Certificate with www, but not without www


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://www.ifmerchandising.com.ar/

I ran this command: https://gethttpsforfree.com/

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: (mt) mediatemplet.net (or godady)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, my host provide the CSR code to use at https://gethttpsforfree.com/ and like a result import in my panel.

Use https://gethttpsforfree.com/ to create the let’s certificate with an initial CSR code that gives me (mt) but the final certificate only covers https://www.ifmerchandising.com.ar/ but not the https://ifmerchandising.com.ar/ or covers upside down.


#2

The CSR determines the names that end up on the certificate. You will need to either generate one that has all names you wish to cover included, or you will need to ask whoever provided this CSR for a new one with all names listed.


#3

thank you very much for your reply
I understand what you tell me but there is no way that the provider gives me that possibility. : (

Is there a possibility to get your own CSR that includes both addresses?


#4

Sure. But then you also need to send the key (that’s generated with that CSR) to your host… (And they might not like it)

Thank you


#5

The host provide 3 files.

private.key
san2.cnf
sslcert.csr

But I don´t understand like to get the CSR in step 2 of https://gethttpsforfree.com/


#6

Post the contents of these two files here (just not private.key).

They are safe to make public, and they will reveal how your host configured your CSR.


#7

san2.cnf

[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C=AR
ST=Buenos Aires
L=Ciudad Autónoma De Buenos Aires
O=Treinta Sillas
OU=Testing Domain
emailAddress= leo.spinetto@gmail.com
CN = www.treintasillas.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = treintasillas.com
DNS.2 = www.treintasillas.com


sslcert.csr

-----BEGIN CERTIFICATE REQUEST-----
MIIDVjCCAj4CAQAwgcoxCzAJBgNVBAYTAkFSMRUwEwYDVQQIDAxCdWVub3MgQWly
ZXMxKzApBgNVBAcMIkNpdWRhZCBBdXTDg8Kzbm9tYSBEZSBCdWVub3MgQWlyZXMx
FzAVBgNVBAoMDlRyZWludGEgU2lsbGFzMRcwFQYDVQQLDA5UZXN0aW5nIERvbWFp
bjElMCMGCSqGSIb3DQEJARYWbGVvLnNwaW5ldHRvQGdtYWlsLmNvbTEeMBwGA1UE
AwwVd3d3LnRyZWludGFzaWxsYXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAyEn/0iNOFAfotRHfaPjhdBtyux9iE6Lw4ZtIsb/0Qdx/AzEXT6En
4S0sNY1ghuqt0988R2aKPI8tuVjpMqEyIOczKeZSfywQ/Y+5EQS9K4ShBRJ/3/Ee
UbzmktyvpaAaAVdT3v+YKa+EGtGEgTpncL57ZDpURR/FWqs5evjelOlLFUAjly/C
GtqPOe1XCb4kpqubQ/b8fXZaDvQCH38uStGBpVWH/I/SLNsGxmofJwXFvMByg+Ww
3Exu/yMEXAlU395RftoF9+eUyFwjjoanY9ohvvzPvgjIUlixHpOs0emxauK3ybU9
NOu82W0FpC2C15ifvbP2h6WbLruAVdp6jQIDAQABoEYwRAYJKoZIhvcNAQkOMTcw
NTAzBgNVHREELDAqghF0cmVpbnRhc2lsbGFzLmNvbYIVd3d3LnRyZWludGFzaWxs
YXMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQA9LbDrvFUaugKaTUvDjmDCyk2PLu1y
OeFrIXwnnbPIVJ71zqX+Vypim23zor/Iga/o1QEJk3Yu/zn/Nt0Jf8feQVXVQ449
edddADlu9gYE2fthHlFlF+zBwepN5Dn8eLcqcKTldaVOSGNAYd9w2Nmh/hErzLYV
q9fyEjciskxbmqN0mDId+Wd2wkeodS6Zncrg1QNHADPSswvLhMK6EXmDDgullt+p
ympWX9cNBn2x7JQGxHquHx5i9o2A++w7sS8nMyzI3urmbBREGKkULtCd7GaKCJ1A
KMR5fg4dI4Dj0C69zcaddX9EdyEMXQr8J0ipaQU3mngf6BjJURedOU2W
-----END CERTIFICATE REQUEST-----


#8

Right, OK. So that CSR is for a completely different domain (treintasillas.com, www.treintasillas.com) to the one you’re talking about (ifmerchandising.com.ar,www.ifmerchandising.com.ar).

Perhaps you can ask your host to send you a similar CSR for your other domain.

It is possible to generate it yourself if you have openssl installed locally, but it can be a little tricky.


#9

no, no, sorry thanks for your comments.

The problem that I have, I have it with all the domains even with the one of treintasillas.com


#10

If you use that sslcert.csr as the CSR for gethttpsforfree.com, it WILL generate a certificate that covers both (www and www-less) domains.

As far as I can tell, you have not done that.


#11

mmm do you believe it?

I’m going to try it then, but it will probably work only for treintasillas.com

Many thanks.


#12

Yes. To know whether you’re doing it right, BOTH domains should appear in Step 4, like in this screenshot: https://screenshots.firefox.com/DGk2encs2nAaGMkQ/gethttpsforfree.com

By the way, if you find that site too user-unfriendly, you can also try https://zerossl.com/free-ssl/#crt , which does the same thing in a “prettier” way.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.