Our site, www.ledwell.com redirects to ledwell.com . I ran:
certbot certonly --webroot -d www.ledwell.com -d ledwell.com -w /usr/local/webroot
cerbot certificates
shows
Domains: www.ledwell.com ledwell.com
Loading ledwell.com works just fine but www.ledwell.com says:
www.ledwell.com uses an invalid security certificate. The certificate is only valid for ledwell.com Error code: SSL_ERROR_BAD_CERT_DOMAIN
or another browser:
Your connection is not private
Attackers might be trying to steal your information from www.ledwell.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
If the cert were really not good, should I have not gotten a message about it when it was being created?
2 Likes
Hi @abwillis
certonly doesn't install the certificate and doesn't restart your webserver.
So your error message says: Your system uses a certificate only with one domain name.
Yep - now the check is done - https://check-your-website.server-daten.de/?q=ledwell.com
The www version has a certificate error, non-www works.
You have a Litespeed. Looks like you have to install the certificate manual, use the output of
certbot certificates
Then restart your webserver, that's always required.
2 Likes
Welcome to the Let's Encrypt Community
These may help:
https://openlitespeed.org/kb/lets-encrypt-ssl-on-openlitespeed/
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:letsencrypt-ssl
You can run the following to create a deployment hook that reloads LiteSpeed when your certificate is updated so that your renewals are fully automated:
certbot certonly --cert-name ledwell.com --webroot -w /usr/local/webroot -d "ledwell.com,www.ledwell.com" --deploy-hook "/usr/local/lsws/bin/lswsctrl reload"
2 Likes
rg305
October 27, 2020, 5:58pm
4
On install, certbot
should have already added a cron job or systemd timer to run twice a day.
Try:
sudo crontab -l
sudo systemctl list-timers | grep -i cert
READERS: Get involved. Be heard. Do your part with: If you read something you like, then like it
2 Likes
Never knew that.
I always thought the task was created upon successful installation of a certificate. I suppose for a generic certbot renew
without a specified certificate name that creating a default task upon installation of the software would make sense.
2 Likes
rg305
October 27, 2020, 6:50pm
6
As an example (Ubuntu 18, latest certbot installed from snapd, without having yet issued any certs):
cat /etc/systemd/system/snap.certbot.renew.service
[Unit]
# Auto-generated, DO NOT EDIT
Description=Service for snap application certbot.renew
Requires=snap-certbot-652.mount
Wants=network.target
After=snap-certbot-652.mount network.target snapd.apparmor.service
X-Snappy=yes
[Service]
EnvironmentFile=-/etc/environment
ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew
SyslogIdentifier=certbot.renew
Restart=no
WorkingDirectory=/var/snap/certbot/652
TimeoutStopSec=30
Type=oneshot
[Install]
WantedBy=multi-user.target
cat /etc/systemd/system/snap.certbot.renew.timer
[Unit]
# Auto-generated, DO NOT EDIT
Description=Timer renew for snap application certbot.renew
Requires=snap-certbot-652.mount
After=snap-certbot-652.mount
X-Snappy=yes
[Timer]
Unit=snap.certbot.renew.service
OnCalendar=*-*-* 03:47
OnCalendar=*-*-* 18:06
[Install]
WantedBy=timers.target
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot --version
certbot 1.9.0
3 Likes
system
Closed
November 26, 2020, 6:50pm
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.