[deanhills]

[...] So i was using it on my wordpress site which was transferred from another server and i think the problem is due to mistake's during transfer.Now i think i should backup my contents manually and post it again.

Did you update the wp-options table of the database? There may be info in the database that need to be updated, i.e. https vs http etc.  I usually check through it in phpmyadmin after I manually migrated a database.  

[Rehan]

Did you update the wp-options table of the database? There may be info in the database that need to be updated, i.e. https vs http etc.  I usually check through it in phpmyadmin after I manually migrated a database.  

Yeah. I have tried changing these url from database.I shall try my best to find its solution but for now i am going to re-install Wordpress because it is  my professional web and i am losing my visitors.I shall post the solution if i find.
btw in previous these url were on http while site was working well with https.I used auto-redirect and was working well.I don't know what happens with this one.

[humanpuff69]

wildcard is great if you have lot of subdomain . instead of assign the certificate to each subdomain you can have all for your sobdomain so all of them can be https easily

i used to use lets encrypt but since i use cloudflare i cannot use that anymore for free . you need to pay to use your own cert on cloudflare . but luckily cloudflare also offer free ssl and you dont need to renew it every 3 month but it is shared with other people so your certificate can also be used on other people site since it is shared

[Mashiro]

Addition regarding certificate renewal

I would like to use this post as an addition to the main post. This addition contains a rather important note regarding renewal of certificates issued through this guide and the used method.


The DNS challenge keys that are being set in step 3.3 and 3.4 do have a LIMITED VALIDATION PERIOD! The period is most likely equal to the lifetime of the issued certificate (90 days).

Today I noticed that the certificate for my site expired hours ago in the night. I logged into my server to renew the certificate. In an attempt to renew the certificate using the automatic renewal function of certbot I experienced that it didn't work and returned an error:

Code: (Select All)

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-
Attempting to renew cert (domain.ext) from /etc/letsencrypt/renewal/domain.ext.conf produced an unexpected error: The manua
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-
All renewal attempts failed. The following certs could not be renewed:
 /etc/letsencrypt/live/domain.ext/fullchain.pem (failure)

The error merely says that the automatic renewal failed and renewal has to be done manually.


To perform a renewal you have to repeat the whole step no. #3 every 90 days. Basically you remove the old DNS challenge DNS records, run the command to request the certificate, create the new DNS challenge DNS entries and get the new certificate after the DNS records are verified by the Let's Encrypt servers.

This was new for me. Before this new authentication challenge method the automatic renewal used to work despite having requested the certificates with the manual method.

[Kururin]

I had to do the same for my domain for renewal. I had to type in the stuff I typed in first time when I issued the certificate. I suggest using a cron to run it every 3 month or something. I set it up and now have to wait for the result in 3 months of time.

[Mashiro]

I had to do the same for my domain for renewal. I had to type in the stuff I typed in first time when I issued the certificate. I suggest using a cron to run it every 3 month or something. I set it up and now have to wait for the result in 3 months of time.

I would like to see your cronjob solution.

The issue I see at hand is that probably a cronjob can't update the DNS challenge records for you, unless your DNS hosting provider has a API for that and you write a script that somehow manages to update it properly (how do you control issue with the waiting time of DNS propagation updates???).

Automated DNS challenge does exist but as far as I figured out during research it only supports GoDaddy DNS so far.

[Kururin]

I would like to see your cronjob solution.

The issue I see at hand is that probably a cronjob can't update the DNS challenge records for you, unless your DNS hosting provider has a API for that and you write a script that somehow manages to update it properly (how do you control issue with the waiting time of DNS propagation updates???).

Automated DNS challenge does exist but as far as I figured out during research it only supports GoDaddy DNS so far.

Oops sorry, I mixed up lexicon with cronjob since it is similar. I followed this article's example https://id-rsa.pub/post/certbot-auto-dns...h-lexicon/ and piped it to my digitalocean api key to run every 3 months. I think the article is a bit redundant, I suggest using this instead https://github.com/go-acme/lego

[humanpuff69]

you can add the * symbol before the domain to get the wildcard one . and also you cannot use any other certificate in cloudflare so make sure you dont use cloudflare if you want to use letsencrypt

for example *.yoursite.com

[Mashiro]

@Kururin

Thank you for sharing this information. Unfortunately the API of 1984.is is so limited, that it is only able to update an A record value for an existing A record of a domain. So using it with the services from the information you provided is impossible sadly. So I did something I didn't really like... I moved by domain DNS hosting to Cloudflare for DNS hosting only (not going to use any other features of their service). I will take a look at the lego acme client for automated renewal and update of DNS records.

[Melvin]

to be honest this is a good tutorial and a helpful one, and i would recommended it for everyone who faces issues with security @Hidden thanks for the sharing.
But i got a question is this way would protect all port and ip?
i mean for game servers it has the ip you are using and port of the server. so it would protect all of that as we know udp thats flooods ip with specific port.
and i face a lot of issues from, so this tuto would help?