I ran this command: When you access my site.
Sometimes, the following messages may be shown when you visit my website.
(I translated the message displayed in Japanese in English.)
After a while, you will be able to access normal.
It produced this output: -Message-
Connection is not private.
This website may be “candy-cc.com” to steal your personal information or financial information.
Close this page, please.
If you have a certificate that the website is not valid, you will see a warning.
This may occur when the website has been set wrongly or more unauthorized intrudice to the attacker.
You can see the certificate in detail.
You can view this website if you understand the dangers associated with it.
My web server is (include version): Apache 2.4.37
The operating system my web server runs on is (include version): CentOS 8
My hosting provider, if applicable, is: Using No-IP to use DDNS.
I can login to a root shell on my machine (yes or no, or I don't know): no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.14.0
Do you have a screenshot of the certificate details, when this error happens?
That would give a hint about what exactly is going wrong. For example, knowing the domain name and issuer name from the "wrong" certificate, would be really useful.
There are indeed no certificates for the www subdomain issued: crt.sh | candy-cc.com
If the references to the www subdomain are indeed the issue here, there are two solutions:
Most easy: change every reference from www.candy-cc.com to candy-cc.com, so the current certificate can be used without errors;
A little bit more work: include the www subdomain into the certificate too.
I think it's best for a site to have just a single hostname in use and doesn't combine a hostname with and without the www subdomain, so I'd want to suggest the first option
Well, it's a screen shot, but I don't know when this error will happen.
So, I'll take a screenshot at the timing of the error and post again.
Please help me again at that time.
Your certificate only covers candy-cc.com instead of covering both candy-cc.comandwww.candy-cc.com. Thus, anyone who visits www.candy-cc.com will be presented with an invalid certificate.
Something that can make this issue extra-confusing is that Google Chrome may accept these names as interchangeable, while other web browsers don't. So it might appear to work properly without issuing a certificate for both names, if you check only using Chrome, but it still might not work properly for people using any other software.
You must be able to access the site correctly, even if the domain name has “www" is attached or "www" is not attached.
I interpreted it.
Is that correct?
Is it possible to set in "httpd.conf" and "ssl.conf"?
I think I could do that in my memory.
I will look into it again and check it.
You must be able to access the site correctly, even if the domain name has “www" is attached or "www" is not attached.
I will look into it again and check it.
certbot can surely obtain a cert with both names on it.
Step 1: DNS entries [these are already correct]
Step 2: HTTP config [you need to add an HTTP section for www name]
Step 3: Obtain cert with both names [ask for help here if you need it]
Step 4: Use new cert within both secure sections [redirect www connections to base domain]
I added the following sentences.
Add “ServerAlias www.candy-cc.com” to httpd.conf.
Add “ServerAlias www.candy-cc.com” to ssl.conf.
From this result , the action is different in the browser.
iPhone Safari : OK
iPhone Documents : NG
PC Edge : OK
PC Firefox : NG
iMac FireFox : NG
iMac Chrome : NG
iMac Safari : NG
I thought this would give the right result.
But it seems that it is still insufficient.
