https of one domain points me to the https of another domain


I have two domains in my vps:

raton-inalambrico and rolsbek.

I have installed a ssl with letsencrypt for each one.

But when I put https in rolsbek.com it redirects me to https on raton-inalambrico.com.es

This doesn’t happen with the http because I have two *80 ports for each domain.

The thing is that I don’t know how to do it to create a 443 port for each domain or how it goes so that it doesn’t redirect me from rolsbek’s https to the one of mouse-wireless.

I use to manage ISPConfig

I’m waiting for your help, THANK YOU in advance.

I would show you the ports code, 000-default and default-ssl but I am not allowed to put code if I don’t have 5 post

no www – How to redirect an https site from www to non www

After adding a SSL certificate I want to redirect all my site’s URL variations to 301 redirect to non www one. I tried creating a redirect from cPanel for all other variations.

Every other url variation redirects except for https://www.example.com this one does not redirect to https://example.com. Both URLs can be accessed and wont redirect to the non www one.

I’ve added canonical, google has crawled and indexed both. Analytics gave a redundant hostname notification. I also tried redirecting from htaccess file using these code:

# BEGIN SSL
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www.)?example.com$ (NC)
RewriteRule ^$ https://example.com$1 (R,L)
# END SSL

and

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.example.com (NC)
RewriteRule ^(.*)$ https://example.com/$1 (R=301,L)

Both failed.

All I want is to redirect all URL variations secure or non secure to redirect to https://example.com (non WWW secure version)

htaccess – All pages are not being redirected to HTTPS when accessed using HTTP

I’m running a WordPress blog that has an issue with HTTPS redirect. Except home page, no other URL is being redirected to HTTPS if you visit via HTTP.

I want to redirect all HTTP traffic to HTTPS. Currently, only the Home page(http://www.example.com) is being redirected to HTTPS if you try with HTTP.

but if you visit http://www.example.com/page1, then it won’t be redirected to HTTPS and stays at HTTP.

I don’t want to use any plugin such as “really simple SSL”. After a lil’bit of searching over net, I found that I can modify the .htaccess file to do that. Then I tried to understand .htaccess file (considering I never worked with PHP or WordPress or even Apache before). I got to know that RewriteEngine On should appear only once in your file but in my case, it’s appearing twice. maybe some plugin or theme had modified this that i’m not aware of. below is the content of my .htaccess file.

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 24 hours"
    ExpiresByType image/jpeg "access plus 24 hours"
    ExpiresByType image/gif "access plus 24 hours"
    ExpiresByType image/png "access plus 24 hours"
    ExpiresByType text/css "access plus 24 hours"
    ExpiresByType application/pdf "access plus 1 week"
    ExpiresByType text/javascript "access plus 24 hours"
    ExpiresByType text/html "access plus 5 minutes"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresDefault "access plus 24 hours"
</IfModule>
<ifModule mod_headers.c>
Header set X-Endurance-Cache-Level "2"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - (L)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php (L)
</IfModule>

# END WordPress
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} (L,R=301)

I don’t have any subdomains. only a single domain.
So to clear my doubts, I have two questions.

1) Is this .htaccess file correct? I mean can we have two RewriteEngine On lines? that too outside the , again I’m not very familiar with this syntax.

2) What should I change to reflect HTTPS redirection on all of my pages?

PS: these are one of the links that I have visited-

htaccess

.htaccess syntax multiple RewriteEngine on

https://www.hostinger.com/tutorials/ssl/forcing-https

https – This server could not prove that it is LLLL.com; its security certificate is from *.dnsmadeeasy.com. This may be caused by a misconfiguration

On May 18th you changed your nameservers from:

ns10.nationbuilder.com
ns11.nationbuilder.com
ns12.nationbuilder.com
ns13.nationbuilder.com
ns14.nationbuilder.com
ns15.nationbuilder.com

to:

ns41.domaincontrol.com
ns42.domaincontrol.com

Old nameservers resolve your name as:

;; ANSWER SECTION:
davidkim2020.com.   2h40m IN A 96.45.82.241
davidkim2020.com.   2h40m IN A 96.45.82.83
davidkim2020.com.   2h40m IN A 96.45.83.173
davidkim2020.com.   2h40m IN A 96.45.83.119

New ones as:

;; ANSWER SECTION:
davidkim2020.com.   10m IN A 35.167.198.99

The .com TTL on NS records is 2 days.
The TTL on NS records at the old nameserver is one day.

