Certs for 'www'?

My domain is: beehaw.org

I entered this URI: https://www.beehaw.org

It produced this output:

Warning: Potential Security Risk Ahead

I have certificates. If you visit https://beehaw.org, then this isn't an issue.

My web server is (include version):

nginx/1.18.0

The operating system my web server runs on is (include version):

Ubuntu 20.04 LTS

My hosting provider, if applicable, is:

Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

No

they are two names and they are different. you have to include both when you make your certificate.

for example. certbot -d example.com -d www.example.com

4 Likes

OK. Thanks.

1 Like

It seems now you've issued a certificate just for the www subdomain:

While it's perfectly possible to have a single certificate for the apex domain beehaw.org and have another certificate with just the www subdomain for www.beehaw.org, this is not necessary. In fact, it's doubling the amount of certificates issued. Think about when everybody would do that! Then Let's Encrypt would possibly have to issue a million certificates per day more, compared to the 2,5 million certs it issues daily!

@9peppe perfectly explained to you to run certbot with two hostnames as option, so I don't really understand why you went for just the single hostname for a new certificate so you ended up with two certs...

3 Likes

Because I have a custom nginx.conf file that I didn't want to overwrite.

I fail to see the relationship between a custom nginx.conf and having two hostnames in a single certificate. You can use that single certificate at separate points in your nginx.conf if necessary.

3 Likes

OK. So, what command should I run? Something like:

certbot -d beehaw.org -d www.beehaw.org --nginx

???

If you previously also used the --nginx plugin, that probably should work, yes. Always a good idea to backup your nginx configuration files first before letting a software application modify it.

The --nginx plugin should be smart enough to recognise the places the certificate should be used. Although you say the configuration is custom, so YMMV. At least worth a try I believe. Having just a single certificate makes so much more sense :slight_smile:

3 Likes

I ran that command and got this:

Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] unknown directive "if($host" in /etc/nginx/sites-enabled/lemmy.conf:27
nginx: configuration file /etc/nginx/nginx.conf test failed
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] unknown directive "if($host" in /etc/nginx/sites-enabled/lemmy.conf:27\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

Did you previously also use --nginx?

3 Likes

I cannot remember.

But you got a certificate for your www subdomain just a few moments ago, right? You can't remember how you did that?

3 Likes

I got the WWW cert without the -nginx flag, yes.

Soooooo, what command did you use for that then?

3 Likes

certbot -d www.beehaw.org

And then Certbot probably asked you a few questions.. What did you answer?

3 Likes

No questions

Weird..

And certbot -d beehaw.org -d www.beehaw.org didn't work?

2 Likes

It didn't work with the --nginx flag, no.

Where do you see a --nginx option in the command I just suggested? I don't see it. (And no, I did not just sneaky edit it away..)

3 Likes