“WordPress’s implementation of SSL is kind of a botch” but I managed to get it working

TL;DR: The site is now SSL, but it was a real pain in the donkey to get there.

Long version: As of about an hour ago, Rant Roulette is now accessible via SSL. You may have noticed today that the URL now starts with https instead of http. This is for many reasons, but the main one is so that Google won’t start down-ranking search results starting in January. Even if I were to say “to hell with Google” (which, for the reason I’m about to explain, I came damned close to doing) it’s likely that most other search engines out there will eventually follow suit.

I have often made the joke that I know two languages: clean English, and profanity in English. (Technically, I know a small amount of Spanish as well, including some profanity, but I don’t normally mention this.)

So here’s a summary of what I went through to get here:

December 1, around 19:00 or so: I start looking into Certbot on the EFF site. The main obstacle before is that Certbot really wants to run on the web server, and it also wants root. This makes getting SSL on shared hosting mostly a non-starter, until I find out there’s a way to run it on my own machines and upload the certificates manually. I do this and find out my host (nearlyfreespeech.net) now has a way to just upload all the certificates into a web form. (Turns out there was an even easier CLI tool for doing this which I didn’t find out about until later.) I do this, and realize even though technically the site still comes up, I’m getting no stylesheet and no images. Changing the Project Wonderful ad banners over to https doesn’t help (but it needed to be done anyway).

The next couple hours, off and on: I start by changing the URLs in WordPress to https instead of http. I’m greeted by a redirect loop. Even worse, it’s a redirect loop that affects the entire site, including the WordPress dashboard. So I have to manually go in and edit the URLs back to http using phpMyAdmin. I utter some profanity and chug the half glass of Coca-Cola I had poured a few minutes prior, then go edit the database. Site is at least back up but still half-broken. I ask in two different IRC channels, one of them being #wordpress on Freenode. Nobody has any useful advice.

(Somewhere in here I also fix the botched upgrading of the Project Wonderful ad box code, but that’s kind of a minor thing compared to the whole site being down.)

Later: I try disabling NFSN’s “canonical SSL” redirect, as well as the canonical name redirect,┬áin an attempt to break the redirect loops. No joy. I have to manually edit the database several more times, but I don’t utter nearly as much profanity upon doing so because I’m getting fast at it. The profanity is reserved strictly for my frustrations, and for the moment I run out of Coke.

Early morning hours of December 2, from midnight up until about 02:00 or so: I try putting in a redirect in .htaccess, which still brings up the redirect loop. Finally, I stumble upon this gem in the NFSN forums, posted by someone using the forum name ‘lovekylie’:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        $_SERVER['HTTPS']='on';

Adding this right above the “That’s all, stop editing!” comment in wp-config.php fixes everything. I’m able to change the URLs to start with https like they should be, and most everything appears to work. I am still getting the little yellow triangle with the padlock, but that’s because some images in posts are not https links.

I’ve already added that code snippet to my other WordPress blog at skqrecordquest.com even though I have not upgraded it to SSL yet (it does nothing if it’s not forwarding an SSL request, and arguably should be part of the WordPress internals).

Anyway, the title quote comes from later in the post from ‘lovekylie’ which I, unfortunately, kind of agree with after going through all that. Going forward, of course I hope that it’s no longer true. At the time I write this, 4.6.1 is current with 4.7 in “release candidate” status, meaning it’s going to be an actual release Sometime Really Soon. For all I know, that fix is already in there, but after all the downtime this week (there was a few hours of downtime a couple of days ago due to another blunder I made) I’m a bit leery of installing a version of WordPress that’s not an actual release (as opposed to beta or release candidate).

Meta: theme switch again, other tweaks in progress

I have switched themes again to ahren.org’s Ahimsa, as it is becoming obvious that while Inanis Glass is a nice looking theme, it’s a bit too bandwidth intensive right now, and is also not as customizable as I would like.

I’m also adding some more tweaks. Anyone hitting the site a few nights ago would have caught me in the middle of an experiment with the TTFTitles plugin. This experiment while using the Inanis Glass theme was, at best, an educational failure; the Inanis Glass theme is a bit too rigid on the title being the same size text as normal text.

I will also be adding some more general pages and background information about myself. It just occurred to me the other night that many of my readers probably do not know a whole lot about me, and I would like to try to fix that.

Finally, I’ve been making some behind the scenes changes on how I write blog articles that will mean there are a few more of them. Before, I relied almost exclusively on the WordPress built-in post/page editor. I have looked at various blog clients, most notably BloGTK and QTM. The latter was appealing as it was available for almost any OS I had a desire to edit my blog from, whether out of choice or necessity (right now, sometimes Windows is the only viable option; I do see this as a serious problem whenever it comes up and do plan to make it go away for good). Unfortunately both of these clients are not without faults.

BloGTK lets me access drafts I have saved online, but it is hard to weed out the drafts from posts I have already submitted. I still have not found a way to access the WordPress “schedule” feature, which lets me publish a post and delay the time it actually becomes available online. It also appears to be for Unix or Unix-like systems only, though I know the GTK+ libraries are available for Windows, nobody has actually made a port.

QTM does not let me edit drafts I have saved online, as far as I can tell. Nor can I edit previous posts. I can edit drafts I have edited in QTM just fine, but I can’t use Press This to save the URL to an article and then pull that into QTM. This is a major deal-breaker for what is otherwise a decent blogging client.

Both of these clients do not allow an external editor to be used, and possess rather clumsy internal editors. That led me towards a solution based on the editor I would be using: Vim. I found a script called Blogit written by Romain Bignon which appears to meet most of my needs. It also has one annoying problem I will get to later, but it isn’t a deal-breaker yet and should be easily fixable anyway.

My attempts to find a decent HTML macros package for Vim came up more or less fruitless. I decided I could get most of what I want by writing in Markdown and then running all but Blogit’s headers through the Markdown filter. (Blogit adds RFC-2822-like headers, similar to what you would find at the top of an email message, to support the post title, which it refers to as a “subject.”)

Anyway, the one beef with Blogit is that it appears to only easily allow one blog account, hard-coded into the script (one replaces the sample URL, username, and password before using the script). I suspect it would not be too hard to replace these on the fly, and/or feed the script different values for the other blogs I plan on maintaining in the future.

Yes, that’s other blogs, plural. I will announce further details as they materialize, but my die-hard fans can rest assured this blog isn’t going anywhere.

Meta: Upgrade to 2.8, new theme

I usually do not post about changes like this; maybe I should make a habit of doing so. I just upgraded to WordPress 2.8 and switched themes to Inanis Glass.

The reason for the theme switch is that the previous theme completely blew up after the upgrade to 2.8. In particular the recent comments widget was mostly unreadable, and the calendar layout went completely kaplooey to the point of being unusable.

I’m not sure I’ll keep this theme, but I figure most of the serious readers are probably using some form of RSS for the reading and only coming to the site for the occasional comment or three. If enough people hate it, I can switch to something else yet again.