This means that some clients will still contact the old nameservers for as much as 2 days after your change, and hence get the old IP addresses for your domain. Those do not reply correctly anymore for your domains, as witnessed:

$ curl --verbose --resolve davidkim2020.com:443:96.45.82.241 https://davidkim2020.com/
* Added davidkim2020.com:443:96.45.82.241 to DNS cache
* Hostname davidkim2020.com was found in DNS cache
*   Trying 96.45.82.241...
* TCP_NODELAY set
* Connected to davidkim2020.com (96.45.82.241) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=*.dnsmadeeasy.com
*  start date: Mar 23 00:00:00 2020 GMT
*  expire date: Jun 25 00:00:00 2022 GMT
*  subjectAltName does not match davidkim2020.com
* SSL: no alternative certificate subject name matches target host name 'davidkim2020.com'

That is they present a certificate not compatible with the hostname, as the error message already told you.
This happens when you land on some generic page at your webhosting company, like when the website is not configured properly on their side, which makes sense there as you left this provider.

Contrary to the new IP addresses:

$ curl --verbose --resolve davidkim2020.com:443:35.167.198.99 https://davidkim2020.com/
* Added davidkim2020.com:443:35.167.198.99 to DNS cache
* Hostname davidkim2020.com was found in DNS cache
*   Trying 35.167.198.99...
* TCP_NODELAY set
* Connected to davidkim2020.com (35.167.198.99) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=davidkim2020.com
*  start date: May 19 02:56:24 2020 GMT
*  expire date: Aug 17 02:56:24 2020 GMT
*  subjectAltName: host "davidkim2020.com" matched cert's "davidkim2020.com"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.

It is most probably that your old provider shut down all services (hence the proper HTTPS resolution) right when you switched nameservers, which is bound to cause problems like that.

Clients that contacted your website just before the change, “polluted” their cache with the old data that may be cleared only after 2 days. There is no “workaround” for things like that except waiting, and next time doing the migration differently (probably not wise to change both DNS provider and webhosting at the same time; proper DNS changes need planning).

(Technically, if you reach out to your old provider and asks him to put your server back even if they are not the authoritative nameservers anymore, then the situation should work; however I do not expect that to be possible with most providers and specially for like 2 days at most).

Should Article Hotlink Images be HTTP or HTTPS?

Greetings, GSA pplz.
I am planning to re-deploy the image libraries I was using to accompany GSA article-type posts calling for them.
I’ve been using HTTP. I now wonder if there are any article sites that this may cause an issue with, as the link is inserted as HTML and not through the targets’ interface, and if the page is HTTPS, this may cause issues.
Any knowledge?  Thanks, GSA community members.

security certificate – How to understand HTTPS / SSL?

I deployed a python server a few weeks ago, but for that I had to use nginx.

And following the tutorial, I talked about enabling https / ssl.

Okay, I did that.

Now I am studying Nginx to better understand how it works, but in the Ningx course (Linux Academy) it doesn’t cover things so much about https / ssl, it only covers things like enabling using lets encrypt and certbot.

But I want to understand how it works behind the scenes.

What readings are recommended for this?

PS: all tutorials on how to enable https with nginx use certbot with lets encrypt.

DNS – Monitors HTTPS URL logging for a specific device on a network

The main objective is to monitor all URL logging (HTTPS) from a specific device in my network. So I decided to buy a WifiPineApple security tool in the Hak5 store.

Ex. Alexa, Chromecast, and maybe iPad.

enter description of image here

I did:

  • set up network sharing from my Ethernet to WifiPineApple: here
  • Static IP configured on my WifiPineApple as 172.16.42.42 if necessary: ​​here
  • GUI / Portal
  • log in to the GUI portal, finishing the configuration, the root password and the SSIDs
    • allow all clients to connect
    • install the "SSLSplit" module from the community repository and start it

I can see the SSID broadcast and logged.
I tested the Speedtest, I got around 30 Mbps after connecting.

Then I tried to load the HTTPS site, it takes forever to load a single page.

and the portal is not even updated automatically as they claimed …


  1. How good could it be to sniff the traffic that takes 10 minutes to load a single page?
  2. Am I using WifipineApple incorrectly?
  3. Should I use a different module for SSL Strip HTTPS traffic / request? I tried DWall, urlsnarf, buy, they also work very slowly and only work for HTTP.
  4. Should I explore other options from WifipineApple, which is not as effective?
  5. With my network diagram in mind, should I be looking for better tools / applications like maybe running another router between the router and the modem?

To reiterate my goal, my expectation is very simple, I want to see the URL logs of all the sites requested by my iPad at a given time.
I don't care about this information header, body, payload, and even credentials, I only care about asked URLs or history.

If anyone has one suggestions for me I love take your advice.

redirects – How to use HTTPS in JavaScript code snippets?

