WordPress http to https switch using Cloudflare SSL

If you have a WordPress site behind Cloudflare free account and you want to make your site or part of it accessible over HTTPS you can use free Cloudflare Universal SSL certificate.

Enable SSL on Cloudflare

To enable your site being served over HTTPS from Cloudflare, login to your Cloudflare account, select domain you want to enable SSL on and click on the Crypto page with lock icon, to manage cryptography settings for your website.

Cloudflare Crypto

On the Crypto page first setting on top will be SSL, where you can switch SSL from Off to one of the three other options available.

There are three options you can use to enable SSL:

  • Flexible: Cloudflare will serve site to end users on https, but will communicate with your site over http, in this case you don’t have to install SSL on your site’s server or make any changes on your site, if you are using relative links, where http is not hardcoded in any links.
  • Full: Cloudflare will serve end users over https, communicate with your site over https, but will not verify the authenticity of the SSL. In this case you need to install SSL on your site and have your site’s server listen for connections on port 443, but you can use self-signed certificate as it’s authenticity is not verified.
  • Full (strict): Cloudflare will server end users over https, communicate with your site over https and will verify the validity of your SSL. As with Full option above you will need to set port 443 for listener and install SSL, but in this case you will need to install a valid SSL containing your site hostname and signed by certificate authority. You do not need to buy SSL for this to work, you can configure Let’s Encrypt SSL or use Origin CA certificates, generated by Cloudflare.

It would be recommended to use Full (strict option) for SSL as it maximizes security of your site data.

You can see all options explained with more details in this Cloudflare support article.

Create Edge and Origin certificates

If you don’t already have SSL with your site hostname listed under Edge Certificates, click on Order SSL certificate button and select Universal SSL (Shared) option. This will be SSL certificate server to visitors of your site by Cloudflare.

Edge Certificates

To get SSL certificate that will be used for communication between Cloudflare and your site, go to Origin Certificates section of page and click on Create Certificate button. You do not need to create Origin Certificate if you used Flexible option when you enabled SSL or if you already have some other SSL on your web server.

Origin Certificates

Once you click on Create Certificate you will be presented with Origin Certificate Installation window where in most cases you can just leave default options, after which you will be presented with Certificate and Private key which you need to install on your web server.

Change your WordPress to https URLs

If you have used Full of Full (strict) option when enabling SSL you need to edit your WordPress settings in Settings » General” and change your WordPress Address (URL) and Site Address (URL) fields to https URL instead of http URL.

You do not need to make this change if you are using Flexible option when enabling SSL on Cloudflare.

If you want to have your whole site being served over HTTPs and not just some subsets of it, like wp-admin or a store page, enable Always use HTTPS option on Crypto page of your Cloudflare account.

Always use HTTPS

If you don’t want to have whole site over https, but only some parts of URL, like example.com/wp-admin, example.com/wp-login.php or example.com/section leave this option Off, and setup redirection to https for those pages either on your web server or in Page Rules page on your Cloudflare account.

To avoid getting mixed content warning in browser when your page is visited over https enable Automatic HTTPS Rewrites option, which will try to rewrite your content from http to https if a link or a reference to a http URL is available over https.

Automatic HTTPS rewrites

Change to https in webmaster tools

If you are using webmaster tools in Bing, Google or Yandex here is how to notify those search engines about your change to https:

Google
Google doesn’t at this time support http to https change in their Change of Address option, so you will need to add a new property with https URL, and data from http property will eventually change to your new https property.

Bing
Go to Diagnostics & Tools » Site Move” and select  I am moving URLs from one place to another within the current site” and then input your old URL in Source field and new https URL in Destination field.

Yandex
Add new site address with URL using https and then on the old site with http go to “Indexing » Relocate site” and tick “Add HTTPS” box.

Reset SSH, and find SSH port on cPanel/WHM server

If you lock yourself out of SSH access to your cPanel server or if you do not know on which port your SSH server is running there are several ways you can gain back SSH access to your server.

Flush iptables

If your  IP got locked out in iptables you can use one of cPanel autofixer scripts to flush all iptables chains so your IP can reach SSH on your server again.

Script can be called by adding “scripts2/doautofixer?autofix=iptablesflush” to the end of the WHM url in your browser, and should look something like this:

https://server.domain.tld:2087/cpsess1290981925/scripts2/doautofixer?autofix=iptablesflush

flushing iptables

Reset SSH

If you SSH server is not accessible because of a broken configuration or anything else and is not restarting properly through Home »Restart Services »SSH Server (OpenSSH) in WHM you can try starting safesshrestart script which will kill any running instance of sshd and start a new process on port 22, or if that port is taken on first available port after that, like port 23.

