I need help with SSL/Letsencrypt..

January 23, 2019 1.4k views
Let's Encrypt

Hello,

So I took over a load of websites from an agency. They had them hosted on Digital Ocean, so I opened up my own Digital Ocean account and they sent me images of their droplets.

I created Droplets from the images and when I change the DNS all the sites are running.

So far so good.

However, all this UNIX/console stuff is new to me. I am used to working with graphical interfaces like Cpanel and Phpmyadmin and so on.

All the sites gives an SSL error. NET::ERRCERTDATE_INVALID

I can see in the console that there are a lot of Letsencypt directories and files.

How do I remove SSL from the sites / Droplets completely?

1 Answer

Hey friend,

That can be a tough question, as the steps are very relative. I’m going to make up a scenario and tell you how to remove SSL under that scenario, because the high level here is entirely too vague.

Here’s my scenario: Apache, Ubuntu, Wordpress, LetsEncrypt. Wordpress is not using a plugin to force SSL and is using the site URL configuration for https. The Apache SSL config is /etc/apache2/sites-enabled/site1-ssl.conf.

Step 1: Change site URL in Wordpress. Log in to /wp-admin, go to settings, change URL to remove https. This prevents requests to the site from redirecting to https.

Step 2: Remove virtual host with command: a2dissite site1-ssl

Step 3: Restart Apache with: systemctl restart apache2

Now here’s the problem. Most web browsers these days continually default to https on a site that has been previously visited that supports SSL. In fact, sometimes browsers will specifically take your “http://myurl.com” and turn it into “https://myurl.com” whether you want it to or not, simply because the last time you visited successfully it was under the https URL. Insert frustrated visitors and hard times, as well as a loss of SEO due to Google now favoring sites with SSL. Adding insult to injury, everyone is continually working against your site and browsers may eventually display “unsafe” warnings to your visitors because they want you to use SSL.

My advice is that you renew the SSL certificates. LetsEncrypt could be as easy as running the command “le-renew” but it’s really relative to how they set it up. If they used Apache, certbot is easy: https://certbot.eff.org/

If they used Nginx it could be just as easy, but again depends on how they did it. Is it possible for you to find out from them how they intended to manage that? It might save you some time.

Jarland

Have another answer? Share your knowledge.