Title: WordPress redirects to http, though settings for https Last modified: March 13, 2021 --- # WordPress redirects to http, though settings for https * [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/) * Hi Sorry for the lengthy explanation… * I have built (my first) WordPress blog site to my wife and has run into big problem. I started to set it up using [http://site.net](http://site.net) and after a while got it up and even got the https working. The server is in our own home network so from inside I though it would be great to address it with say [http://home.site.net](http://home.site.net) and my wife started to add contents. * But then she found out that WordPress has made all the links also in the form of full URL using that in-house only host name (instead of relative addresses which would have worked just fine…). So I decided, let’s forget the home.site. net and just make a hosts setting to address the site from different IP (as the public doesn’t work in our network). But for a reason I can’t figure, the https doesn’t work anymore at all. * I even made another fresh install aside with a plain vanilla installation but the same problem haunts even there. I have restarted nginx ha php-fpm. Heck I even booted the Linux server, which never helps (nor did this time) but I am desperate! * If I try to curl -v [https://www.site.net](https://www.site.net) it starts OK, but then spits out: X-Redirect-By: WordPress and then Location: [http://www.site.net](http://www.site.net). With curl that cannot be a browser cache error and I cannot find any reference in the config files nor in the wp_options table, there both siteurl as well as home are pointing to https. What can be the problem here? Is there any “internal” cache of WordPress that could be “emptied” like in Drupal? * I couldn’t give the link to the page as – well the page just doesn’t show up. * I have been making websites and apps for tens of years (Drupal, Sharepoint and mostly self-programmed from the scratch) so I should be able to figure this out but just cannot. Any ideas? Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/page/2/?output_format=md) [→](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/page/2/?output_format=md) * [abletec](https://wordpress.org/support/users/abletec/) * (@abletec) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14177331) * Hi, hndev, & welcome. Firstly, unfortunately, you can’t do https from an IP. An SSL certificate is all about a domain name & verifying its owner, etc, prior to issuance of the certificate. You likely know that, but just a reminder. * If you actually want to host your server on a home network, then, unless you have a static IP for that, you’ll need to use some form of dynamic DNS. For many reasons, including security, band width usage if the site gains traction, (you could exceed your acceptable use policy), & the DNS problem just mentioned, hosting a site on a home network just really isn’t a good idea in most cases. * Your only (cheap) option, since the site is not reachable via public network, is a self-signed ssl certificate, which is pretty useless, since browsers flag it. * I think your best bet, until you decide to make the site available on a public network, is simply to instal WordPress using http: & perhaps a hosts file, if required. * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14177576) * Thank you abletec for the answer, but… * Actually I rounded a few corners… I have another server (proxy nginx) that handles the certificates and forwards the calls to virtual “inner servers” by http on a couple of computers at home. I also have a public fixed IP and I have half a dozen other websites with working https without any problems. I have Let’s Encrypt https working for each of them (I also got it working for this site before we found out the added wrong URL). * My work consists similar things and I think I have taken in consideration most of the risks included with self-hosting. The sites themselves are quite low-bandwith( mainly for my hobbies). * I also utilize hosts file. Normally (say a Drupal installation) is enough, if I point the IP in hosts file to the proxy nginx on the local network and everything just works. * But with this WordPress site somehow redirects https to http and that causes an infinite redirection loop as the proxy tries to redirect http to https (as it should). * [ivanmihalev](https://wordpress.org/support/users/ivanmihalev/) * (@ivanmihalev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14177580) * Tray to look at the content of .htaccess file. It sits at the root folder of your site or/and the root of your WP installation (the last is just in case if you install WP as subfolder of your web site like //). As you may know, in this file are stored some setting and the most important, some rewriting rules. So, it is possible a rule to exist, that rewrites http:// to https:// or vice versa. It is possible too, if this file for some reason is not writable to WP, to be impossible for WP to write inside the right settings and rules. Just to remind, you may have more than one .htaccess file in your web site (even every folder may have such a file), so you have to find the right one – in the web root or in the WP root (the last is most probable suspect). This way to resolve your problem is of the kind “the last thing to do”, so be careful if you decide to edit rules by hand. The usual way is by using the regular WP tools/menus. * Good luck in hunting your bug 🙂 * [abletec](https://wordpress.org/support/users/abletec/) * (@abletec) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14177623) * ivanmihalev, hndev is using Nginx, so in this case there won’t be a .htaccess file. * Hndev, can we please see your nginx.conf files as well as any vhost config files? Yeah–you didn’t quite tell us all that initially :). * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14177651) * Yes, .htacccess doesn’t mean anything to nginx 🙂 * The nginx.conf is just plain centos default .conf which has nothing special, so I am omitting it. But here is the virtual host conf for the wordpress site: * ``` server { server_name www.site.net; root /var/www/www.site.net; index index.php; client_max_body_size 32M; listen 80; access_log /var/log/nginx/site.net.access.log; error_log /var/log/nginx/site.net.error.log; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } ``` * And here is the respective conf file from the proxy nginx: * ``` # # A virtual host using mix of IP-, name-, and port-based configuration # server { server_name site.net www.site.net; client_max_body_size 16M; location / { proxy_set_header Host www.site.net; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://site; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/www.site.net/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/www.site.net/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = site.net) { return 301 https://www.site.net$request_uri; } # managed by Certbot if ($host = www.site.net) { return 301 https://www.site.net$request_uri; } # managed by Certbot listen 80; server_name site.net www.site.net; return 404; # managed by Certbot } ``` * Hope you find the error, my eyes are already skewed after fighting with this… 😉 * [ivanmihalev](https://wordpress.org/support/users/ivanmihalev/) * (@ivanmihalev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14177688) * Sorry, I just did not took in account that nginx is used. * [abletec](https://wordpress.org/support/users/abletec/) * (@abletec) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14177923) * Hey, ivanmihalev, don’t even worry about it. We need all the help we can get on here. If we all quit because of a small mistake, this place would be a ghost town. Thank you for your contributions & please please please continue. I know I speak for all the volunteers here when I say that. We all appreciate you! In addition, I’m not sure where you’re from, but those forums where people post in other languages also *really* need help badly, if your native language is other than English. We need you here in whatever capacity you feel comfortable! * hndev, I’m honestly a little confused as to how this is all playing out. I’m questioning the last 3 lines of the proxy file, but, again, since I’m not really certain how all your pieces fit together, I could well change my mind about that if I understood better. 1 thing I do when I have what appears to be a redirect problem is to run a trace command (tracert in windows) & redirect the output to a file. That way I can kind of get a picture of what is taking place w/the request on its travels. It’s helped me sort out more than 1 sticky wicket. * How is your dns routed w/this setup? * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14178408) * The proxy conf is modified by certbot (the program responsible for managing Let’s Encrypt certificate). * Basically it first redirects supported http (hence listen 80) requests to https and if not redirected gives 404. I think it could as well be just * ``` listen 80; server_name site.net www.site.net; return 301 https://www.site.net$request_uri; ``` * but for some reason certbot makes it the way it does and I prefer not to interfere with its logic as it should renew the certificate automatically. * DNS routes to the external IP (which is routed in firewall to proxy nginx). Internally the hosts file points to the internal address of that proxy. As said, there are multiple other sites working just fine with that setup. * I tried to be too smart (apparently) adding an internal address DNS entry for a different host header so that even phones connected to the WLAN could view the page on [http://home.site.net](http://home.site.net) and made a unfortunate decision to suggest my wife to use that also for editing (hence no hosts file wouldn’t have been needed for her computer) and everything worked until I started to “mitigate” the problem where the images and stylesheets were prefixed with that [http://home.site.net](http://home.site.net) which wouldn’t work for anyone else given the internal un-routable address (192.168.*.