Addding subdomains to certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: azure-developers.net

I ran this command: I used this link https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress to successfully generate a certificate for the above domain. However I missed the wildcard for www. I noticed that when a visitor told me that in chrome my site redirects him to non-www but in firefox the redirect doesn’t work and www shows a potential security risk.
I went ahead and repeated the same steps for the Wildcard (this time, it didn’t ask me this type to do any validation with txt) I got a question asking to extend the certificate, I did and I got successful message but the for some reason my site still shows the Warning. Do o I need to run any other command? I use Really simple ssl, I wonder if the plugin is aware of the changes? Thank you for your time.

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Apache

My hosting provider, if applicable, is: Amazon LightSail

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
SSH

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi @fmedina

checking your domain you have created two new certificates with both domain names - https://check-your-website.server-daten.de/?q=azure-developers.net

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-01-11 2020-04-10 *.azure-developers.net, azure-developers.net - 2 entries duplicate nr. 2
Let's Encrypt Authority X3 2020-01-11 2020-04-10 *.azure-developers.net, azure-developers.net - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2020-01-11 2020-04-10 *.azure-developers.net - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2020-01-10 2020-04-09 azure-developers.net - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2020-01-06 2020-04-05 autodiscover.azure-developers.net, azure-developers.net, cpanel.azure-developers.net, mail.azure-developers.net, webdisk.azure-developers.net, webmail.azure-developers.net, www.azure-developers.net - 7 entries duplicate nr. 1

So the certificate creation has worked.

But you don't use one of these. Instead:

CN=azure-developers.net
	10.01.2020
	10.04.2020
expires in 90 days	azure-developers.net - 1 entry

You use one certificate with one domain name -> your www version isn't secure.

Check your client (I don't know how Really simple SSL works) how to see a list of created certificates.

And how to install such an existing certificate.

Don't create a new certificate, there is a rate limit.

PS: There is an Apache. What says

apachectl -S

Find your vHosts (one or two), change the certificate manual, restart your Apache.

1 Like

Thank you so much for your quick and detailed reply. Are all of those certificates valid? I need to find out how to change the certificate, once I pick one, do I need to delete the rest? how do I go about it?

I was unable to find any information regarding Really Simple SSL. My question at this point would be. If I remove the duplicate certificates and leave only the one that includes the wildcard, I assume that Really simple ssl would use it as the primary. Could you please let me know what commands I need to run to safely remove the duplicate certificates?

Thank you again!

That's the wrong way. Please read my complete answer. And change your Apache vHost, that's your job.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.