0

Here's the story so far:

  1. Wordpress website is on SSL using Really Simple SSL and Cloudflare SSL
  2. I decided to move to DigitalOcean (from Hostgator) and don't want to change the domain name servers until the migration is complete and 100% working
  3. I set up a non-SSL droplet on DigitalOcean with virtual hosts (due to multiple domains on single VPS)
  4. I'm editing my local hosts file to access and view the new Wordpress setup
  5. I cannot set up SSL on the droplet as you need a domain for this and my domain is still pointed at my live website
  6. I migrated the database across using Updraft and couldn't access the admin area due to SSL redirect and failure to connect
  7. I handled this by editing the WP_HOME and WP_SITEURL values in the WP-Config file and logged into Wordpress successfully
  8. I migrated the plugins (via Updraft), others (via Updraft) and uploads (SFTP)
  9. When I tried to access the site I had an SSL issue and couldn't get in
  10. I deactivated the plugin Really Simple SSL manually (as per their instructions) but it didn't solve the issue
  11. I deleted the MYSQL database and recreated it, reinstalled Wordpress and logged in then restored the database again with Really Simple SSL uninstalled
  12. I am now able to access the backend of the website in non-SSL but the front-end is still redirecting to SSL and failing (bizarre)

That's the journey.

Here's the other pieces of the puzzle:

  • My wp-config still has the http version of the WP_HOME and WP_SITEURL
  • There is no redirect in my htaccess file
  • No plugins are activated
  • My virtual hosts file has no reference to SSL
  • I've tried multiple browsers in incognito/private mode
  • I've flushed my computer DNS

Still, the backend is accessible via non-SSL but the front end redirects to SSL and fails.

I've reached the limit of my powers.

What have I missed?

Please help me solve the mystery.

Cheers!

Update:

Here's the virtualhost file for this domain (with 'domain.com' in place of my domain):

<VirtualHost *:80>
    #ServerAdmin webmaster@localhost
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /var/www/domain.com

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /var/www/domain.com>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Oli
  • 113
  • 1
  • 1
  • 6
  • Clean browser cache and try visiting again. – Orphans Oct 13 '18 at 10:50
  • Thanks @Orphans. I just tried this in both Chrome and Firefox and am still receiving exactly the same behaviour, no change. – Oli Oct 13 '18 at 11:28
  • What does your configuration looks like? – Orphans Oct 13 '18 at 11:30
  • Which part @Orhpans? It's LAMP and I've tried to give as much detail above as possible but I'm happy to provide more. – Oli Oct 13 '18 at 11:32
  • The Apache virtualhost file. Also, I suspect that you had HSTS enabled on cloudflare? In chrome - type "chrome://net-internals/#hsts" and remove your site there – Orphans Oct 13 '18 at 11:33
  • I just queried the HSTS and my domain is not in there. Here's the contents of my Apache virtualhost file: – Oli Oct 13 '18 at 11:46
  • Added virtualhosts code to original post. Thanks @Orphans – Oli Oct 13 '18 at 11:47
  • Have you changed site-url and site-home in the database? – Orphans Oct 13 '18 at 17:19
  • Solved. Here's what I did. I tested renaming the wp-content folder to see if the redirect was coming from something in there and sure enough it was. Following the same method of renaming folders to isolate the file I found an SSL redirect php script in the mu-plugins folder. This must have been put in by my hosts some time in the past. I've renamed this to .txt and problem solved. Thanks for your suggestions @Orphans you certainly helped to narrow down possibilities. – Oli Oct 14 '18 at 00:16

1 Answers1

1

There was a php script in my mu-plugins folder which was forcing SSL. I identified this by a process of renaming folders and testing until I isolated the folder with the script and then deactivated the script.

This SSL script must have been added by a developer in the past without my knowledge.

Hope this experience helps others in the future.

Oli
  • 113
  • 1
  • 1
  • 6