Ken's picture

I finish config SSL for my site. Pages are working well but i have problem with some pages as following 

https://www.mysite.com/wp-admin/ , https://www.mysite.com/404 or pages in wp-admin such as https://www.mysite.com/wp-admin/index.php , etc.  i met the message on browser "Your connection is not private"  (the redirect to https://mysite.com/wp-admin/ is not work with https://www.mysite.com/wp-admin/ and http://www.mysite.com/wp-admin/ but it work when i put http://mysite.com/wp-admin/  in browser) . I set my site url in Wordpress setting : https://mysite.com and install SSL Really Simple Plugin to fix mixed content

I also try plugin Better Search Replace , WP Migrate DB to replace "https://www.mysite.com" , "http://mysite.com" and "http://www.mysite.com" to "https://mysite.com" in database but still not resolve above problem. Could you tell me some tip to fix it ?

In addition i visited some site as this site: https://hocvps.com and test by adding  www or https as above 

https://www.hocvps.com/wp-admin/index.php

http://www.hocvps.com/wp-admin/index.php 

https://www.hocvps.com/wp-admin/

http://www.hocvps.com/wp-admin/

all pages were redirected to https://hocvps/not-found  

so the second question is

how can i do that redirect all page in wp-admin to https://mysite.com/404 page for my website ?

 

Here is my file .htaccess

# END GOTMLS Patch to Block XMLRPC Access
# BEGIN rlrssslReallySimpleSSL rsssl_version[3.2.9]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Wordfence WAF
<IfModule mod_php5.c>
    php_value auto_prepend_file '/var/www/wordpress/wordfence-waf.php'
</IfModule>
<IfModule mod_php7.c>
    php_value auto_prepend_file '/var/www/wordpress/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>

# END Wordfence WAF
 

Thanks you

 

Forum: 
Ken's picture

Thanks all . I resolved that problem. i removed SSL Really Simple Plugin and edit .htaccess file so all pages are working well. :)

Ken's picture

Oh seem like error again. Could some one check my first link above ?

Jeremy Davis's picture

It seems like you've since made some changes, so this may not be 100% relevant any more. However, the main thing I note is that your certificate is for mysite.com only. So www.mysite.com does not have a valid certificate (hence the warning).

If you are using our Let's Encrypt integration, then you just need to add www.mysite.com as an additional domain (so it will generate a cert for both mysite.com and www.mysite.com).

I hope that helps.

Ken's picture

Yeah my problem is resolved :).

At the first time i configed lets encrypt for domain 1 : mysite.com and domain 2 www.mysite.com but i get error message then i configed only mysite.com and it work. Now i confige both mysite.com and www.mysite.com but i got no error message anymore . It is strange 

Many thanks for your tip.

Jeremy Davis's picture

That is strange... But glad it's working...! :)

Ken's picture

On my webserver i also install postfix and dovecot for mail server. Could you tell me know how can i use Let's Enscrypt cert and key for postfix and dovecot config ssl ,those i got for webserver ?

Jeremy Davis's picture

AFAIK it should be possible, but I've never done it... So unfortunately, I can't tell you off the top of my head how you might do it. I'd need to do some testing myself to be able to give you clear instructions that I'm sure of. And unfortunately, I don't currently have the time sorry (I'm really trying to get v16.0 out ASAP).

However, having said that, a quick google turned up this Let's Encrypt thread which pretty much covers it. Elaborating this particular post for what I know of TurnKey should mean that you need to do something like this:

Add dovecot config (hopefully /etc/dovecot/conf.d/10-ssl.conf):

ssl_cert = /etc/ssl/private/cert.pem
ssl_key = /etc/ssl/private/key.pem

And postfix config (hopefully /etc/postfix/main.cf):

smtpd_tls_cert_file = /etc/ssl/private/cert.pem
smtpd_tls_key_file = /etc/ssl/private/key.pem

Then restart both:

systemctl restart postfix
systemctl restart dovecot

If you get any errors and/or they fail to restart, then double check your config.

ALso, if you haven't already, you'll need to ensure that you have added MX records (via your DNS management UI, often with whoever your DNS registrar is).

Hopefully that all works. Please post back and let us know how it goes...

Ken's picture

Perfect !! It is working for mail my server. I config as your instruction in 10-ssl.conf and main.cf with another file cert and key

ssl_cert = /etc/ssl/private/cert.pem
ssl_key = /etc/ssl/private/cert.key

 

In addtional in main.cf i also put also this at the end

smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt 

then restart postfix and dovecot service

I checked also my mail server on https://www.checktls.com/ and all pass 100%

 


 

 

Jeremy Davis's picture

What excellent news! Thanks for posting back. :)

Ken's picture

Now i have new problem with Opendkim . I config dkim and dmarc record so that i can sent email from mail domain into inbox gmail (i tested sending an email and all mail sent to spam). 

I do that as the instruction https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf#comment-45591

But after config i cant sent email anymore not only internal- (between emails in my domain) but also external email(from my domain email to gmail...)

i got message on Thunderbird :An error occurred while sending mail: The mail server sent an incorrect greeting:  Cannot connect to SMTP server 63.141.248.235 (63.141.248.235:25), connect error 10061.

Does anyone have suggestion ?

 

 

Jeremy Davis's picture

In my very limited experience, sending email directly and ensuring that it gets through and is not tagged as spam is REALLY hard.

It sounds like you've gone a long way down this path and much further than I've ever explored. FWIW I've always just followed the path of least resistance and used an SMTP relay to send emails.

Ken's picture

After careful reading the instruction i found some usefull information about my problem.

because of using SASL before, the part i must to update is to extend the /etc/postfix/main.cf

smtpd_recipient_restrictions =
   reject_unauth_destination,
   check_policy_service unix:private/policyd-spf

to

smtpd_recipient_restrictions = 
  permit_mynetworks 
  permit_sasl_authenticated 
  reject_unauth_destination 
  check_policy_service unix:private/policyd-spf

otherwise SMTP clients will fail.

After config dkim spf and dmarc they work well.

i send some mail to gmail but they sent still to spam folder so i think it take a time to update our domain mail to their system because our domain mail system havent sent any email before. So i will wait few weeks to check if the problem will be resolved 

Ken's picture

i have problem with mail and web server. my website and mail work well but when i put mail.mydomain.com to browser URL . My website were shown under name www.mail.mydomain.com. and i access some link on website i met the link like that mail.mydomain.com/page .... (i want to use mail.mydomain.com only for mail client config not for website like that

i check my rDNS record : ipaddr point to mail.mydomain.com ,

i updated ip addr point to mydomain.com then i check mydomain on https://mxtoolbox.com/. i got a warning (when i set rDNS point to mail.mydomain.com there are no warning message but mysite can access with domain mail.mydomain.com)

PROBLEM DETAILS

View Monitor

 SMTP Valid Hostname

What you see when your domain has this problem

LISTED SMTP Valid Hostname

Do you have any ideal ?

Ken's picture

(when i set rDNS point to mail.mydomain.com there are no warning message but mysite can access with domain mail.mydomain.com same exactly as mydomain.com)

i updated ip addr point to mydomain.com then checked mydomain on https://mxtoolbox.com/. mail.mydomain.com dont work  but i got a warning as below 

PROBLEM DETAILS

View Monitor

SMTP Valid Hostname

What you see when your domain has this problem 

SMTP Valid Hostname

Add new comment