anyone following this tutorial, I want to say that the best thing you want to do is pay a lot of attention to every step and make sure you follow it precisely like it’s said. It worked for me.
Leron Amin says
Hey J,
Thanks for posting a comment!
I am glad to hear that the tutorial worked for you, and thanks for sharing your tips for success!
Best regards,
Joe
Hilal says
Thank you for all your useful tutorials! I followed your instructions and installed SSL certificates, but they have now expired. The cron task did not auto-renew. Please help me renew them. Can’t even get the ‘dry run’ to work.
root@***:~# ./certbot-auto renew –dry-run
-bash: ./certbot-auto: No such file or directory
Leron Amin says
Hey Hilal,
You aren’t the first person to have the issue – which is part of the reason why I launched the new version of the tutorial.
Check out my reply to Isabel here for the solution to the problem.
I apologize for any inconvenience and let me know if you have additional questions! π
Talk to you soon,
Joe
Paul Owuor says
Hi,
Thank you for your excellent tutorials.
I have a question though.I have a WordPress multi-site installation.I have already installed an SSL certificate for the primary site.I have followed through the steps to generate certificates for the second site but I haven’t been able to install them because I am not sure of the syntax for two sites at step 7 at this point:
ServerName http://www.1pagezen.com
ServerAlias 1pagezen.com
Redirect / https://www.1pagezen.com/
Or should I create another wordpress.conf file and place the second site’s variables there?
I skipped steps 2,5 and 6 because I had already done them on the first install.
Leron Amin says
Hi Paul,
Don’t create another wordpress.conf file. With multisite configurations, your wordpress.conf file needs to be configured for the PRIMARY domain in your multisite configuration. The additional domains, whether they are top-level or sub-domains, should be mapped from the front-end using a domain mapping plugin.
Check out this Bitnami documentation for additional instructions. Also – the configuration instructions are nearly identical regardless of whether you’re using the Bitnami or Click-to-Deploy WordPress stack.
Hope this answers your question! π
Talk to you soon,
Joe
Miti says
I work out following your steps. But I choose WordPress Multisite (Solution provided by Google Click to Deploy) as I prefer php7. The problem is the result from typing sudo nano /etc/apache2/sites-available/wordpress.conf
The console shows only
Options -Indexes
Then I can’t go further process. Do you have any suggestion for this issue?
Miti says
The error occured when I type sudo service apache2 restart
The result is
Job for apache2.service failed because the control process exited with error code.
See “systemctl status apache2.service” and “journalctl -xe” for details.
Then I type journalctl -xe
The result is
miti@wordpress-multisite-1-vm:~$ journalctl -xe
Oct 27 16:30:42 wordpress-multisite-1-vm sudo[6471]: pam_unix(sudo:session): session closed for user root
Oct 27 16:30:49 wordpress-multisite-1-vm sudo[6476]: miti: TTY=pts/0 ; PWD=/home/miti ; USER=root ; COMMAND=/usr/sbin/a2enmod ssl
Oct 27 16:30:49 wordpress-multisite-1-vm sudo[6476]: pam_unix(sudo:session): session opened for user root by miti(uid=0)
Oct 27 16:30:49 wordpress-multisite-1-vm sudo[6476]: pam_unix(sudo:session): session closed for user root
Oct 27 16:30:58 wordpress-multisite-1-vm sudo[6489]: miti : TTY=pts/0 ; PWD=/home/miti ; USER=root ; COMMAND=/usr/sbin/service apache2 restart
Oct 27 16:30:58 wordpress-multisite-1-vm sudo[6489]: pam_unix(sudo:session): session opened for user root by miti(uid=0)
Oct 27 16:30:58 wordpress-multisite-1-vm systemd[1]: Stopping The Apache HTTP Server…
— Subject: Unit apache2.service has begun shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun shutting down.
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/wordpress.conf:
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: ServerAlias only used in
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: Action ‘stop’ failed.
Oct 27 16:30:58 wordpress-multisite-1-vm apachectl[6495]: The Apache error log may have more information.
Oct 27 16:30:58 wordpress-multisite-1-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: Stopped The Apache HTTP Server.
— Subject: Unit apache2.service has finished shutting down
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has finished shutting down.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: apache2.service: Unit entered failed state.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: Starting The Apache HTTP Server…
— Subject: Unit apache2.service has begun start-up
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has begun starting up.
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/wordpress.conf:
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: ServerAlias only used in
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: Action ‘start’ failed.
Oct 27 16:30:59 wordpress-multisite-1-vm apachectl[6502]: The Apache error log may have more information.
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 27 16:30:59 wordpress-multisite-1-vm systemd[1]: Failed to start The Apache HTTP Server.
— Subject: Unit apache2.service has failed
— Defined-By: systemd
— Support: https://www.debian.org/support
—
— Unit apache2.service has failed.
