Certificate not working in domain without www

caiokawasaki · February 18, 2018, 4:17pm

My domain is: x49.com.br

My web server is (include version): Nginx/1.10.3

The operating system my web server runs on is: Ubuntu 16.04

My certificate only works in the www. domain. It keeps saying it’s not secure in the domain without www.

I generate the certificate with this command: sudo certbot --nginx -d www.x49.com.br -d x49.com.br

Osiris · February 18, 2018, 4:40pm

You’ve got four certificates which includes both the base domain name as the www prepended hostname: 1, 2, 3, and 4.

But for some reason your most recent certificate only includes the base domain name: https://crt.sh/?id=334454113 And it’s this certificate currently installed on your webserver…

Could you run certbot certificates please and post the output here?

caiokawasaki · February 18, 2018, 10:36pm

Found the following certs:
Certificate Name: x49.com.br-0001
Domains: x49.com.br
Expiry Date: 2018-05-19 15:08:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/x49.com.br-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/x49.com.br-0001/privkey.pem
Certificate Name: x49.com.br
Domains: www.x49.com.br x49.com.br
Expiry Date: 2018-05-19 14:56:07+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/x49.com.br/fullchain.pem
Private Key Path: /etc/letsencrypt/live/x49.com.br/privkey.pem

schoen · February 19, 2018, 4:32am

Unfortunately, your nginx is probably configured using the x49.com.br-0001 cert (which doesn’t cover the www subdomain) instead of x49.com.br (which covers both names).

You could try running

fgrep -r .pem /etc/nginx

to find where this has been configured, and then edit it to refer to the other one instead, and then restart nginx.

If that works, you might want to run certbot delete --cert-name x49.com.br-0001 to remove the redundant certificate from your local certificate.

caiokawasaki · February 19, 2018, 1:43pm

Is returning:

/etc/nginx/sites-available/default: ssl_certificate /etc/letsencrypt/live/x49.com.br-0001/fullchain.pem; # managed by Certbot
/etc/nginx/sites-available/default: ssl_certificate_key /etc/letsencrypt/live/x49.com.br-0001/privkey.pem; # managed by Certbot
/etc/nginx/sites-available/default: ssl_dhparam /etc/letsencrypt/ssl-dhparam.pem; # managed by Certbot
/etc/nginx/snippets/snakeoil.conf:ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;

bytecamp · February 19, 2018, 1:50pm

Open /etc/nginx/sites-available/default and delete "-0001" in the two filenames (fullchain.pem and privkey.pem). Restart your nginx afterwards and you should be fine.

caiokawasaki · February 19, 2018, 1:58pm

It seems that now everything is correct =)

Thank you for helping me, I am a total beginner in this thing of certificates.

system · March 21, 2018, 1:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot certificate is done but https is not working Help	7	18999	August 5, 2018
Nginx https is not working Help	15	4997	July 30, 2021
Installed certificate, but https site not working Help	3	558	February 8, 2022
Adding domain without affecting current certificates Help	3	605	September 17, 2018
Adding extra domain to certificate, locally ok, via web not added Help	4	468	March 20, 2020

Certificate not working in domain without www

Related Topics