403 after using letsencrypt

Try:

sudo certbot --apache --cert-name www.vallabh.codes -d www.vallabh.codes -d vallabh.codes

Then choose to "[E]xpand" the certificate.

4 Likes

Right now I have:-

RewriteEngine On
RewriteCond %{HTTP_HOST} ^vallabh\.codes$ [NC]
RewriteRule ^ https://www.vallabh.codes%{REQUEST_URI} [R=301,L]

Is this not the correct way?

The correct way to do what?

If you trying to cover the secure site with only a redirect statement, then you are missing the point.
In order to redirect a secure connection to another secure location, it must first connect securely.
So, https://vallabh.codes/ must work first.
Before it can redirect to: https://www.vallabh.codes/

There are four possible ways to connect:
http://your-site
http://www.your-site
https://your-site
https://www.your-site

The first two are easy to answer and redirect.
The last two must have a certificate that covers each of those names.
They can be two separate certs or one cert with both names on it.

4 Likes

Do I need to modify my config before this command ? Like I had mentioned my ServerName www.vallabh.codes .

sudo certbot --apache --cert-name www.vallabh.codes -d www.vallabh.codes -d vallabh.codes

Do I need to mention vallabh.codes in my config ?

You already showed that both names are being handled via HTTP:

You will need to handle the fourth path:

http://your-site          already handled
http://www.your-site      already handled
https://your-site         not yet handled
https://www.your-site     already handled

Which can be combined into the existing secure server block OR done separately as were the two insecure server blocks.

5 Likes

I think finally everything is good now. Could you please confirm ?

You don't know how to confirm?
[I'd much rather teach a man to fish ...]

5 Likes

Yeah thanks I got it, wanted to . This was my first time hosting on a linux server and correct way of getting ssl certificates. Learned many new things. Thank you very much !! everyone who helped me. :slightly_smiling_face:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.