How to install the free SSL certificate from “Let’s Encrypt” on NameCheap Shared Hosting Server without SSH access. [Working]

By Subharanjan in Software Tricks, Technology, WordPress 1 Comment

Do you want to make your website secure by enabling https:// by installing Free SSL certificate from “Let’s Encrypt” on NameCheap Shared Hosting Server without SSH access? If the answer is YES, then follow the steps below to achieve the same completely free.

In fact, this will work on any hosting server which allows installation of SSL certificates through cPanel.

All of the procedure needs to be done on your own desktop/laptop and generate the certificate. Once done, install the certificate on your hosting server through cpanel.

These two prerequisites must be set up on your desktop/laptop before starting the procedure:

openssl
python

Step 1: Create a directory and clone the “acme-nosudo” helper script.

PHP
1
2
3
4
5
6
 
subh@MacBookAir:~ $ mkdir letstryletsencrypt
subh@MacBookAir:~ $ cd letstryletsencrypt/
subh@MacBookAir:~/letstryletsencrypt $ git clone https://github.com/diafygi/acme-nosudo.git
subh@MacBookAir:+tsencrypt/acme-nosudo $ cd acme-nosudo/
 

Step 2: Generate an user account key to register with Let’s Encrypt.

PHP
1
2
3
4
 
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl genrsa 4096 > user.key
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl rsa -in user.key -pubout > user.pub
 

Step 3: Generate the domain key and a certificate request which will get signed for free for your domain by Let’s Encrypt.

PHP
1
2
3
4
 
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl genrsa 4096 > domain.key
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /System/Library/OpenSSL/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:wpdelighter.com,DNS:www.wpdelighter.com")) > domain.csr
 

To know the path for the “openssl.cnf” configuration file, use the command ” openssl version -a “. This will show you the OPENSSLDIR: “/System/Library/OpenSSL”

Step 4: Run the script using python using your user account public key and the domain CSR.

Use the “–file-based” option to allow verify the challenge by creating and serving the desired file with desired content at desired URL on your server. This removes the need of having SSH access to your server.

PHP
1
2
3
 
subh@MacBookAir:+tsencrypt/acme-nosudo $ python sign_csr.py -f --public-key user.pub domain.csr > signed.crt
 

During this process, the script asks you to run some manual commands, you need to run them in a separate terminal window. You need to keep the script open while you run them. Also, the challenge files can be created for verification using the “FileManager” at the desired directory.

PHP
1
2
3
4
5
6
7
8
9
 
subh@MacBookAir:~ $ cd letstryletsencrypt/acme-nosudo/
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out register_XRvAqb.sig register_xem67X.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out domain_X4Pa7G.sig domain_XOX1Im.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out domain_x8mmPH.sig domain_XByoiG.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out cert_0Z3Nd_.sig cert_xsCEDY.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out challenge_XnAHaq.sig challenge_xWCD8x.json
subh@MacBookAir:+tsencrypt/acme-nosudo $ openssl dgst -sha256 -sign user.key -out challenge_X9fvWv.sig challenge_XrRBQU.json
 

Output:

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
Reading pubkey file...
Found public key!
Reading csr file...
Found domains www.wpdelighter.com, wpdelighter.com
STEP 1: What is your contact email? (webmaster@wpdelighter.com) contactme@wpdelighter.com
Building request payloads...
Building request for www.wpdelighter.com...
Building request for wpdelighter.com...
Building request for CSR...
STEP 2: You need to sign some files (replace 'user.key' with your user private key).
 
openssl dgst -sha256 -sign user.key -out register_XRvAqb.sig register_xem67X.json
openssl dgst -sha256 -sign user.key -out domain_X4Pa7G.sig domain_XOX1Im.json
openssl dgst -sha256 -sign user.key -out domain_x8mmPH.sig domain_XByoiG.json
openssl dgst -sha256 -sign user.key -out cert_0Z3Nd_.sig cert_xsCEDY.json
 
Press Enter when you've run the above commands in a new terminal window...
 