Script can be started by adding “scripts2/doautofixer?autofix=safesshrestart” to the end of your WHM url and should look something like this:

https://server.domain.tld:2087/cpsess1290981925/scripts2/doautofixer?autofix=safesshrestart

Pay attention to the output in WHM when script runs, it will say on which port was SSH started.

safesshrestart

Find out your SSH port

If you are not sure on which port is your SSH server running you can find that out on two ways.

You can use the Restart Services part of WHM and restart SSH by going to Home »Restart Services »SSH Server (OpenSSH) in WHM and watching the output in WHM after you restart SSH, it will say on which port is SSH listening.

Other option is to use an API call to show the port.
You can do that by adding “xml-api/cpanel?user=cpanel&cpanel_xmlapi_apiversion=1&cpanel_xmlapi_module=SSH&cpanel_xmlapi_func=getport” to the end of your WHM url which should look something like this:

https://server.domain.tld:2087/cpsess1290981925/xml-api/cpanel?user=cpanel&cpanel_xmlapi_apiversion=1&cpanel_xmlapi_module=SSH&cpanel_xmlapi_func=getport

You can find out more about WHM autofixers on following link:

https://documentation.cpanel.net/display/ALD/WHM+FAQ#WHMFAQ-WhatistheWHMAutofixer?

Full list of all autofixers can be found here:

http://httpupdate.cpanel.net/autofixer/

Ubuntu shows “No Bootable Device” after installation in UEFI mode

When doing a fresh install of Ubuntu 16.04, or any other version of Ubuntu or Linux, after the install you might get your laptop or desktop machine not booting the installed OS, but instead returning “No Bootable Device” message, if laptop is set to UEFI mode.

You might be presented with this image after rebooting your laptop, after a successful OS install.

No Bootable Device message
No Bootable Device message

To resolve this issue reboot your laptop and enter BIOS.

There go to “Select and UEFI file as trusted for executing:” and press Enter key.

BIOS Select UEFI file

Once there choose HDD1.

BIOS select Hard Drive

Then choose <EFI>.

BIOS select EFI

Then you should be able to see <ubuntu> or possibly some other name of your Linux installation.

BIOS select Ubuntu

Then choose shimx64.efi

BIOS select shimx64

And then choose Yes when asked if you want to add this file to allowable database.

BIOS add file to database

Reboot your laptop and you should now be able to boot your OS normally.

VirtualBox returns “Kernel driver not installed” on Ubuntu

When trying to run VirtualBox on Ubuntu 16.04, or some other version of Linux, you might get a following type an error message, when trying to start a virtual machine, you just created on a fresh installation of VirtualBox.

VirtualBox might return error saying that it failed to open a session for  the virtual machine.

Details of error message will say that virtual machine has terminated unexpectedly during startup with exit code 1 (0x1).

VirtualBox failed session message
VirtualBox failed session message

You will also get a “Kernel driver not installed (rc=-1908” message.

VirtualBox Kernel driver error
VirtualBox Kernel driver error

Error will say “The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv.”

Error message will ask you to try to reinstall the kernel module by executing /sbin/vboxconfig as root, to reinstall the module, which could fail to complete successfully when you try to run the command in terminal.

One of the possible causes of this type of behavior is that you have Secure Boot enabled in your BIOS on the host machine, which is preventing the install of third-party drivers, and causing issues with VirtualBox installation, which fails to install all kernel modules.

To resolve this error, disable Secure Boot in your BIOS, and then try to run /sbin/vboxconfig command as root, or reinstall VirtualBox, with Secure Boot disabled, to install all the necessary modules.

How to reset FreeBSD root password

Here are the steps to reset root password on FreeBSD 11.

Boot the system, and wait till you get to the Welcome to FreeBSD boot menu.

Once you are there, press 2 to boot the system to single user mode.

FreeBSD 11 boot menu

Wait till the server shows a following message: “When prompted Enter full path name of shell or RETURN for /bin/sh:”, and then press Enter key to complete the boot process to single user mode.

You will now be presented with console input.

In the console type following commands:

mount -u /
mount -a

Now you can use passwd command to change root user password, by typing in the new password when asked, and they retyping it on second prompt.

FreeBSD 11 single user mode

Once you have set a new password, reboot the server, and log in with the new password.