Completeley remove everything certbot including certificates and start again

I just tested the latest firefox browser, which does show the www, but the latest chrome browser does not

1 Like

Looks like wordpress is redirecting one of them:

curl -Iki http://www.floheating.co.uk/
HTTP/1.1 200 OK
Date: Tue, 12 Jan 2021 17:46:51 GMT
Server: Apache/2.4.41 (Ubuntu)
Link: <http://www.floheating.co.uk/wp-json/>; rel="https://api.w.org/"
Link: <http://www.floheating.co.uk/wp-json/wp/v2/pages/861>; rel="alternate"; type="application/json"
Link: <http://www.floheating.co.uk/>; rel=shortlink
Content-Type: text/html; charset=UTF-8

curl -Iki http://floheating.co.uk/
HTTP/1.1 301 Moved Permanently
Date: Tue, 12 Jan 2021 17:46:58 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Redirect-By: WordPress
Location: http://www.floheating.co.uk/
Content-Type: text/html; charset=UTF-8
3 Likes

I can find no problem.
Now to get you two certs.

What says:
certbot --version
certbot certificates

3 Likes

I checked that out, the only setting can find is set to www

1 Like

kes@wordpress:/etc/apache2/sites-enabled$ certbot --version
certbot 1.11.0

kes@wordpress:/etc/apache2/sites-enabled$ certbot certificates
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

kes@wordpress:/etc/apache2/sites-enabled$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: floheating.co.uk
Serial Number: 4119e05918cf6adf2c2fbcf25a4ea7fa9bf
Key Type: RSA
Domains: floheating.co.uk www.floheating.co.uk
Expiry Date: 2021-04-11 17:10:04+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/floheating.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/floheating.co.uk/privkey.pem


2 Likes

So far so good.
One cert with both names on it.
Let's see if we can get it installed.

Try:
certbot --apache
[and let's walk through the prompts]

3 Likes

If I can later get both non www and www versions of the site in one file at
/etc/apache2/sites-available
then will the cert we are about to produce work, or will I need a new one?

sudo certbot --apache

Type:
1,2 & enter

2 Likes

Thanks.

I got lots of errors after putting in 1,2.

I'm doing a write up now which is this. I will add to it over this evening and tomorrow morning as I get time, until it is complete. I will post a reply below to say it is complete, when I am finished the write up.

It seems https:// now works with www and without www entered into the browser, at least www shows up in the latest version of the firefox browser when entered. So I presume both now work ok.

I had to make quite a few changes including setting all the keys with the following octal permisions settings

cd /etc/letsencrypt/archive/floheating.co.uk; stat -c "%a %n" *
640 cert1.pem
640 chain1.pem
640 fullchain1.pem
640 privkey1.pem

The below line is what I used to set the permissions for all files to 640

chmod 640 -R *

I also had to change the file permisions on the below two shown directories

chmod 0755 /etc/letsencrypt/{live,archive}

The trapped loop previously shown here


stopped being shown when I cleared my browser cache and
changed the WordPress site general settings from
http://www.floheating.co.uk to httpS://www.floheating.co.uk

.. more to follow ..

1 Like

Yes, that's required if you want to test such things. Browsers use too much caching, so it's not really possible to check such things with a browser.

Online tools and command line tools -> no caching, every GET is new.

But checking all these urls with curl etc. is terrible :wink:

2 Likes