I’ll answer this in two steps… Do You Need an SSL Cert for Each Subdomain ? Yes and No, it depends. Your standard SSL certificate will be for single domain, say www.domain.example. There are different types of certs you can aside from the standard single domain cert: wildcard and multi domain certs. A wild card … Read more
Is the site running on Apache? If so you could put this in your .htaccess file <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L] </IfModule> also if you need SSL in your admin area and login pages put this into wp-config.php define(‘FORCE_SSL_ADMIN’, true); here’s another way that is more generic: RewriteEngine On … Read more
There is a feature that you can use in wp-config that relates to disabling plugin and theme updates. You can try it out and see if it helps. define( ‘DISALLOW_FILE_MODS’, true ); You can learn more about this feature in the codex.
crt and key files represent both parts of a certificate, key being the private key to the certificate and crt being the signed certificate. It’s only one of the ways to generate certs, another way would be having both inside a pem file or another in a p12 container. You have several ways to generate … Read more
I managed to configure a shared dedicated hosting on a single IP with nginx. Default HTTP and HTTPS serving a 404 for unknown domains incoming. 1 – Create a default zone As nginx is loading vhosts in ascii order, you should create a 00-default file/symbolic link into your /etc/nginx/sites-enabled. 2 – Fill the default zone … Read more
Check if you have any 301/2 in your htaccess file. OR if you are using a plugin, check for duplicates
Chrome stores SSL certificate state per host in browser history. So just clear browser history (Ctrl+Shift+Del), at least the following parts: Cached images and files Hosted app data Content licenses Cookies and other site data, for Chrome version 64 Solution 2. If the above doesn’t help, try this: Close Chrome, kill all chrome background processes … Read more
RFC2818 states: If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com … Read more
Certificate lifespan Security Shorter lifespan is better. Simply because revocation is mostly theoretical, in practice it cannot be relied on (big weakness in the public PKI ecosystem). Management Without automation: Longer lifespan is more convenient. LE may not be feasible if you, for whatever reason, cannot automate the certificate management With automation: Lifespan doesn’t matter. … Read more
The “challenge password” requested as part of the CSR generation, is different from the passphrase used to encrypt the secret key (requested at key generation time, or when a plaintext key is later encrypted – and then requested again each time the SSL-enabled service that uses it starts up). Here’s a key being generated, and … Read more