Amazon Lightsail WordPress Instance Unabled to Redirect HTTP to HTTPS

Keywords: WordPress - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: 58a55abd-bbcd-65ae-bcfd-1e9de6534a09

bndiagnostic output:

The diagnostic tool couldn't find any issues.

bndiagnostic failure reason: The tool could not find any issue

Description:
Support code: 58a55abd-bbcd-65ae-bcfd-1e9de6534a09

Platform: Amazon Lightsail
Setup: Instance 2 GB RAM, 1 vCPU, 60 GB SSD WordPress behind a Lightsail Load Balancer.
I have a verified domain with a certificate on the domain at lobsterbox.com

Following some instructions to force https on bitnami wordpress but still unable to redirect to https when hitting to http url.

Edited files below:
wp-config.php

/**
 * Force HTTPS
 */
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
    $_SERVER['HTTPS']='on';

define('FORCE_SSL_ADMIN', true);
define('RELOCATE', TRUE);
define( 'WP_HOME', 'https:domain' );
define( 'WP_SITEURL', 'https:domain/' );

bitnami.conf

# Default Virtual Host configuration.

# Let Apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  RewriteEngine On
  # BEGIN: Enable HTTP to HTTPS redirection
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
  # END: Enable HTTP to HTTPS redirection
  # BEGIN: Enable non-www to www redirection
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>
  # Error Documents
  ErrorDocument 503 /503.html
</VirtualHost>

Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

bitnami-ssl.conf

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key"
  RewriteEngine On
  # BEGIN: Enable non-www to www redirection
  RewriteCond %{HTTP_HOST} !^www. [NC]
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteCond %{REQUEST_URI} !^/.well-known
  RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection
  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html
</VirtualHost>

Hi @huyle.finance,

I just accessed your site and I got redirected from http to https without problems. Did you manage to fix the issue? I can see that it’s WordPress what is redirecting to https://yourdomain. Do you still need help to configure the redirections?

❯ curl -LI http://lobsterbox.com/
HTTP/1.1 301 Moved Permanently
Date: Mon, 15 Nov 2021 10:55:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Server: Apache/2.4.51 (Unix) OpenSSL/1.1.1d
X-Powered-By: PHP/7.4.24
X-Pingback: http://lobsterbox.com/xmlrpc.php
X-Redirect-By: WordPress
Location: https://lobsterbox.com/

HTTP/2 503
date: Mon, 15 Nov 2021 10:55:51 GMT
content-type: text/html; charset=utf-8
server: Apache/2.4.51 (Unix) OpenSSL/1.1.1d
x-powered-by: PHP/7.4.24
x-pingback: https://lobsterbox.com/xmlrpc.php
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
retry-after: 600

Thanks

Interesting that it has been fixed overnight. I am not sure what happened overnight, did someone from bitnami accessed to my instance to fix it?

Or, is there any delay to apply the changes into the instance after I edited the conf and restart apache?

Hi @huyle.finance,

No, we do not have access to your instance. Note that it runs under your account

There shouldn’t be any delay. However, the load balancer is probably caching the resources.

Is there a way to purge the load balancer to reflect the changes?

As I don’t see changes when I edit the stack/apache2/conf/bitnami/bitnami.conf . I only see instant changes when I edit the wordpress-vhost.conf file

Also i am now seeing this ssl:warn " www.example.com:443:0 server certificate does NOT include an ID which matches the server name". I am using lightsail Certificate for load balancer. How do I remove the warning?

Hi @huyle.finance,

The files you need to edit are the “wordpress” ones because they define the VirtualHost Apache uses to serve the app’s files.

That’s just a warning message. We include a dummy certificate and use www.example.com as dummy domain. I understand you didn’t change that certificate and that’s why you are getting that warning. As you have a load balancer and the certificate is configured there, you do not need to configure a different certificate in the instance.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.