When I tried to load the site, it did not appear natively. So there was an error in the console. The error indicated that: –

Mixed content: the page
"Https: //site.url/admin/appearance" has been loaded via HTTPS,
but requested an unsecured framework
& # 39; http: //site.url/frame? mode = 2rat57aRFw & # 39 ;.
This request has been blocked; the content must be broadcast via HTTPS.

The error was displayed in the javascript file on line 1 for the reduced version.
You can see the unreduced js code here.

nginx – Expose the http and https port to the docker container but still cannot communicate

Edit:
quick fix, what do you think?

$ firewall-cmd --zone=public --add-masquerade --permanent && firewall-cmd --reload

This problem is related to the UpCloud centos 8.0 distribution.

I am new to UpCloud and Cloudflare. I decided to use Cloudflare instead of Alibaba Cloud DNS (high latency slows down TTFB) and I plan to host a smaller project with UpCloud because the output price of UpCloud is 10 times cheaper than Alibaba Cloud, so I can reach smaller customers.

I am used to using Alibaba Cloud and their DNS product and I have not had this problem, ACME challenge failed, before, so I use a quick fix to fix the docker without a route to the host problem.

Expected behaviour

Successful ACME challenge

docker container ping request

$ ping acme-v02.api.letsencrypt.org
ping: bad address 'acme-v02.api.letsencrypt.org'
$ ping google.com
ping: bad address 'google.com'

Current behavior

Failed ACME challenge.

letsencrypt       | An unexpected error occurred:
letsencrypt       | Traceback (most recent call last):
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
letsencrypt       |     conn = connection.create_connection(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
letsencrypt       |     for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
letsencrypt       |   File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
letsencrypt       |     for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
letsencrypt       | socket.gaierror: (Errno -3) Try again
letsencrypt       |
letsencrypt       | During handling of the above exception, another exception occurred:
letsencrypt       |
letsencrypt       | Traceback (most recent call last):
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
letsencrypt       |     httplib_response = self._make_request(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
letsencrypt       |     self._validate_conn(conn)
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
letsencrypt       |     conn.connect()
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 308, in connect
letsencrypt       |     conn = self._new_conn()
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
letsencrypt       |     raise NewConnectionError(
letsencrypt       | urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: (Errno -3) Try again
letsencrypt       |
letsencrypt       | During handling of the above exception, another exception occurred:
letsencrypt       |
letsencrypt       | Traceback (most recent call last):
letsencrypt       |   File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
letsencrypt       |     resp = conn.urlopen(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
letsencrypt       |     retries = retries.increment(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment
letsencrypt       |     raise MaxRetryError(_pool, url, error or ResponseError(cause))
letsencrypt       | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: (Errno -3) Try again'))
letsencrypt       |
letsencrypt       | During handling of the above exception, another exception occurred:
letsencrypt       |
letsencrypt       | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: (Errno -3) Try again'))
letsencrypt       | Please see the logfiles in /var/log/letsencrypt for more details.
letsencrypt       | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.

Steps to replicate

  1. git clone https://github.com/tempatkerja/docker-odoo
  2. follow the instructions
  3. Quick fix for Docker no route to host problem "I use Alibaba Cloud cloud providers and I never have to"

I don't know why, but the centos distribution of UpCloud behaves strangely with Docker, what I mean by that is that the Docker container cannot communicate between containers, although the port is exposed or the container is tied.

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 4 -i docker0 -j ACCEPT && firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=172.17.0.0/16 accept' && firewall-cmd --reload
sysctl net.bridge.bridge-nf-call-iptables=0
sysctl net.bridge.bridge-nf-call-arptables=0
sysctl net.bridge.bridge-nf-call-ip6tables=0
systemctl restart docker

Environment

BONE: Centos 8.0

CPU architecture: I am not sure.

How the Docker service was installed: https://github.com/jasononggo/docs/blob/master/DOCKER.md

Command used to create a docker container (execute / create / compose / screenshot)

