Hi @tianreagon,
I think you might have gotten a bit mixed up here with three different issues:
(1) Whenever you use certonly
, it never tries to reconfigure your Apache for you. However, if you have a certificate that is already configured in Apache (because you previously used --apache
or because you edited the Apache configuration files yourself), certonly
can obtain a new certificate and substitute the new certificate for the previous version. If so, you won’t see the effects of this unless you run a command like apachectl graceful
or another command that restarts Apache or reloads your configuration.
(2) If you have a certificate on a site and the site is serving HTTPS, it will still be possible to access the HTTP version of that site unless you explicitly go to the HTTPS version of the site in your browser. Both can and will co-exist. But this is not the case if the site is generating a 301 redirect from the HTTP to the HTTPS version, which is recommended; certbot --apache
offers to configure Apache to do this for you, but you have to accept the offer.
(3) You need to make sure that you have certificates installed that cover all of the different names under which a site can be accessed. When you use --cert-name
, you are asking Certbot to update a previously obtained certificate with a complete new set of names, not simply to add names.
So, you have at various times obtained certificates for both createmediacompany.com and createmedia.co.za, but unfortunately both are not covered in the same certificate, and your use of --cert-name
probably also replaced the latter with the former, hiding your old createmedia.co.za certificate so that it’s no longer possible to refer to it via /etc/letsencrypt/live/createmedia.co.za/fullchain.pem
as it was before. Nonetheless, your createmedia.co.za-0001
certificate does cover the createmedia.co.za domain.
What I see right now remotely is
https://createmedia.co.za/ — works!
https://www.createmedia.co.za/ — broken because you forgot to add www.createmedia.co.za as a name covered by any of your certificates
http://createmedia.co.za/ — redirects to https://createmedia.co.za/, which works (you probably used --apache
when installing this one)
https://www.createmedia.co.za/ — redirects to https://www.createmedia.co.za/, which doesn’t work (maybe a collateral effect of the redirect created when you used --apache
?)
https://www.createmediacompany.com/ — broken (serving your createmedia.co.za certificate instead; you used certonly
for this one as you described above, so it didn’t do anything to configure it in Apache, though you could edit the configuration files to do so yourself)
https://createmediacompany.com/ — same
http://www.createmediacompany.com/ — works but doesn’t redirect to HTTPS
http://createmediacompany.com/ — same
I hope that’s a bit clearer rather than more confusing!