Weird SSL error: redirects to server IP & shows wrong certificate (Google Compute Engine + OpenLiteSpeed)

seezee

New Member
#1
I moved a client site to a Google Compute Engine + OpenLiteSpeed instance. Just now updated the DNS & went through the interactive setup via the CLI. Set up the virtualhost listeners & issued the LE certs. When I visit the site URL, the browser redirects to the server IP and I get a certificate error. Checking the cert details reveals that instead of using the LE cert, the site is using a self-signed certificate with "Organization: LiteSpeedCommunity". See attachment.

https://www.ssllabs.com/ssltest/analyze.html?d=www.fftli.org reveals no errors.

Tested in 3 different browsers all with the same result.
 

Attachments

Cold-Egg

Administrator
#2
Hi,

It seems redirect from domain to IP from somewhere, and that's why you see the cert not showing the right one.

`curl -I https://www.fftli.org/`

Code:
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
X-Redirect-By: WordPress
Location: https://35.209.30.224/
Date: Tue, 28 Jan 2020 18:42:37 GMT
Server: LiteSpeed
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000
Connection: Keep-Alive

Did you check the htaccess file content already? Maybe there's some redirect included.
Also please check your wordpress' home and site url.

Best,
Eric
 
Last edited:

seezee

New Member
#4
OK, it wasn't .htaccess; it was the main WordPress settings. But I'm still getting a certificate error because of the self-signed cert. I didn't create this cert so I don't know where it came from or where it's located on the server. Any idea how to revoke it?
 

Attachments

Last edited:

seezee

New Member
#5
I was able to track down the offending certificate to

Code:
/usr/local/lsws/conf/example.crt
Edited the httpd_config files by commenting out the references to this cert & its corresponding key and replacing them with the paths to my LE certs and then reloaded the server. That eliminated the bad cert warning.

Closing this support thread as SOLVED.
 

Cold-Egg

Administrator
#6
Hi @seezee ,

Yes, feel free to replace that example certificate. That is just a self-signed cert for default port 443 listener.
If you have valid certificate set on the virtual host, it should overwrite the listener's cert.
Anyway, glad to know that you figured out.

Best,
Eric
 
Top