I changed the URL, the DNSPLUGIN and the EMAIL parameter.
docker-compose.yml

Docker logs

letsencrypt       | (s6-init) making user provided files available at /var/run/s6/etc...exited 0.
letsencrypt       | (s6-init) ensuring user provided files have correct perms...exited 0.
letsencrypt       | (fix-attrs.d) applying ownership & permissions fixes...
letsencrypt       | (fix-attrs.d) done.
letsencrypt       | (cont-init.d) executing container initialization scripts...
letsencrypt       | (cont-init.d) 01-envfile: executing...
letsencrypt       | (cont-init.d) 01-envfile: exited 0.
letsencrypt       | (cont-init.d) 10-adduser: executing...
letsencrypt       | usermod: no changes
letsencrypt       |
letsencrypt       | -------------------------------------
letsencrypt       |           _         ()
letsencrypt       |          | |  ___   _    __
letsencrypt       |          | | / __| | |  /  
letsencrypt       |          | | __  | | | () |
letsencrypt       |          |_| |___/ |_|  __/
letsencrypt       |
letsencrypt       |
letsencrypt       | Brought to you by linuxserver.io
letsencrypt       | -------------------------------------
letsencrypt       |
letsencrypt       | To support the app dev(s) visit:
letsencrypt       | Let's Encrypt: https://letsencrypt.org/donate/
letsencrypt       |
letsencrypt       | To support LSIO projects visit:
letsencrypt       | https://www.linuxserver.io/donate/
letsencrypt       | -------------------------------------
letsencrypt       | GID/UID
letsencrypt       | -------------------------------------
letsencrypt       |
letsencrypt       | User uid:    1000
letsencrypt       | User gid:    1000
letsencrypt       | -------------------------------------
letsencrypt       |
letsencrypt       | (cont-init.d) 10-adduser: exited 0.
letsencrypt       | (cont-init.d) 20-config: executing...
letsencrypt       | (cont-init.d) 20-config: exited 0.
letsencrypt       | (cont-init.d) 30-keygen: executing...
letsencrypt       | using keys found in /config/keys
letsencrypt       | (cont-init.d) 30-keygen: exited 0.
letsencrypt       | (cont-init.d) 50-config: executing...
letsencrypt       | Variables set:
letsencrypt       | PUID=1000
letsencrypt       | PGID=1000
letsencrypt       | TZ=UTC
letsencrypt       | SUBDOMAINS=www,
letsencrypt       | EXTRA_DOMAINS=
letsencrypt       | ONLY_SUBDOMAINS=false
letsencrypt       | DHLEVEL=4096
letsencrypt       | VALIDATION=dns
letsencrypt       | DNSPLUGIN=cloudflare
letsencrypt       | STAGING=
letsencrypt       |
letsencrypt       | 4096 bit DH parameters present
letsencrypt       | SUBDOMAINS entered, processing
letsencrypt       | SUBDOMAINS entered, processing
letsencrypt       | dns validation via cloudflare plugin is selected
letsencrypt       | Generating new certificate
letsencrypt       | Saving debug log to /var/log/letsencrypt/letsencrypt.log
letsencrypt       | Plugins selected: Authenticator dns-cloudflare, Installer None
letsencrypt       | An unexpected error occurred:
letsencrypt       | Traceback (most recent call last):
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
letsencrypt       |     conn = connection.create_connection(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/util/connection.py", line 61, in create_connection
letsencrypt       |     for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
letsencrypt       |   File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo
letsencrypt       |     for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
letsencrypt       | socket.gaierror: (Errno -3) Try again
letsencrypt       |
letsencrypt       | During handling of the above exception, another exception occurred:
letsencrypt       |
letsencrypt       | Traceback (most recent call last):
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
letsencrypt       |     httplib_response = self._make_request(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 381, in _make_request
letsencrypt       |     self._validate_conn(conn)
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
letsencrypt       |     conn.connect()
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 308, in connect
letsencrypt       |     conn = self._new_conn()
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
letsencrypt       |     raise NewConnectionError(
letsencrypt       | urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: (Errno -3) Try again
letsencrypt       |
letsencrypt       | During handling of the above exception, another exception occurred:
letsencrypt       |
letsencrypt       | Traceback (most recent call last):
letsencrypt       |   File "/usr/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
letsencrypt       |     resp = conn.urlopen(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
letsencrypt       |     retries = retries.increment(
letsencrypt       |   File "/usr/lib/python3.8/site-packages/urllib3/util/retry.py", line 439, in increment
letsencrypt       |     raise MaxRetryError(_pool, url, error or ResponseError(cause))
letsencrypt       | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: (Errno -3) Try again'))
letsencrypt       |
letsencrypt       | During handling of the above exception, another exception occurred:
letsencrypt       |
letsencrypt       | requests.exceptions.ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: (Errno -3) Try again'))
letsencrypt       | Please see the logfiles in /var/log/letsencrypt for more details.
letsencrypt       | ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/cloudflare.ini file.

Regards,
Jason

tls – Full Cloudflare HTTPS stream

Battery exchange network

The Stack Exchange network includes 176 question and answer communities, including Stack Overflow, the largest and most reliable online community for developers who want to learn, share knowledge and develop their careers.

Visit Stack Exchange