Well the Bluehost site was a pain, but didn’t have this kind of instability. So now trying to figure out what is wrong. This took a long while, but tl;dr, look at your DNS configuration sometime. But here is the debugging and the main notes are to use curl -v
extensively to look at Apache2 rewrite, I ended up making my DNS confusing and pointing to a non-existent machine, so here’s the saga, but it is quite mysterious because having a bad IP address doesn’t give very good error messages, it just causes a “Pubish error” in WordPress and if you use a brower, it just hangs. So use curl
to figure out what is really being accessed. Ping doesn’t work because Apache2 has redirects that are the level above a ping.
Looking at it, the symptoms are, first check https://downforeveryoneorjustme.com/ to make sure it really is down
- The WordPress to Tongfamily.com publishing failed with publish failed. Not super good error diagnostics.
- I thought it was a clock error because I’m debugging a clock problem too there. But that doesn’t seem to be it.
- Went to DigitalOcean and saw that I could login as root.
- Tried to run a
curl tongfamily.com
and got a redirection message, a 301 saying it refers tohttps://richtong.org
, so I’m beginning to wonder if it is SSH certificate problems - Rebooted the server when it started to say connection refused on the SSH port.
- Just trying to get to https://richtong.org and get the ERR_TIMED_OUT message from Chrome. When I try to curl it, I get back a null response, so nothing is answering
- When I try to curl to the wordpress admin page, I get a 301 that cirect to thye SSL site.
It is now back up, so time to figure out, so here is what I have found:
- Seeing if the Apache server is up in the Droplet and run
service apache2 status
and I get that it is running - Now check the log files in
/var/log
First look at system.log, this looks fine, there is a bunch of blocking from UFW - But when looking at the firewall with
uff status
it seems OK and allows access to 80 and 443 ports from anywhere - Some else suggest looking a mysql status with
service mysql status
but this shows as running.
The last time this happened, it had to do with ssl certificates, so off to look at certbot and php redirects:
- There are two levels of access control. The highest is in WordPress itself in
/home/1264501.cloudwaysapps.com/eeaewzxvun/public_html/.htaccess
on the default WordPress Droplet installation. It had a bunch of DenyAccess from iThemes Security to wipe out specific IPs that were attacking the site. Then there is a section on rewrites in mod_rewrite.c. This requires that you understand Apache rewrite rules with a tutorial. But basically, a RewriteRule has a first regular expression like^index\.php$
which look for the stringindex.php
and nothing else and then the second argument is what to rewrite it to and then there are flags which the most important is[L]
which means don’t keep using rewrite rules, just stop here. You can have conditionals so that you can have a series of RewriteCond that says only run the following Rewrite Rules if they are met soRewriteCond ${REQUEST_FILENAME} !-f
means if the filename requested isn’t a real file then run the following rules. These all looked fine and were not the source of the redirects. - In
/etc/apache2
are the various Apache, here we hit a gold mine. First of all there is a set of configurations insites-enabled
that are symlinked tosite-available
as you want them. In one of them we have ‘000-tongfamily.confand at the bottom it says anything with tongfamily.com is rewritten to use HTTPS
then something created by lets encrypt call000-tongfamiliy-le-ssl.conf
and this has the link to the SSL Certificates and so forth.
So the bug appears to be in the SSL version of tongfamily.com:
- To see if this is the case, let’s create a new SSL-less configuration in
/etc/apache2/conf-available
where called000-tongfamily-nossl.conf
and comment out these lines, the disable the ssl version witha2dissite 000-tongfamily.conf
anda2ensite 000-tongfamily-nossl.conf
and then restart apache2 withsystemctl reload apache2
- At this point both https://richtong.org and https://richtong.org return null from a curl, so we have validated the problem is not in the configuration. Something is wrong in WordPress.
- So now run more diagnostics to see the headers
curl -v tongfamily.com
and we can see the 301 moved message then withcurl -v https://richtong.org
we finally see that it is redirecting towww.tongfamily.com
Suddenly I remember hacking away at the DigitalOcean DNS:
- We see that with
curl www.tongfamily.com
we get a hang and that a ping towww.tongfamily.com
leads to some random site. I think I have a misconfigured DNS! - The problem was that I had it pointing to a DigitalOcean Droplet that no longer existed. So the redirection from tongfamily.com to www.tongfamily.com was a bad idea with the DNS for tongfamily.com correct, but not for the www part.
- So fix all this and reenable the site and wait for it too propagate.