Simi's picture


I've just installed Turnkey Linux and I would like to ask you how I can use SSL for Wordpress. I'm getting defaulte Apache webpage instead wordpress website (without ssl wordpress is being loaded). 

I would also like to ask you about redirection from http to https. I need to always encrypt my website.



Jeremy Davis's picture

Hmmm, that's weird. I'll have to double check because that sounds like a bug. When you browse to your site via https, it should display the same as what you get via http, except with a self signed certificate (you'll get a browser warning). Please see the default WordPress appliance Apache config.

Regarding redirection, you have 2 options that come to mind. You can use redirection to explicitly set the server to redirect to https:/ Or you can use rewrite rules to redirect from http to https (regardless of what domain/IP address). Both of these will need to go within the "<VirtualHost *:80>" section of the site conf (i.e. /etc/apache2/sites-available/wordpress.conf).


Redirect permanent / https:/


RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]

Both will require a reload/restart of Apache, the rewrite will also require that the rewrite module is enabled. E.g. for the rewrite:

a2enmod rewrite # not required for redirect
service apache2 restart
Simi's picture

Hi Jeremy!

The config file is the same. I use a self-signed cert but I assume it's not causing an issue. 
I'm getting "Apache2 Debian Default Page".

Can I debug apache somehow?



Jeremy Davis's picture

If your wordpress apache config file matches the default, then Apache should be serving the same thing whether http or https!?

Perhaps another config file is adjusting things? Please give the output of this:

ls -l /etc/apache2/sites-enabled/

That will show all the sites/virtualhosts enabled. IIRC there should only be 2, wordpress.conf and adminer.conf. If you have any others, perhaps try disabling them? E.g.:

a2dissite some-other-site # to disable some-other-site.conf
service apache2 restart

Also if your site is publicly available, please feel free to post a url and I can check it from my end (just to double check).

Also FYI, the /etc directory is saved as a git repo (via etckeeper) so you can view changes that have been made to config files if you think it may have been something you've done accidentally or inadvertently.

Simi's picture

Problem solved! I had problem with my firewall, my apologize. Last question.
I'm trying to install Let's encrypt cert but the wrapper script stops at 34%.


ERROR: Challenge is invalid! (returned: invalid) 

Do I have to do something else?



Jeremy Davis's picture

I assume that you are referring to the Confconsole Let's Encrypt plugin?

If so, my assumption is that you've hit a known bug. FWIW I have fixed that (and made some improvements), but we haven't yet uploaded the new package. In the meantime, there is a workaround posted in this comment (starts with the sentence "The workaround is really simple!").

Sorry that we don't yet have an updated package, but it'll be up really soon hopefully (within the next week or 2).

Simi's picture

Thank you so much Jeremy! You've solved all my problems.

I wish you all the best!



Jeremy Davis's picture

Fantastic! :)

Please do not hesitate to post back if you have further questions, feedback or recommended improvements we might be able to make in he future. Probably best to start a new thread though if it's not directly related to this one.

Good luck with it all moving forward, and hopefully chat with you another day! :)

Very Siberian's picture

Hey, thanks for the instructions! This is probably a silly question, but is there any reason to prefer one approach over the other (redirection vs. rewrite)? Also, is there any reason not to enable both approaches if the goal is simply to ensure that all resources are served over https?

Best regards,


Jeremy Davis's picture

No it's not a silly question. There is overlap in use case (mainly because Rewrite is much more flexible), but they fundamentally do different things (with the implication that , yes you can use them together, but be careful you don't accidentally create an infinite loops).

The Redirect directive comes from mod_alias. It's a fairly simple operation that essentially just tells the client to request an alternate URL.

Rewrite refers to the "Rewrite module" aka mod_rewrite. It provides directives like RewriteEngine, RewriteCond and RewriteRule. It supports regex and is incredibly flexible. It can be used to silently redirect traffic internally (i.e. without changing the address in the browser address bar) but it can also support redirection as well (i.e. so the address in the browser address bar will also be updated). Because of it's flexibility (and resulting complexity) there is an additional Apache doc page which covers a number of pragmatic examples.

Redirect is generally preferable where possible, due to it's simplicity (and resulting lower server load and faster processing time). Where more flexibility is required, use rewrite. Unless your site is serving a ton of traffic and/or has lots of rewrite, it's likely that you won't notice any significant performance difference either way. Although it is worth noting that the load will scale with the amount of rewrites and the volume of traffic (i.e. "additional server load" = "number of configured rewrites being processed" x "volume of traffic"). So there is certainly going to be a point where minimizing rewrites will make a noticeable difference.

It's perhaps also worth noting that using permanent rewrites (i.e. 301 or 308 - both are permanent redirects; 301 being older and more generic; 308 being newer and more strict) will mitigate the load for repeat visitors (for both Redirect and Rewrite). That is because the browser will cache a permanent redirect, thus relieving the server of any associated processing load for future visits.

Add new comment