Site redirecting to https instead of http

I have a staging site that I am trying to setup. I have production working correctly with no issues. When I provision the server and deploy my code to staging everything seems to work correctly and I get no errors. But when I hit the site it trys to redirect me to https instead of http. I have destroyed droplets and recreated them from scratch and still have the same problem. Has anyone else seen this happen.

I have looked in the forum and tried all the suggestion I could find without any success.

Here is my sites file for staging.

wordpress_sites:
  reviewexchange.com:
    site_hosts:
      - canonical: dev.reviewexchange.com
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    repo: <mygithubpath> # replace with your Git repo URL
    repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
    branch: master
    multisite:
      enabled: false
    ssl:
      enabled: false
      provider: letsencrypt
    cache:
      enabled: false

This is caused by the HSTS include subdomains option. The quickest solution is to re-provision with SSL enabled on staging.

The alternative is to set nginx_hsts_include_subdomains: false in group_vars/all/main.yml and you’ll need to remove the HSTS setting from your browser, as will anyone else looking to connect to staging.

1 Like

Thank you for the reply. I would prefer to have the staging site setup with an SSL. But when I provision the server with various settings I run into errors. I will list these out below. Thank you for the help in advance.

Provision Server with the following settings:


Wordpress Sites File

# Documentation: https://roots.io/trellis/docs/remote-server-setup/
# `wordpress_sites` options: https://roots.io/trellis/docs/wordpress-sites
# Define accompanying passwords/secrets in group_vars/staging/vault.yml

wordpress_sites:
  reviewexchange.com:
    site_hosts:
      - canonical: dev.reviewexchange.com
        #redirects:
         # - https://dev.reviewexchange.com
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    repo: git@github.com # replace with your Git repo URL
    repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
    branch: master
    multisite:
      enabled: false
    ssl:
      enabled: true
      provider: letsencrypt
    env:
      wp_home: https://dev.reviewexchange.com
      wp_siteurl: https://dev.reviewexchange.com/wp
    cache:
      enabled: false

Hosts - Staging

[staging]
dev.reviewexchange.com

[web]
dev.reviewexchange.com

I get this message when running ansible-playbook server.yml -e env=staging

Failed to connect to the host via ssh.
fatal: [dev.reviewexchange.com]: UNREACHABLE! => {“changed”: false, “unreachable”: true}

If I change the domain back to the ip address it seems to work until it gets to error creating the SSL. This is the message.

[staging]
45.55.252.107

[web]
45.55.252.107

Then after running ansible-playbook server.yml -e env=staging it goes through most of the process until it hits the following.

fatal: [45.55.252.107]: FAILED! => {“changed”: false, “cmd”: ["./renew-certs.py"], “delta”: “0:00:00.752812”, “end”: “2016-08-29 15:07:02.382938”, “failed”: true, “rc”: 1, “start”: “2016-08-29 15:07:01.630126”, “stderr”: “”, “stdout”: “Generating certificate for reviewexchange.com\nError while generating certificate for reviewexchange.com\nParsing account key…\nParsing CSR…\nRegistering account…\nTraceback (most recent call last):\n File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in \n main(sys.argv[1:])\n File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)\n File “/usr/local/letsencrypt/acme_tiny.py”, line 92, in get_crt\n raise ValueError(“Error registering: {0} {1}”.format(code, result))\nValueError: Error registering: 400 {\n “type”: “urn:acme:error:malformed”,\n “detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,\n “status”: 400\n}”, “stdout_lines”: [“Generating certificate for reviewexchange.com”, “Error while generating certificate for reviewexchange.com”, “Parsing account key…”, “Parsing CSR…”, “Registering account…”, “Traceback (most recent call last):”, " File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in “, " main(sys.argv[1:])”, " File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main", " signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)", " File “/usr/local/letsencrypt/acme_tiny.py”, line 92, in get_crt", " raise ValueError(“Error registering: {0} {1}”.format(code, result))", “ValueError: Error registering: 400 {”, " “type”: “urn:acme:error:malformed”,", " “detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,", " “status”: 400", “}”], “warnings”: []}

Reading through the fatal error, you can see it traces back to the Let’s Encrypt role. You can also see it’s complaining about a mismatch in the agreement url.

Let’s search Discourse or GitHub for those terms:

https://discourse.roots.io/search?q=let's%20encrypt%20agreement%20url

Both have the answers you need.

Please try searching before requesting help in future. It’s the reason we maintain these forums and keep our Git repositories informative.

1 Like

Thank you for the help and sorry about that. I did research but I guess I wasn’t looking for the right thing.

The solution worked. Thanks a lot for this. I will make sure to research better before I post from here on out. Thanks again.