Registering contactme@wpdelighter.com...
Already registered. Skipping...
Requesting challenges for www.wpdelighter.com...
Building challenge responses for www.wpdelighter.com...
Requesting challenges for wpdelighter.com...
Building challenge responses for wpdelighter.com...
STEP 3: You need to sign some more files (replace 'user.key' with your user private key).
 
openssl dgst -sha256 -sign user.key -out challenge_XnAHaq.sig challenge_xWCD8x.json
openssl dgst -sha256 -sign user.key -out challenge_X9fvWv.sig challenge_XrRBQU.json
 
Press Enter when you've run the above commands in a new terminal window...
 
STEP 4: Please update your server to serve the following file at this URL:
 
--------------
URL: http://www.wpdelighter.com/.well-known/acme-challenge/jpqJwX4jvz6FN6jxMZa_xahhbjjkQJge5vm8T38Nue0
File contents: "jpqJwX4jvz6FN6jxMZa_xahhbjjkQJge5vm8T38Nue0.bCVmH4Xofm_XJIExY2iSAN3QgjNqWON44kMAw0-7ank"
--------------
 
Notes:
- Do not include the quotes in the file.
- The file should be one line without any spaces.
 
Press Enter when you've got the file hosted on your server...
Requesting verification for www.wpdelighter.com...
Waiting for www.wpdelighter.com challenge to pass...
Passed www.wpdelighter.com challenge!
STEP 5: Please update your server to serve the following file at this URL:
 
--------------
URL: http://wpdelighter.com/.well-known/acme-challenge/XmOJAsT2qeyzKFECPojR00u9Uz7AmwvSo0Q3aMYxWik
File contents: "XmOJAsT2qeyzKFECPojR00u9Uz7AmwvSo0Q3aMYxWik.bCVmH4Xofm_XJIExY2iSAN3QgjNqWON44kMAw0-7ank"
--------------
 
Notes:
- Do not include the quotes in the file.
- The file should be one line without any spaces.
 
Press Enter when you've got the file hosted on your server...
 
Requesting verification for wpdelighter.com...
Waiting for wpdelighter.com challenge to pass...
Passed wpdelighter.com challenge!
Requesting signature...
Certificate signed!
You can remove the acme-challenge file from your webserver now.
 

Now, your certificate is signed and ready to be installed on your shared hosting server. Open the files “signed.crt” and “domain.key” with any text editor.

Step 5: Open the cPanel in the browser and install the certificate.

* Go to cPanel > Security > SSL/TLS and press on “Manage SSL Sites”.
* Select the domain you want to install the certificate. in my case it is “wpdelighter.com”
* In Certificate: (CRT) paste the content of the recently created “signed.crt”
* In Private Key: (KEY) paste the content of “domain.key”
* Press Autofill by Domain button, next to the domain selection drop-down.
* Press Install certificate.

If everything goes well, your let’s encrypt certificate is successfully installed on NameCheap shared hosting server.

How to fix 403 error resulting out of wrong installation of SSL certificate on Bitnami WordPress Stack For AWS Cloud

By Subharanjan in Uncategorized 0 Comment

The issue of “403 error” can result from various reasons. In my case, it was due to the wrong installation of Let’s Encrypt SSL Certificate on the EC2 instance on AWS. After the SSL certificate setup, once the Apache server was restarted the website was down and it started showing a 403 forbidden error.

The system log was showing the following errors: ( System Log can be accessed by following the below-mentioned step on AWS graphical interface )

PHP
1
2
3
4
5
6
7
8
9
10
11
12
 
bitnami[1171]: /opt/bitnami/mysql/scripts/ctl.sh : mysql  started at port 3306
bitnami[1171]: /opt/bitnami/php/scripts/ctl.sh : php-fpm started
bitnami[1171]: Syntax OK
bitnami[1171]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
bitnami[1171]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
bitnami[1171]: no listening sockets available, shutting down
bitnami[1171]: AH00015: Unable to open logs
bitnami[1171]: /opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started
bitnami[1171]: Starting gonit daemon
[ FAILED ] Failed to start LSB: bitnami init script. See 'systemctl status bitnami.service' for details.
 