—
Leron Amin says
Hi Miti,
There is a syntax error in your wordpress.conf file; on line 2 from what it looks like. This is the reason why your Apache service is failing to restart.
If you haven’t yet resolved the issue, you can copy and paste the top half of your .conf file into the comments and I will check for anything unusual.
Talk to you soon,
Joe
Jireh says
Hey Leron/Joe,
I am having the same problem above.
Aug 16 09:54:12 wordpressjireh-vm apachectl[16803]: ServerAlias only used in
Aug 16 09:54:12 wordpressjireh-vm apachectl[16803]: Action ‘stop’ failed.
Aug 16 09:54:12 wordpressjireh-vm apachectl[16803]: The Apache error log may have more information.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: apache2.service: Control process exited, code=exited status=1
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: Stopped The Apache HTTP Server.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: apache2.service: Unit entered failed state.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: apache2.service: Failed with result ‘exit-code’.
Aug 16 09:54:12 wordpressjireh-vm systemd[1]: Starting The Apache HTTP Server…
Aug 16 09:54:12 wordpressjireh-vm apachectl[16810]: AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/word
press.conf:
Unofrtunately this is all I have inside my wordpress.conf file unlike the screenshot you have above…
ServerName http://www.j1reh.com
ServerAlias j1reh.com
Redirect permanent / https://www.j1reh.com/
Options -Indexes
Appreciate your help! Thanks alot!
Leron Amin says
Hi Jireh,
Check out this comment. Copy and paste the code from the comment into your wordpress.conf file, and see if that fixes the problem.
Don’t forget to substitute 1pagezen.com with your own domain name.
Let me know if this works,
Joe
Jireh says
THANK YOUUUUUU!!!! IT WORKED!!! You are the man!
Leron Amin says
Hi Miti,
I am not sure the multisite configuration has a wordpress.conf file located in the same directory as a standalone Click-to-Deploy configuration.
Have you checked to see if the file is at that location? You can run sudo ls /etc/apache2/sites-available/
Let me know what you find. π
Talk to you soon,
Joe
RAGHAV BHALLA says
Thanks for pointing me this updated tutorial, followed it and got the SSL setup on my first website within 5 minutes. Amazing stuff.
Just had one question in mind, I’ve already made a snapshot of my VM after the SSL was setup so in future say if I restore this snapshot or maybe clone it and then point the static IP i was using for this VM to the cloned VM, will the SSL function properly on the cloned VM right away or will I have to do this again?
Thanks again.
Leron Amin says
Hi Raghav,
I am glad the tutorial worked for you!
If you are restoring the website snapshot to the existing VM, it should work just as normal.
If you restore the snapshot to a new VM it would have to have the same DNS configuration that was used when originally configuring the certificates. It may or may not work out of the box, if not, you would just have to make some basic adjustments to your DNS and Apache.
Hope this answers your question!
Joe
Andrew Heller says
Would you have any interest in doing a tutorial on the Cloud Load Balancer? π
It looks like you could offload the SSL to that, but I’m not sure if you can do SSL with letsencrypt.
I’d like to be able to scale up if there’s a crazy spike in traffic, but scale back if nothing’s happening.
Leron Amin says
Hey Andrew,
I have been working on a load balancing tutorial, and hope to have it released soon.
The one I am currently working on is a cross region load balancer to distribute traffic to instances based on their proximity to the user. However, I will also do a tutorial on the scenario you described, in which new instances would be automatically deployed to handle sudden spikes in traffic based on CPU utilization.
Another issue I am trying to justify is the cost of running the load balancer service, which ended up being significant (~$20-$40/month). This would arguably make the service impractical for anything except for large (and profitable) sites that see heavy levels of traffic.
Anyways, I hope to have the tutorial released soon. I am just trying to make it as simplified and easy to follow as possible. π
Talk to you soon,
Joe
Shyam Chathuranga says
Hey Leron,
You again saved me with SSL setup. I was trying to use Cloudflare to setup its free SSL for my client’s GCP hosted site, but it didn’t work properly after countless tries. Decided to try this tutorial and it all went exactly the same like you explained.
Kind regards,
Shyam
Leron Amin says
Hey Shyam,
I am glad to know that the tutorial was helpful for you!
Thanks for taking the time to write about your experience with CloudFlare vs. the tutorial.
Talk to you soon, π
Joe
M Clouds says
/var/www/html/ does not exist or is not a directory
following your tutorial, it stops at step 3. before the console asks me for email address or to agree, etc. with the same error I have seen others mention on this page and your youtube channel. a solution would help many π Your help is appreciated. Your tutorials are valuable!
using:
username@machinename-vm:~$ ./certbot-auto certonly –webroot -w /var/www/html/ -d domain.com -d http://www.domain.com
…
…
…
at the end:
Processing triggers for libc-bin (2.19-18+deb8u10) …
Creating virtual environment…
Installing Python packages…
Installation succeeded.
