ERR_TOO_MANY_REDIRECTS on wordpress page [closed]
Check if you have any 301/2 in your htaccess file. OR if you are using a plugin, check for duplicates
ssl
https to https problem – 404 and can’t login
The wordpress database is still holding some data (post content, image urls etc) in it’s database. You need to go into your database and change the url references to the non-ssl as well. I suggest NOT doing this through phpmyadmin though as it will cause some problems. Go get this tool: https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ Upload the contents … Read more
How do I clear Chrome’s SSL cache?
Chrome stores SSL certificate state per host in browser history. So just clear browser history (Ctrl+Shift+Del), at least the following parts: Cached images and files Hosted app data Content licenses Cookies and other site data, for Chrome version 64 Solution 2. If the above doesn’t help, try this: Close Chrome, kill all chrome background processes … Read more
How to get Caching Plug-ins to work on localhost with HTTPS?
Follow on to comment is too long so done as answer: As I understand it your test site works as HTTPS unless WPSC is activated? Another (quick to test) hunch: Under WPSC “Advanced” settings: check on “Simple” then check the “Late Init” (and/or “HTTP Headers”) boxes – save settings. N.B. if you deactivate WPSC these … Read more
Redirect https://www.subdomain.domain.com is not redirecting to subdomain.website.com [closed]
You don’t appear to have a valid SSL cert installed on your server that covers the hostname www.subdomain.example.com, ie. the www sub-subdomain`. The only way to resolve this and not get the browser warning is to install a valid certificate on your server that covers the required hostname. Otherwise, unless the user accepts this invalid … Read more
Multiple SSL domains on the same IP address and same port?
For the most up-to-date information on Apache and SNI, including additional HTTP-Specific RFCs, please refer to the Apache Wiki FYsI: “Multiple (different) SSL certificates on one IP” is brought to you by the magic of TLS Upgrading. It works with newer Apache servers (2.2.x) and reasonably recent browsers (don’t know versions off the top of … Read more
Allow insecure embedded content in a SSL secured website
The Question is: Can I setup some kind of SSL exception in WordPress 4.9.8 to permit the linking to an insecure resource…? Extremely unlikely, and in the vast majority of the cases, impossible. The methods used could also introduce major security issues, and in the worst case scenario, make the domain completely unusable in a … Read more
Wildcard SSL certificate for second-level subdomain
RFC2818 states: If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com … Read more
Is there a reason to use an SSL certificate other than Let’s Encrypt’s free SSL?
Certificate lifespan Security Shorter lifespan is better. Simply because revocation is mostly theoretical, in practice it cannot be relied on (big weakness in the public PKI ecosystem). Management Without automation: Longer lifespan is more convenient. LE may not be feasible if you, for whatever reason, cannot automate the certificate management With automation: Lifespan doesn’t matter. … Read more
SSL Certificate Location on UNIX/Linux
For system-wide use, OpenSSL should provide you /etc/ssl/certs and /etc/ssl/private. The latter of which will be restricted 700 to root:root. If you have an application that doesn’t perform initial privilege separation from root, then it might suit you to locate them somewhere local to the application with the relevantly restricted ownership and permissions.