Choosing which names to activate HTTPS for?

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.ensignathletics.org

I ran this command:
sudo certbot --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?

1: ensignahtletics.org

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel):

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for ensignahtletics.org

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. ensignahtletics.org (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for ensignahtletics.org - check that a DNS record exists for this domain

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: ensignahtletics.org

Type: None

Detail: DNS problem: NXDOMAIN looking up A for ensignahtletics.org

  • check that a DNS record exists for this domain
    My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I dont know
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I am new to this and I have only certified one other website. that website had a subdoman but this one isn’t suppose to it should just be www.ensignathletics.org I am not sure if this is the problem or if something else is. Any help is great thank you

2

Hi @benharden99,

Certbot is getting the name options by parsing them out of your nginx configuration in /etc/nginx. This is separate from which names are or are not publicly visible as a DNS record. Remember that www.ensignathletics.org and ensignathletics.org are two separate names; if you want them both to work with HTTPS, they both need to be listed as DNS A records and also in your nginx configuration.

Also, it looks like there's a typo in the name in your nginx config because what Certbot found is ensignahtletics rather than ensignathletics. That's probably the biggest problem you're running into right now. (This typo might not stop the site from working in HTTP if it's the only site hosted on your server, but it's a problem for getting a certificate from Let's Encrypt.)

3

Thank you for your quick help. Let me see if I can fix that and get it to work.

4

Ok I fixed that typo and it got certified. however when I go to my website it still says not secure. I am using Google domains And I have set both www.ensignathletics.org and ensignathletics.org to forward to my IP address.

5

Your certificate only covers ensignathletics.org, not www.ensignathletics.org. Remember that these are separate names and should both be included on the certificate. As a result, https://ensignathletics.org/ works fine, but https://www.ensignathletics.org/ doesn’t.

6

So should i create another name in etc/nginx/sites-available called www.ensignathletics.org? and than certify that one the same as the other?

7

In nginx you can just list them separated by spaces on the same server_name line:

For example, if you have a block with a statement that looks like

server_name ensignathletics.org;

it should be changed to

server_name ensignathletics.org www.ensignathletics.org;

Then, when you run Certbot, it will offer you both names as options that can be included in a certificate. You can choose both at once and then a single certificate will be obtained that covers both of them (again assuming that the A records in the DNS for both of these names already point to your server).

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.