Redirect HTTP to HTTPS but this time with the WWW!

Well, I was not a 100% happy with the way the redirect was working when I initially set it up.

Any HTTP traffic heading to the site would get redirected to HTTPS but only if someone visited the link by using the naked domain ‘dipen.co.uk’.

Plus, I had a little bit of tinkering to do to the site as well. I wanted the ‘www.’ prefix working. Unfortunately if the ‘www.’ prefix was used, an error would appear. Something to do with Cloudflare but that is a topic for another post. By the way, if you don’t use Cloudflare, I highly recommend it! Link -> https://www.cloudflare.com/

I got the ‘www.’ prefix for the website working but the redirects were still not working as they should. If someone visited http://dipen.co.uk then it would redirect to https://dipen.co.uk but not to https://www.dipen.co.uk

Bit of searching and I came across this lovely snippet on StackOverflow:

Source: https://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www

It works like a charm! The balance in the universe has been restored! Yay!

DFS-R Having a Bad Day?

Well, first things first, don’t PANIC!

Arm yourself with the following command dfsrdiag replicationstate,look at the Windows Event Logs and DFS-R Debug logs located in C:\Windows\Debug.

They provide a wealth information.

Just as a reminder for myself I am going to include some resources below. Might come back and expand on them another time.

1. Checking for backlogs:
dfsrdiag backlog /rgname:rgroup_name /rfname:folder_name /sendingmember:sending_server
/receivingmember:receiving_server

2. Setting verbose logging for DFSR logs:
wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig set debuglogseverity=5

3. Translate GUID into file names. DFSR usus GUID to identify replicated files:
dfsrdiag guid2name /guid:guid_identifier /rgname:group_name

4. Getting the GUID’s of replicated folders:
wmic /namespace:\\root\microsoftdfs path dfsrreplicatedfolderconfig get replicatedfolderguid,replicatedfoldername

(https://niktips.wordpress.com/2013/06/25/dfs-replication-troubleshooting/)

5. What is DFSR currently up to? – https://blogs.technet.microsoft.com/filecab/2009/05/28/dfsrdiag-exe-replicationstate-whats-dfsr-up-to/

6. Useful succint DFSR Troubleshooting notes with EventId’s – https://adminspeak.wordpress.com/tag/dfs-event-id-2212/

7. DFSR Event ID 2212 – https://support.microsoft.com/en-us/kb/977518

8. Understanding DFSR Dirty (Unexpected) File Recovery – https://blogs.technet.microsoft.com/filecab/2012/07/23/understanding-dfsr-dirty-unexpected-shutdown-recovery/

9. Understanding DFSR Debug logs. A great 21-part series on DFSR and Debug logs. Part 1 – https://blogs.technet.microsoft.com/askds/2009/03/23/understanding-dfsr-debug-logging-part-1-logging-levels-log-format-guids/

Redirect HTTP traffic to HTTPS with .htaccess

Now that I have made the switch to SSL, I needed to make sure that any traffic that hits the website uses SSL.

A quick and easy way to do this is to use the .htaccess file and add the following into it:

Make sure that the following two lines are right below the RewriteEngine line:
RewriteCond
RewriteRule

Setting up SSL using CPanel and Let’s Encrypt

I have been meaning to update this site to use SSL for a while now.

Why SSL? – Quick answer: Security and Encryption. Any web traffic to an SSL enabled site ensures that the traffic is encrypted and information is transmitted securely.

Anyway, here is a quick guide to enabling SSL using a certificate generated from Let’s Encrypt.

Step 1:

Login to CPanel and head over to the SSL / TLS section.

SSL

Step 2:

If you do not already have one, create a Private Key. Make sure you keep this secure.

  • Key Size: 2048 bits

A private key is used to decrypt information transmitted over SSL. When you create an SSL certificate, the first step is to generate a private key file associated with that SSL certificate. You should generate a private key for each SSL certificate you create. This private key is very important and should be kept confidential. A copy of each private key should be kept in a safe place; there is no way to recover a lost private key.

Step 3:

One the Private Key has been generated, create a Certificate Signing Request (CSR). This is what is used to request a Certificate from a Trusted Certificate Authority.

If you obtain a certificate from a trusted SSL provider, you must complete the Certificate Signing Request form to provide the information needed to generate your SSL certificate.

Step 4:

Head over to https://zerossl.com/ and use the Free SSL Certification Wizard. This simplifies the process of requesting a free SSL certificate from Let’s Encrypt.

Include the following information:

  • Email address for certificate expiration reminders.
  • If using Let’s Encrypt for the first time, leave the section for the ‘Let’s Encrypt’ key blank. One will be generated for you.
  • Finally paste the CSR created in Step 3 in the CSR section and proceed.
  • Note: Let’s Encrypt certificates are only valid for 90 days.
  • Also, keep a copy of the generated ‘Let’s Encrypt’ key that has been generated. This will be required when renewing the certificate.

Step 5:

Once a request has been made, it will need to be verified. This is done so Let’s Encrypt can ensure that the certificate being generated for the domain is under your control. This helps prevent MitM attacks. You don’t want anyone coming and generating certificates for your domain.

Verification is made by creating a file with some text at the root of your domain or by editing DNS entries. It depends on whichever method you prefer.

The “Verification” screen

This screen does not require you to enter anything. It shows what needs to be done to prove your domain ownership. If you are using HTTP verification, then for each domain on your certificate you will be given a name and the content of the file to be created. Each name is also a link, so after you have created a file, you can click that link to make sure that the file is actually accessible and the content of it is what it should be. If you are using DNS verification, then you will be given a name for the DNS TXT record and its value. It will also show you how to check that your DNS changes became “visible”.

After creating a file or making DNS changes (and making sure those are visible) you can click “Next”. If everything is done right, you will be moved to the final screen (“Certificate”). If any error happens, then you will see verification results for those domains which have failed verification. After reading the results, click “Next” for the “Verification” screen to be displayed again with the new values for the domains which have failed. There will be no need to re-do those domains on your list which have succeeeded [sic] verification.

Step 6:

Once successfully verified, a free SSL certificate is generated. Copy the CSR key and head back to CPanel and upload it into the Certificates (CRT) Section. If everything has gone smoothly, it will be uploaded without any issues. Check the ‘decoded’ section to ensure everything looks correct.

Step 7:

Finally, we are ready to apply the SSL certificate. Head on over to the, ‘Install and Manage SSL for your site (HTTPS)’ section and under the ‘Install an SSL Website’ click the ‘Browse Certificates’ button. A pop up window will display the uploaded certificate. Select this.

Step 8:

This will automatically match the domain and certificate info. Save changes are you are ready to go!

Resources:

  1. https://letsencrypt.org/ – Let’s Encrypt
  2. https://zerossl.com/ – ZeroSSL
  3. https://documentation.cpanel.net/pages/viewpage.action?pageId=1507527 – CPanel  SSL/TLS section documentation
  4. https://www.sslshopper.com/what-is-ssl.html – What is SSL?