hi i just installed the latest debian 10, apche with ispconfig 3 using your tutorial everything works great, besides for woocommerce api. i have an SSL and my site works on https:// but woocommerce for some reason is not sending API request via https and instead is sending it via HTTP only. from many online forums from other it points to an issue on the server, but i have no glue where to start on the server. can anyone help? the error for my API i am getting is oocommerce_rest_cannot_view, Sorry, you cannot list resources, 401.
This definitely sounds like a woocommerce issue, not ISPConfig, it seems very unlikely that the server configuration outside of your website is causing woocommerce to connect to a different port/protocol. I would start by checking your General settings, and ensure you have https for the wordpress and the site address, then head over to woocommerce settings to check everything (I'm not familiar enough with it to know exactly where to look off the top of my head) and generate new api keys. Cut/paste of the error you posted into a google search finds quite a few results, which it sounds like you've checked. I'm curious which one(s) would indicate a server problem? (Not saying it couldn't happen, but certainly nothing comes to mind which would cause it.)
I know you say it's not working on https now, and you have a certificate, did the certificate exist before you installed/configured woocommerce? or was the certificate added after woocommerce was already working? as jesse says, you need to set the site url and home settings under 'general settings' in wordpress to use https now if you haven't already. there could already be lots of hardcoded http links in the content already, which are not necessarily updated like this. I would recommend enabling 'rewrite http to https' in the sites settings in ispconfig. and try installing the 'better search and replace' plugin in wordpress. once installed and activated, use that to try to replace all existing instances of http://<yourdomainname.tld> with https://yourdomainname.tld, along with http://www.<yourdomainname.tld> to https://www.<yourdomainname.tld> if the www subdomain is usable on that site, and also for any other subdomains that may be in use on the site. with this plugin, there are a set of options to check for what type of data it's allowed to change, allow it for everything EXCEPT guid's it may not resolve your issue, but it should rule out any embedded http:// links being the cause.
thank you for your reply, i will reach out to woocommerce support and see what they say. a few forums mentioned these items, can any of these be the cause or how can i fix these? Ask your host if if loopback is disabled. Ask your host if there a firewall or security modules (e.g. mod_security ) that could block the outgoing cURL requests.
Probably not, but depends on what is meant by "loopback" and on your configuration. There is a loopback network interface for the localhost address, and requests to your site should be possible there if your site is set to '*' ip address, not a specific ip. I would also consider a request by the site to its own public ip address to be a "loopback" connection, and that should also be allowed. Then there are "loopback" network connections that take place in a router if you are using NAT, where a connection from your server to the public ip address of your site may or may not get forwarded back to your server - that depends on the router in play, but could very likely fail. If you're not using NAT, then no worries there. mod_security is not installed or configured out of the box, you would have to have done that if it is, and would probably know that you did, because it's not trivial. there aren't other modules in the web server that would block the requests by default. There may be a port-based iptables firewall in use via System > Firewall; if so, you already have port 80 and 443 open (or your websites would not be accessible), and there are no restrictions for localhost/server connections (again, unless you manually did that from the command prompt - not likely). Curl requests are probably not blocked, unless you disabled the functions in your php.ini; that breaks so many things in wordpress, it's probable you have not. That might make it to a php error log to indicate it is happening, I'm not positive, but you could certainly check. More likely with curl is you'd have issues with the certificate names which didn't verify, but... All these blocking/failing connection issues seem to be mostly irrelevant to your original claim: You're certain the requests do come in via http? If so, they're not being blocked, it's just misconfigured to make a wrong request. Did you check/try the aforementioned things?
the SSL certificate was installed before the website was installed. i have setup rewrite to SSL in ispconfig for this site, the whole site uses SSL with no issues i installed the plug and ran it, 0 cells needed updating and still the same results
attached is a screenshot of the header, maybe you can figure it out better than i can. in system > firewall, there is nothing there, as i don't use this firewall as anything, its all on my pfsense firewall
That shows the request is https. The protocol spoken to the web server (eg. in the response) is always HTTP, whether the connection is encrypted (https) or not (http). You should generate new api keys and try them, not just because that is a common cause of your problem, but also because your screenshot has compromised your current credentials via the Authorization header.
i revoked those keys and created new ones, i will see what woocommerce has to say, i am still getting te same error 401 with new keys
hi its definitely a server issue, as i copied my site to bluehost sharedhosting as a test for $3 and it works perfectly fine on their server. does this give you any ideas what else it can be?
jesse says: well, I can confirm to do this you would have to add curl_exec and/or curl_multi_exec to the disable_functions line in your php.ini files, and if this was a problem, it would definitely be logged in /var/www/<domain.tld>/log/error.log
no i didnt add those to my php.ini file can it be something with permissions? i uploaded the files via ftp on root account, i then ran this in ssh to change permission chown -R -v -f web1 web
It's possible, if the plugin needs to read or write something which it cannot. I had scanned their page on requirements/setup and didn't notice any mention that being a cause of that error, but certainly wrong permissions cause problems. Make sure you set not just the owner but also the group.
not sure that would be enough to change them. depends on what the group settings are. i'd say cd to /var/www/<domainname.tld> or /var/www/clients/<clientid>/<webid> (should effectively be the same location, otherwise you've got bigger problems..... ) and run chown -R <webid>:<clientid> web obviously changing <webid> and <clientid> to the correct values. it may also be worth making sure that all the files have the correct permissions as well, so after the running the chown, cd web find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \; to set all directories to rwxr-x-r-x and all files to rw-r--r--
i did all this but still getting the error, anything else we can think of? i selected all options in ispconfig such as phyton, suexec, is that ok?
I assume the site is running on php-fpm, in which case suexec should be on anyway. enabling the other options, I can't see helping at all, but shouldn't make anything worse. I don't really have anything else. maybe turn on all the debugging options in wp-config.php, and then seeing if any more information is logged about the problem. or see if you can make one of these api calls yourself from the cli, maybe that'll display some info that the application is hiding from you.
how do i make one of these calls from cli? what code do i use? yes i am on php-fpm, debugging doesn't show anything in wordpress
if it's just a single call to a url, and the api credentials are part of the call, you may be able to just use curl or wget to send the request and see what it returns, otherwise, you'll probably have to write a bit of script to do it. if you've defined the options below in wp-config.php, then it should log errors to /wp-content/debug.log define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); define('WP_DEBUG_DISPLAY', false); (you probably don't want all visitors seeing errors, you can set this to true if it's a test/dev site)
i installed curl on my server, when it comes to the home page, i get a full response. but when it comes to my product page, i get the same 401 error, any ideas?