I used the command below:

PHP
1
2
3
 
systemctl status bitnami.service
 

The output of the above command was:

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
bitnami.service - LSB: bitnami init script
   Loaded: loaded (/etc/init.d/bitnami; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2019-01-20 06:11:04 UTC; 5h 4min ago
  Process: 1171 ExecStart=/etc/init.d/bitnami start (code=exited, status=3)
    Tasks: 38
   Memory: 223.8M
      CPU: 19.277s
   CGroup: /system.slice/bitnami.service
           ├─1442 /bin/sh /opt/bitnami/mysql/bin/mysqld_safe --defaults-file=/opt/bitnami/mysql/my.cnf --mysqld=mysqld.bin --socket=/opt/bitnami/mysql/tmp/mysql.sock -
           ├─1791 /opt/bitnami/mysql/bin/mysqld.bin --defaults-file=/opt/bitnami/mysql/my.cnf --basedir=/opt/bitnami/mysql --datadir=/opt/bitnami/mysql/data --plugin-d
           ├─1866 php-fpm: master process (/opt/bitnami/php/etc/php-fpm.conf)                                                                                          
           ├─1867 php-fpm: pool wordpress                                                                                                                              
           └─1966 /usr/bin/gonit
 
bitnami[1171]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
bitnami[1171]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
bitnami[1171]: no listening sockets available, shutting down
bitnami[1171]: AH00015: Unable to open logs
bitnami[1171]: /opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started
bitnami[1171]: Starting gonit daemon
systemd[1]: bitnami.service: Control process exited, code=exited status=3
systemd[1]: Failed to start LSB: bitnami init script.
systemd[1]: bitnami.service: Unit entered failed state.
systemd[1]: bitnami.service: Failed with result 'exit-code'.
 

It was obvious that port 80 was being used by some other process. To find out which process was using it, I used the “netstat” command.

PHP
1
2
3
4
 
sudo netstat -ltnp
sudo netstat -ltnp | grep :port_number
 

It was nginx which was using the port 80. Since I was not using the nginx, I had to stop and restart the apache inside bitnami.

PHP
1
2
3
4
5
 
sudo pkill -f nginx
sudo pkill -f apache
sudo /opt/bitnami/ctlscript.sh start apache
 

Useful Resources:

Install Postgres database on Windows and allow password less access

By Subharanjan in Database, PHP, Software Tricks 1 Comment

Install Postgres Database on Windows and allow password less access for the database to be used in various applications.

  1. Install Postgres database on Windows machine by downloading the executable file from here: https://www.enterprisedb.com/downloads/postgres-postgresql-downloads
  2. pgAdmin tool can be downloaded and setup on Windows machine to view and manage the databases and tables by downloading the executable file from here: https://www.pgadmin.org/download/ Make sure to check the Postgres version and compatible version of the pgAdmin tool.
  3. phpPgAdmin can be downloaded and setup on Apache server to manage the databases from a web based enviornment. http://phppgadmin.sourceforge.net/doku.php?id=download

Now, for applications running on private & internal LAN setup, a password less access to the the postgres database is required. To allow login into the database without a password, a simple modification to the pg_hba.conf file is required.

  1. Edit postgre configuration file: C:\Program Files\PostgreSQL\9.2\data\pg_hba.conf
  2. Change all configuration access to:
    PHP
    1
    2
    3
    4
    5
    6
    7
    8
    9
     
    # TYPE  DATABASE USER ADDRESS     METHOD
     
    # IPv4 local connections:
    host    all       all     127.0.0.1/32   trust
     
    # IPv6 local connections:
    host    all       all     ::1/128       trust
     
  3. Restart the postgres server. Go to Control Panel > Administrative Tools > Services > Restart the Postgres service.

Just completed my WP 5k 2016 walk :)

By Subharanjan in Odisha, Social Life, WordPress 0 Comment

Feeling little tired but happy as I have just now completed my WP 5k 2016 walk#WWWP5K ) !! If you aren’t aware of the WP 5k 2016, it’s a 5-kilometer run/walk/hike/hop in between September 19th to September 25th. Wherever you are, whatever you are doing, if you are anyway involved with WordPress, just participate and blog about it.

Today morning I thought about taking part in the Worldwide WP 5k 2016 by walking the distance of 5 Km. Started off from my home and went to the Buddha Park and walked until I cover the WP 5k 2016 🙂 It’s really awesome to get up early and walk around that too for WordPress’s Worldwide WP 5k 2016.

