Certificacion creation works ok with domain name but gives handshake failure when add "www" to it

The HTTP server block shown is not the one now in use:

 curl -Iki jkl7-company.taskcontrol.net
HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Jul 2021 12:57:33 GMT
Server: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1
Location: https://jkl7-company.taskcontrol.net/

Where is HTTP being redirected to HTTPS?

I suppose it is done directly from CF cause I don't see any valid redirect in taskcontrol-le-ssl.conf file...
anyway erratic behaviour...I was generated manually the cert just without "www" and now it is working...
must work for FQDN with and without "www" in an stable manner...
still researching....

now, I was able to create a LE certificate for "www" (manually) but Cloudflare can't communicate with the server...yet the FQDN WITHOUT "www" works fine...
I'm wondering what is the meaning of "www" for CF?

well, people, after several hours, I just decided to try "unproxy" both FQDN from Cloudflare..then I issued the certbot as usual...both are working fantastic!!
now the problem is I need it proxied by CF...why is not working while CF is using proxy for both FQDN?
now if I'm going to ghy6-company.taskcontrol.net (with proxy on in CF) it gives us:

This page isn’t working
ghy6-company.taskcontrol.net redirected you too many times

I need to make all sites most secure as possible...how should I set in CF? any suggestion? any clue?
Thanks in Advance,...
Robert

1 Like

Welcome to the Let's Encrypt Community, Robert :slightly_smiling_face:

I believe you will find these links extremely valuable:

https://developers.cloudflare.com/ssl/origin-configuration/origin-ca

1 Like

well Griffin, thanks ! and thanks for the links you sent me..
gonna read it and see what should be made to fix this issue...
Will revert then,
Thanks !

2 Likes

every virtual server I create must have its own LE certified programatically (bash) generated at virtual server creation time so... just a question, sintactically speaking, this line is ok?:

sudo certbot -n -m xxx@xxx --agree-tos --apache -d $domain_variable1@taskcontrol.net -d www.$domain_variable1@taskcontrol.net

cause still is saying: TLS handshake failure... en /var/log/letsencryp/letsencrypt.log

thanks!

1 Like

Please show the complete error message.

1 Like

I'm sorta moved by..

CONGRATULATION. Everything seems to be fine.

http://taskcontrol.net
301 Moved Permanently
https://taskcontrol.net/
403 Forbidden
2 Likes

Here it goes again, command issued and the ouput in atach images....
still can't understand why a few weeks ago was working perfectly and now it doesn't
...any suggestion or any clues really appreciated...
Thanks in Advance
Robert

1 Like

It is difficult for us to troubleshoot a problem when a CDN is involved.

Your site is behind CloudFlare.
More than likely, you need to set your CloudFlare settings in a way that allows for what you expect.
I'm not a CloudFlare expert - but I would start there.
At a bare minimum you need to understand that certbot doesn't know that your site is behind a CDN.
A CDN that is catching HTTP, redirecting HTTP to HTTPS, catching the HTTPS requests and handling them as you chose. And even if that choice was correct, the first request that your system will receive may be HTTPS and not was has been accounted for.

2 Likes