Certbot renew don't work

Franck98 · September 21, 2022, 8:45pm

But port 80 is for HTTP not HTTPS, if I change the default server, I think letsdebug will display green

Franck98 · September 21, 2022, 8:47pm

I'm afraid to change what works for everything spoiled my friends

Franck98 · September 21, 2022, 9:36pm

Finally, the curious side of developer took over, I have tests and I modified everything as it should be and there it is good... Everything is green

Bruce5051 · September 21, 2022, 10:24pm

@Franck98 just so you know the certificate is only for apisnix-crm.com and not www.apisnix-crm.com
that should not be a problem if you never reference www.apisnix-crm.com

Franck98 · September 21, 2022, 11:31pm

Thanks for the remark, but don't worry in the configuration of the domain name, I redirected www.apisnix-crm.com on apisnix-crm.com

By the way your capture, what did you consult the site with please?

Bruce5051 · September 22, 2022, 1:26am

I used SSL Checker - Check SSL Certificate to get the .PEM file for the domain

And then I take the .PEM file and use CSR Decoder and Certificate Decoder it to decode the Certificate. And then scroll down to the part I am interested in.
(I'm kind of lazy, all of this can be done with command line OpenSSL)

MikeMcQ · September 22, 2022, 2:13am

Actually, you don't redirect www to your apex. But, modern chromium browsers might. Some see that your cert only has your apex name (apisnix-crm.com) when you redirected http://www to httpS://www (emphasis on S is mine).

And, browsers work very hard to compensate for mis-coded servers and want to show something nice to their user. So, it redirects on your behalf (it's less efficient and some browsers might not). I don't know what browsers or versions support this but here's a message from the developer tool in Opera browser. See the "redirecting" message.

Curl is not as friendly. It fails your redirect

curl -I http://www.apisnix-crm.com
HTTP/1.1 302 Found
Date: Thu, 22 Sep 2022 02:06:24 GMT
Server: Apache
Location: https://www.apisnix-crm.com//

curl -I https://www.apisnix-crm.com
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.apisnix-crm.com'

Also, note in the image above the message about the 404 Not Found error for that css.map file. There were several similar errors. I don't know if they are just missing or whether it is related to your two // in your redirect URL (after the .com). You might want to fix this at least for the performance improvement.

MikeMcQ · September 22, 2022, 2:25am

Oh, a recent Firefox version errors your www.apisnix-crm.com domain with a full screen "Security Warning".

It does not do the favorable redirect that chromium browsers do.

system · October 22, 2022, 2:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.