Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA, that's it

You probably want both names to redirect to the same destination, right? In that case, leave the ServerAlias as is.

I edited that question to make it longer, please reply to second part as well. Thank you.

In the default settings.php the paragraph is commented with /* ... */ and the $base_url line is commented with a # at the start of the line - if that’s what yours looks like, you can just remove the #

Otherwise you can copy just that line to another part of the file.

EDIT:

It looks like this:

/**
 * Base URL (optional).
 *
 * If Drupal is generating incorrect URLs on your site, which could
 * be in HTML headers (links to CSS and JS files) or visible links on pages
 * (such as in menus), uncomment the Base URL statement below (remove the
 * leading hash sign) and fill in the absolute URL to your Drupal installation.
 *
 * You might also want to force users to use a given domain.
 * See the .htaccess file for more information.
 *
 * Examples:
 *   $base_url = 'http://www.example.com';
 *   $base_url = 'http://www.example.com:8888';
 *   $base_url = 'http://www.example.com/drupal';
 *   $base_url = 'https://www.example.com:8888/drupal';
 *
 * It is not allowed to have a trailing slash; Drupal will add it
 * for you.
 */
# $base_url = 'http://www.example.com';  // NO trailing slash!

so you just remove the # from the start of that very last line and edit it.

$base_url = ‘http://demoflorida/com’
line already uncommented, so I should just add the “s” there, nothing else, right?

Assuming it already contains the correct http:// URL, then yes, just add the ‘s’.

Understood, and how do I force the server to serve https?
whynopadlock has some suggestions, should I follow them?
maybe editing the virtual host will do the trick, right?

Editing the virtual host (and then reloading apache) should do the trick. If it doesn’t, let us know :slight_smile:

SUCCESS!! Now that I know how to do it, I have 2 questions:

  1. Command to renew cert automatically
  2. I have another site to install cert, how do that: run command certbot again? or certbot-auto?
    Thank you so much for sticking with me all the way and guiding me to the desired result.

You'll want to add something like this to your crontab (eg. via sudo crontab -e):

12 3,15 * * * /root/certbot-auto renew

You can change the numbers if you want, just pick any random number from 0-59 for the first and two from 0-23 for the second. If you prefer to use /etc/crontab, remember to add the username root after the last *.

What command worked for you in the end, to get the certificate? If you used something like ~/certbot-auto --apache, the above should be all you need to renew automatically; if you used something like ~/certbot-auto certonly ... then you might need to make some other changes.

Yep, run certbot-auto again. As long as you have an existing <VirtualHost *:80> for the new site, it should be able to figure out what to do, and the single cron job should be enough to auto-renew both certificates.

Here’s another question, I don’t know how to add stuff to a crontab.

I did not use cert only, just ./certbot-auto

  By the way, modifying settings in settings .pho by adding an "s" was straightforward, also adding a line to the virtual host was easy, then apache2ctl graceful and apache2ctl configtest.

Thank you very much,

Don’t bother answering about crontab, I just read a tut and think i will be able to handle it, thank anyway.
Willl post here if I get stuck

0 0 1 * * /certbot-auto renew
2 questions about this syntax:

  1. You certainly know that root is simply / and that /root/ is a folder under root.
    Certbot-auto was installed under root, I recently installed SSL in another website and invoked it under /. Both these websites passed whynopadlock with flying colors, except for TLS1, but that is the matter of a different thread.
  2. It is not necessary to add --all at the end?
    I believe this crontab means renew cert on the first day of the month at midnight, regardless of day of week and year.
    I all this correct?

It's not customary to install any software directly in the root directory on a Unix system, but if that's where you happen to have installed it, that's where you do have to refer to it in your crontab.

Nope, there's no such option as --all. certbot renew always considers renewing all of your Certbot-managed certificates.

https://certbot.eff.org/docs/using.html?highlight=renew#renewing-certificates

This seems to be based on the assumption that certbot renew always renews all of your certificates, but in fact it only renews those certificates that are less than 30 days from expiry. We recommend running it once or twice per day, every day, not just every month. (Running it so infrequently increases the chance of renewal failures due to temporary network outages or server reboots and makes the consequences of a missed or failed renewal greater.) It will attempt to start renewing each individual certificate as soon as that certificate is 30 days away from expiry, which also gives more time to notice and take corrective action if something goes wrong.

While your description of the frequency with which the crontab line you posted runs the renew command is correct, we would instead recommend something more like what @jmorahan mentioned above because this will check multiple times per day instead of only once per month.

Maybe it would have been clearer to people if we had called this certbot renew-if-necessary or certbot renew-expiring instead of simply certbot renew. (The command that forces immediate renewal of all certificates regardless of their age is now called certbot renew --force-renewal, but it's normally not recommended to use this particularly because it's more likely to run into Let's Encrypt issuance rate limits.)

I don’t know if the crontab will work as I wrote it because when I invoke certbot-auto from root it replies “unrecognized command”.

  Only ./certbot-auto works, so I think I have to add that to the command in crontab, right?

./ means the current directory. The current directory for cron isn't likely to be the same as the current directory for your login shell. You can run pwd to find out the explicit path of the curent directory in your shell, and then specify that in crontab.

root@asr-2:~# which cron
/usr/sbin/cron
root@asr-2:~# which crontab
/usr/bin/crontab
root@asr-2:~#
root@asr-2:~# which certbot-auto
root@asr-2:~#

I am totally confused about the crontab command, not the scheduling, which I can easily get from crontab.guru, I will correct that according to recommendations, but what comes after it, I cannot see where certbot is installed, I only know that certbot-auto.asc is under /but I don’t know where certbot-auto installed to invoke it with cron. I run ./certbot-auto from / and it works so can I assume that that is where it is installed, right?
What do you recommend?
root@asr-2:~# pwd
/root
root@asr-2:~#
So I guess that what jmorahan wrote above is correct

Just try

ls /certbot-auto /root/certbot-auto

to double-check.

root@asr-2:~# ls certbot-auto /root/certbot-auto
certbot-auto /root/certbot-auto

SUCCESS!

You missed the leading / there, but in any case that suggests that you should use /root/certbot-auto in your crontab entry.

1 * 2,15 * * /root/certbot-auto renew
how about this one?