Well, that was a bit of a shit-show and is the reason why I’d been putting it off for so long.
Hey look, I got the green padlock!
- Grabbed an SSL cert using certbot, that all went smoothly.
- DNS issues are what caused a major headache. I had been using Cloudflare for ‘flexible SSL’ whatever the fuck that means, and the DNS propagations took a long time to flow through from namecheap.
To add additional crap, DNS caches on my local machine seemed particularly hard to clear (Ubuntu 14.04 aka trusty). They even persisted through a reboot. Pesky little things!
Yes, I used dig which showed me my box was still looking at the old Cloudflare DNS12345678910111213141516171819; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> craigamos.rocks;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11160;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;craigamos.rocks. IN A;; ANSWER SECTION:craigamos.rocks. 9 IN A 22.214.171.124craigamos.rocks. 9 IN A 126.96.36.199;; Query time: 14 msec;; SERVER: 127.0.1.1#53(127.0.1.1);; WHEN: Tue Sep 17 15:54:50 ICT 2019;; MSG SIZE rcvd: 76
So after all the DNS changes propagated, I still couldn’t open the site in my browser. Was it my firewall?
Firewall was off. Oh shit! Is something listening on port 443?
Yep.. here’s the gremlin.12root@server:/etc/h2o# netstat -ntupl | grep :443tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 25579/perl
But that’s my webserver as I quickly confirmed1root 25579 0.0 1.0 38336 10588 ? Ss 08:02 0:00 perl -x /usr/share/h2o/start_server --pid-file=/var/run/h2o/pid --log-file=/var/log/h2o/error.log --port=0.0.0.0:443 --port=0.0.0.0:80 -- /usr/sbin/h2o -c /etc/h2o/h2o.conf
Like a jackrabbit, I enabled the firewall and opened port 443
Site came up-ish! BUT I DON”T UNDERSTAND WHY IT DIDN”T WORK IN THE FIRST PLACE.
- Finally, all that was left to do was to upload my Deliciously Brainy WP Migrate DB Pro to do a search and replace on my WP DB for http -> https
Anyway – everything seems to be working now.
Did I mention I have 2 ‘A’ records?
Don’t judge me!
Things I learned
• https://dns.google.com is very handy! But their cache flush tool didn’t work for me.
• DNS_PROBE_FINISHED_NXDOMAIN is a shitty browser error.