/var/www/html/ does not exist or is not a directory
username@machinename-vm:~$
M Clouds says
WP is adding http:// to the http://www.domain portion of the command line I copy pasted/above. I did not enter that in SSH. π
Leron Amin says
Hi,
I had someone else experience that error recently.
I am going to try and re-create the error on a test account and see what I can find.
Talk to you soon, π
Joe
M Clouds says
I retried again. same issue. I was able to verify /var exists. However within /var there is not a www directory. see here: https://www.screencast.com/t/fPk1lywniLx
M Clouds says
*SOLVED*
the issue was following the wrong “version” of your tutorial. For me, I needed the click to deploy Bitnami version of SSL tutorial. after locating that – your steps were flawless. So anytime in the future other users are experiencing that same error (saw a few others post it), the answer is just wrong tut.
Outstanding work on these tuts! Lifesaver!!
Leron Amin says
Hi M Clouds,
I am glad you were able to get the issue resolved.
It is true that the Bitnami and Click-to-Deploy versions have different root directories. I falsely assumed the problem was something obscure and complex. Thanks for sharing how you resolved the problem, as I am sure this will help other users in the future. π
Best regards,
Joe
Sarkhan says
Hi,
Can you please explain your solution a bit more explicitly.
What is the right tutorial and would you please be a little more open while saying “click to deploy Bitnami version of SSL tutorial” ?
I hope you will help us.
Thanks in advance.
san says
Hi,
Thanks for the great post, I was trying to install SSL on the domain… I’m getting an error
/var/www/html/ does not exist or is not a directory
Leron Amin says
Hi San,
It looks like your certificates are configured properly for your domain mytraveltrips.in – you just need to fix the mixed content errors.
If you want me to look at the /var/www/html/ error, copy and paste the contents of your SSH window into the comments so that I can see the command that is causing the error.
Talk to you soon, π
Joe
Andrew Heller says
Hi Leron!
Thanks for the great tutorials!
Letsencrypt wildcard certificates are coming in January! This would be a great for a WordPress Multisite. https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
Andrew
Leron Amin says
Hey Andrew,
Thanks for sharing the article!
I know lots of people (including myself) will be thrilled to have wildcard capability.
I agree that it will be an invaluable tool for WP multisite users!
Best regards,
Joe
Dali says
Letsencrypt wildcard capability in now live!
Thanks a lot for your awesome tutorials, Joe!
Leron Amin says
Great to know, Dali!
I haven’t played around with it yet, but it looks promising.
Thanks for the update π
Joe
Christine says
I was able to figure it out. I was missing a closing “>” in one of the config files. Ooops! This was a huge help! Really great resource!
Leron Amin says
Hey Christine,
I am glad that you were able to resolve the issue and get your website started again!
Best regards, π
Joe
Oleksandr says
Hello!
Thanks for the great tutorial.
Unfortunately, my site started to show the following error after these changes,
“This site canβt provide a secure connection
drozdandpartners.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH”
Could you give an advice on how it can be fixed.
Leron Amin says
Hi Oleksandr,
Which web browser and version are you using?
Oleksandr says
Hi,
Thanks for such a quick response.
At the time I tested on Chrome, Firefox and even IE. A few hours later the system became operational.
Upon examining the GCP it turned out that the entire system was down for this period of time https://ufile.io/agzjn.
Anyway, thank you so much for the great tutorial. It is hard to find videos on this topic with such clarity.
Best,
Leron Amin says
Hi Oleksandr,
Thank you for following up to notify me that the error had to do with GCP.
I am glad to know that the error resolved itself π
Best regards,
Joe
cyril says
Hi, I found this tutorial very easy to follow, greatly detailed.
I have tried to reproduce it for another app from Bitnami ( Mautic) any idea of what I should adapt ? because it failed so far.
many thanks
Leron Amin says
Hi Cyril,
I am glad you found the tutorial easy to follow. π
This tutorial will not work with Bitnami configurations because the directory structure is different. This tutorial works for the Click-to-Deploy version of WordPress on GCP and most other Apache configurations with a similar directory structure.
If you want to install SSL for a Bitnami application, try this tutorial.
The instructions will be nearly identical – however, I can’t say for certain.
If you give it a try, let me know how it goes. If you experience any problems I can try and help you through them. π
Talk to you soon,
Joe
Leron Amin says
What did you think of this revised version of the Click-to-Deploy SSL certificate tutorial?
Did you find it easier, more challenging, not much different?
Please share your questions and comments below!
Thanks,
Joe
Bishal says
my site completely gone down after this process what should i do?
Leron Amin says
Hi Bishal,
What is the error message that you are seeing?
Let me know and I will help you to find a solution to this problem. π
Talk to you soon,
Joe
Vishwajeet says
I have the same issue. The page says :
This site canβt be reached
http://www.digitalaid.in took too long to respond.
Leron Amin says
Hi Vishwajeet,
It seems you were able to get the issue resolved – what exactly was the problem?
Talk to you soon,
Joe