‼️ If your WebFaction account is now closed then the automatic migration procedures below are not going to work for you. You'll need to add your certificates manually via your Opalstack dashboard.

When you migrate a site from WebFaction to Opalstack your SSL certificates are not migrated with it.

Opalstack can't issue a new certificate for you until your domains are pointed at us, so you'll need your old certificates to ensure that you have no initial HTTPS problems when you do point your domains.

You can add certificates manually but if you have a lot of them and would like to migrate them automatically then here's how:

  1. Create an Opalstack API token if you don't have one already.
  2. Log in to a SSH session on your Opalstack server.
  3. Download migrate_wf_certs.py to your server:

    wget https://gist.githubusercontent.com/defulmere/bc89af42f9ff82836fbb96789b208946/raw/39d954e51ac2f51b95de1e3bc642e1a317e42970/migrate_wf_certs.py
  1. Edit the script to set the WF_USER, WF_PASS, WF_SERVER, and OPAL_TOKEN variables as directed by the comments in the script.

  2. Save and run the script:

    python3 migrate_wf_certs.py
  1. The script will query WebFaction's API for your certificate and then add them to your Opalstack dashboard via the Opalstack API.

Once it's done, you can then assign the migrated certificates to your sites.

Note that this will not migrate managed Let's Encrypt certificates from WebFaction - you can still duplicate those on Opalstack as manual certificates by getting the certificate and key values from your ~/certificates directory at WebFaction.

Now go forth, migrate your certificates, and secure all the things!

    sean stickied the discussion .
    a month later

    sean I just tried the SSL migration script and got the following error:

    Traceback (most recent call last):
      File "migrate_wf_certs.py", line 20, in <module>
        wf_session, wf_account = wf.login(WF_USER,WF_PASS,WF_SERVER,2)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1112, in __call__
        return self.__send(self.__name, args)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1452, in __request
        verbose=self.__verbose
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1154, in request
        return self.single_request(host, handler, request_body, verbose)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1170, in single_request
        return self.parse_response(resp)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1342, in parse_response
        return u.close()
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 656, in close
        raise Fault(**self._stack[0])
    xmlrpc.client.Fault: <Fault 1: 'Not allowed to login to machine "web592"'>

    Just in case, I tried swapping my WF panel PW out for my shell user password. That produced this error:

    Traceback (most recent call last):
      File "migrate_wf_certs.py", line 20, in <module>
        wf_session, wf_account = wf.login(WF_USER,WF_PASS,WF_SERVER,2)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1112, in __call__
        return self.__send(self.__name, args)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1452, in __request
        verbose=self.__verbose
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1154, in request
        return self.single_request(host, handler, request_body, verbose)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1170, in single_request
        return self.parse_response(resp)
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 1342, in parse_response
        return u.close()
      File "/usr/lib64/python3.6/xmlrpc/client.py", line 656, in close
        raise Fault(**self._stack[0])
    xmlrpc.client.Fault: <Fault 1: 'LoginError'>

    Any idea what I'm doing wrong?

    • sean replied to this.

      john-asl using your shell user won't work.

      Please try capitalizing the WF server name, ie use "Web592" instead of "web592" and let me know if that works.

        6 days later

        sean I had the exact same issue, I tried capitalizing as per your suggestion and that did indeed work.
        thanks!

        So, before running this migration, some of my sites were loading fine, because I think they were using OpalStack's automatic LetsEncrypt certificate setup. Some, however, were getting the "this site is not private" error, for those on WebFaction the sites were using LetsEncrypt but the certificates had been manually generated and uploaded there.

        After running the migration, the sites that were previously working, no get the "this site is not private" error, and the ones that weren't working before, are still not working. How can we enable the automatic LetsEncrypt certificates for all sites?

        I did see that after the migration, three new certificates were added to my OpalStack dashboard, whereas before there were no certificates shown there. All of them however, are expired it seems. I deleted the certificates but the web sites still show this error. There must be some setting to change somewhere to enable the automatic certificates?

        Also, entering "http://..." instead of "https://" shows a place holder page, "this site is hosted by OpalStack". How do we configure both URLs to redirect through SSL? Ah never mind, actually if I allow the ssl connection in the browser, I see both URLs lead to the placeholder page. Why aren't my migrated applications / web sites showing up instead?

        • sean replied to this.

          abunur this script migrates your manual certificates over but it does not attach them to your sites and it does not check to see if the certificates are expired. It just pulls over what you've got.

          It doesn't migrate your LE certificates from WebFaction because they (inexplicably) hide the LE cert key from you there.

          If you want to enable automatic LE for your sites, then go to https://my.opalstack.com/domains/, click edit for whatever site there, and then enable it. It will take a few minutes for the certificate to be generated, possibly longer if there are a lot of new certificates being generated.

            sean so, I guess the migration also doesn't create the sites for you, just creates the domains. I created a site and selected to use the automatic LetsEncrypt certs, but after that all I get is a blank page when I try to load the site. If I view source of the blank page I see this:

            <?php
            /**
             * Front to the WordPress application. This file doesn't do anything, but loads
             * wp-blog-header.php which does and tells WordPress to load the theme.
             *
             * @package WordPress
             */
            
            /**
             * Tells WordPress to load the WordPress theme and output it.
             *
             * @var bool
             */
            define( 'WP_USE_THEMES', true );
            
            /** Loads the WordPress Environment and Template */
            require __DIR__ . '/wp-blog-header.php';

            For the other sites, rather than a blank page, after I add a site in the admin panel for them I get an OpalStack placeholder page

            • sean replied to this.

              abunur The SSL certificate migration script described on this page does not migrate websites.

              The problem with your site is that you've got an invalid PHP handler in your .htaccess, please see: Why is my site serving PHP source instead of my site?

              For the other sites, if you're seeing the Opalstack page then you're probably visiting the sites before the certificates are ready.

              If you email support @ opalstack.com and let us know exactly which sites are having problems then we can look into it for you.

                3 months later
                opalstack unstickied the discussion .
                Mastodon