I have been involved with WordPress for more than 5 years now, currently working as a WordPress developer at Axelerant. Love to unite with worldwide bloggers, runners, WP developers !!

Here is the map of my walk !!
subharanjan_wwwp5k

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Selfie afterward:

subharanjan_wwwp5k_after

How to fix 302 redirect issue when updating posts in WordPress? [Solved]

By Subharanjan in PHP, WordPress 2 Comments

Recently, while writing a blog post I found that I am not able to update/publish any post on my WordPress website dashboard rather it redirects me to the website front page when I click the “Update” button. Now, I was unsure what’s creating this trouble and how to fix this 302 redirect when updating posts in WordPress.

Debug:

To check what could be the issue, I tried the followings :

  • I checked for any javascript errors through chrome dev tool’s console, but no errors there.
  • I deactivated all the plugins
  • Even changed the theme to the default Twenty Sixteen

Root Cause:

Still, the issue was there. After debugging a little more I found the cause of this. It was the strict Mode_Security which was causing the trouble. Now the question is: “What is Mod_Security?”

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

Basically, this is an Apache module that is installed on most servers by default to help protect your website from various attacks. It is used to block commonly known exploits by use of regular expressions and rule sets. This sometimes blocks the POST requests being generated after a post is updated or published because of the complex HTML content having all the tags, embed code, shortcodes etc. which get caught by the ModSecurity’s rule set.

cPanel-Mod-Security-Subharanjan

Solution:

To fix this issue simply disable the module on your server. This can be achieved through the Modsec Manager plugin for cPanel if you are on a shared server. Read the following to know how to disable manually on VPS and Dedicated servers. http://www.inmotionhosting.com/support/website/modsecurity/what-is-modsecurity-and-why-is-it-important

I am sure there are a ton of other reasons for a 302 redirect issue but in my case, this was Mod_Security causing the problem and after disabling the module I am able to update and publish the posts. 🙂

List of useful tools for WordPress development

By Subharanjan in PHP, WordPress 0 Comment

When a developer starts WordPress development and tries to make the process easier and faster, generally he searches for best tools and various boiler plates which can alleviate the manual task of starting the development from scratch.

wpgearWordPress Gear (WPgear.org) is a website which lists out lots of useful tools those are free and GPL(OpenSource). The list includes tools and its related information for all aspects of WordPress development. Starting from WordPress base tools to Debug tools, PHP boiler plates, Meta fields frameworks, Theme development tools and lot more..

New and latest tools are being added constantly into this list as this is a community driven site. Whole of the code for this page resides in Github and anybody can add any free tool into the list. Just fork the project, add/edit your tool with a link, submit a pull request.

Visit WPGear.org to browse the complete list of tools. Happy WP Coding 🙂
1) http://wpgear.org/
2) https://github.com/wycks/WordPress-Gear

Timthumb not showing images and throws “Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. ” error. [Solved]

By Subharanjan in PHP, Software Tricks, WordPress 2 Comments

timthumbRecently I faced a situation where the timthumb script was unable to crop the images and was throwing error messages. There are themes those still use timthumb even though its a bad practice to use in themes when we have already functions available in core WordPress. Anyway I had to fix the issue as I was not state to replace the timthumb functionality with core WordPress functions.

Here is the error message:

PHP
1
2
3
4
5
6
7
 
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect.
File(/usr/local/apache/htdocs/wp-content/uploads/2014/02/nandankanan-national-park.jpg)
is not within the allowed path(s): (/home/:/usr/lib/php:/tmp)
in /home/a9582221/public_html/wp-content/themes/kingsize/timthumb.php
on line 862
 

This issue occurs in several hosts, mainly the free hosts available these days. So, the trick is to find where the $docRoot variable was set and set it to my public_html folder manually in my home directory. In my file it was on line number 825. I did the following…

PHP
1
2
3
4
 
// $docRoot = @$_SERVER['DOCUMENT_ROOT'];
$docRoot = '/home/a9582221/public_html';
 

Obviously the /a9582221/ would be your username.

Where to make this changes ??
Search for the file timthumb.php and make the above changes. Thats it. The issue got resolved now.