Certificate not working in domain without www

My domain is: x49.com.br

My web server is (include version): Nginx/1.10.3

The operating system my web server runs on is: Ubuntu 16.04

My certificate only works in the www. domain. It keeps saying it’s not secure in the domain without www.

I generate the certificate with this command: sudo certbot --nginx -d www.x49.com.br -d x49.com.br

You’ve got four certificates which includes both the base domain name as the www prepended hostname: 1, 2, 3, and 4.

But for some reason your most recent certificate only includes the base domain name: https://crt.sh/?id=334454113 And it’s this certificate currently installed on your webserver…

Could you run certbot certificates please and post the output here?

Found the following certs:
Certificate Name: x49.com.br-0001
Domains: x49.com.br
Expiry Date: 2018-05-19 15:08:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/x49.com.br-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/x49.com.br-0001/privkey.pem
Certificate Name: x49.com.br
Domains: www.x49.com.br x49.com.br
Expiry Date: 2018-05-19 14:56:07+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/x49.com.br/fullchain.pem
Private Key Path: /etc/letsencrypt/live/x49.com.br/privkey.pem

Unfortunately, your nginx is probably configured using the x49.com.br-0001 cert (which doesn’t cover the www subdomain) instead of x49.com.br (which covers both names).

You could try running

fgrep -r .pem /etc/nginx

to find where this has been configured, and then edit it to refer to the other one instead, and then restart nginx.

If that works, you might want to run certbot delete --cert-name x49.com.br-0001 to remove the redundant certificate from your local certificate.

Is returning:

/etc/nginx/sites-available/default: ssl_certificate /etc/letsencrypt/live/x49.com.br-0001/fullchain.pem; # managed by Certbot
/etc/nginx/sites-available/default: ssl_certificate_key /etc/letsencrypt/live/x49.com.br-0001/privkey.pem; # managed by Certbot
/etc/nginx/sites-available/default: ssl_dhparam /etc/letsencrypt/ssl-dhparam.pem; # managed by Certbot
/etc/nginx/snippets/snakeoil.conf:ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;

Open /etc/nginx/sites-available/default and delete "-0001" in the two filenames (fullchain.pem and privkey.pem). Restart your nginx afterwards and you should be fine.

It seems that now everything is correct =)

Thank you for helping me, I am a total beginner in this thing of certificates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.