Hi.
I set up the https certificate for https:// guardianmc .net/ but not for https:// www. guardianmc .net/
I was trying to add the www. guardianmc. net domain but it is not working properly.
The command I used: root@guardianmc1:~/letsencrypt# ~/.local/share/letsencrypt/bin/letsencrypt certo nly
> --agree-tos --email quiquelhappy@gmail.com
> --standalone
> --domains guardianmc.net,www. guardianmc. net
The output:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.guardianmc.net/fullchain.pem. Your cert
will expire on 2016-08-20. To obtain a new version of the
certificate in the future, simply run Certbot again.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
You say that “it is not working properly” but the output looks like everything worked just fine, producing a new certificate which you will need to put into service yourself.
Is it possible that you have a configuration still pointing to the old certificate, rather than the new one?
After you created the original certificate, you hopefully edited a configuration somewhere to tell your web server to use that certificate and associated key. It looks like you have Apache, so there will be an Apache config file you changed. But now, instead of that certificate, which was only for guardianmc.net you need to tell Apache to use the new certificate, which includes both guardianmc.net and www.guardianmc.net.
So probably there are places where it now says something like
although the exact syntax you need might vary a bit depending on exactly which version you’re using. But you should only need to change that guardianmc.net part, so it should be easy
For future reference, you probably should have used the --expand flag to add the www domain instead.
Originally, you created a certificate with guardianmc. net as the primary (and only) domain. You’ve now created a second certificate with www. guardianmc. net as the primary domain and guardianmc. net as a secondary domain. When you renew, you’ll renew both the original and new certificates.
The “expand” flag would have added www. guardianmc. net to your original certificate as a secondary domain. But since you now have your new cert, I’d probably remove (not revoke) your original - chances are you won’t be using both!