Add a domain properly


#1

Hi.
I set up the https certificate for https:// guardianmc .net/ but not for https:// www. guardianmc .net/

I was trying to add the www. guardianmc. net domain but it is not working properly.

The command I used:
root@guardianmc1:~/letsencrypt# ~/.local/share/letsencrypt/bin/letsencrypt certo nly
> --agree-tos --email quiquelhappy@gmail.com
> --standalone
> --domains guardianmc.net,www. guardianmc. net

The output:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.guardianmc.net/fullchain.pem. Your cert
   will expire on 2016-08-20. To obtain a new version of the
   certificate in the future, simply run Certbot again.
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

#2

You say that “it is not working properly” but the output looks like everything worked just fine, producing a new certificate which you will need to put into service yourself.

Is it possible that you have a configuration still pointing to the old certificate, rather than the new one?


#3

how do I look at this?


#4

After you created the original certificate, you hopefully edited a configuration somewhere to tell your web server to use that certificate and associated key. It looks like you have Apache, so there will be an Apache config file you changed. But now, instead of that certificate, which was only for guardianmc.net you need to tell Apache to use the new certificate, which includes both guardianmc.net and www.guardianmc.net.

So probably there are places where it now says something like

SSLCertificateFile /etc/letsencrypt/live/guardianmc.net/cert.pem

and you need to change that to instead say:

SSLCertificateFile /etc/letsencrypt/live/www.guardianmc.net/cert.pem

although the exact syntax you need might vary a bit depending on exactly which version you’re using. But you should only need to change that guardianmc.net part, so it should be easy

Does any of this make sense to you?


#5

EDIT: Where is this config file?


#6

Okay, I changed the values, but nothing is happening.

EDIT: Fixed (restarting the apache2 service)


#7

For future reference, you probably should have used the --expand flag to add the www domain instead.

Originally, you created a certificate with guardianmc. net as the primary (and only) domain. You’ve now created a second certificate with www. guardianmc. net as the primary domain and guardianmc. net as a secondary domain. When you renew, you’ll renew both the original and new certificates.

The “expand” flag would have added www. guardianmc. net to your original certificate as a secondary domain. But since you now have your new cert, I’d probably remove (not revoke) your original - chances are you won’t be using both! :slight_smile:


#8

Did not even know about that --expand flag. Thanks for mentioning it DarkSteve always like to do things cleanly and not run into problems later.


#9

No problem, glad I could help!


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.