*). * DNS tracing to the host works without any loops, checked bot inside (of course it’s direct because of the hosts file) and outside (just similar to the other sites I have) * If the links would have been relative, none of this would have happened… :/ * I dropped the htaccess tag, as it doesn’t fit here… * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14178495) * To add to my former post… * I made another “Hello world”-type of “site” on the very same directory and changed only root-setting in -conf to point to this new directory – and everything works( both internally and externally) with https so in my logic the problem has to be in something WordPress does (or doesn’t). * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14178520) * Don’t understand anything anymore. * Now, when I reset the conf file to point back to the correct directory the site started to work with https mostly OK. I hundred per cent surely had restarted the nginx (many times) also before this, just don’t get it. * The big problem still remaining now is, that when I try to go to the /wp-admin, it still redirects to [http://www.site.net/wp-admin](http://www.site.net/wp-admin) which still causes infinite loop. All the other pages work fine. * But, it was a major step forward anyhow (though can’t understand how it happened) * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14179089) * Okay, now things are starting to look _really_ strange. * After whacking my head to the wall long enough, I finally decided to build another virtual server and install WordPress there. * I got it more or less working, but all the styles STILL refer to http protocol, though the database is directly after a new installation, nothing copied from the former server. * I redirected the proxy to this new server and https got up and working right from the beginning (only that the language selection screen already had the wrong protocol in style references). * I am very close to start arguing with my wife to use something else as this seems mission impossible to get working. * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14179560) * No, I just can’t give up. * I made some progress so far… * Adding $_SERVER[‘HTTPS’] = ‘on’; to wp_config.php finally solved wrong themes& css, now those are prefixed with https. The scripts (like jQuery etc **still** keep that &/¤%&¤¤ http:// in front of them. * I actually basically even got myself sort of logged in with admin login, except that there comes 403 error (you don’t have enough privileges (or something like that, unfortunately my wife prefers Finnish translation)). The login requires the correct password or gives an error but after that it goes /wp-admin and gives that error message. * Seems that we are very close, but still not even close… * [abletec](https://wordpress.org/support/users/abletec/) * (@abletec) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14179643) * hndev, could you perhaps try doing a database search-&-replace w/something like interconnectit & change any instances of [http://site.net](http://site.net) to [https://site.net](https://site.net) & the same for [http://www.site.net](http://www.site.net). It has both a GUI & CLI interface in the event the gui doesn’t work for some reason. * I have not yet had coffee. This suggestion should likely not be trusted. But if you decide to do so, then obviously please, back up your database before doing anything. O, yeah, & did I mention it’s imperative to backup your database? * Also, delete this tool when finished. It poses an incredible security risk. * I have a good friend from Finland. Cool you’re from there. Next stop–caffeine! * Thread Starter [hndev](https://wordpress.org/support/users/hndev/) * (@hndev) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14179907) * I run the replace and there were some changes done (and yes, did I mention, I made the backup!). * Anyhow, even after that the javascript files are still in the format [http://www.site.net/…](http://www.site.net/…); * And administrator seems not have any rights on any wp-admin pages, though admin IS logged in and can log out… Frustrating… * And yes, I did remove the replacement script from the server after the updates - This reply was modified 5 years, 2 months ago by [hndev](https://wordpress.org/support/users/hndev/). * [abletec](https://wordpress.org/support/users/abletec/) * (@abletec) * [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/#post-14179966) * Who owns your WordPress files, hndev? Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/page/2/?output_format=md) [→](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/page/2/?output_format=md) The topic ‘WordPress redirects to http, though settings for https’ is closed to new replies. ## Tags * [HTTP](https://wordpress.org/support/topic-tag/http/) * [HTTPS](https://wordpress.org/support/topic-tag/https/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 22 replies * 3 participants * Last reply from: [hndev](https://wordpress.org/support/users/hndev/) * Last activity: [5 years, 2 months ago](https://wordpress.org/support/topic/wordpress-redirects-to-http-though-settings-for-https/page/2/#post-14181423) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics