Without details ( what your OS is, what client you are using etc.) I can’t provide details though - hence my answer is rather lacking in specifics and detal, as your question
Thanks for the response.
The DNS is pointing all to the same IP address.
I found out that some visitors are using just the domain without subdomain to visit our website.
So I changed apache conf to let also the traffic without domain thru.
That works except that the SSL certificate is not vallid in this case.
Yes. Can I change an existing certificate or do I have to create a new one?
You would register a “naked domain” (
example.com) the same way you you already registered the others. Just re-issue the cert and include
example.com as one of the SAN’s (subject alt names).
Thank yo all. I will renew the certificate
If you are using certbot then use the --expand option to expand the certificate to include the additional domain name.
Thanks for the tip! I will use the --expand option.
One more question I saw an example command in an other blog post with a naked domain.
It had a minus symbol before the name like -d -example.com
Do I have to put the minus symbol in front of the domainname?
no, not sure why it had that, If you can provide a link I’d be interested in seeing.
I tried to go thru the history of my browser to find that sample. But can’t find it anymore.
Anyway thanks for all the help.
As a reminder, currently in Certbot you need to list all of the domains (the old ones and the new one) when renewing this way. If you were to use only
-d example.com without mentioning the existing names, it wouldn’t work properly.
Using multiple -d hosts can associate multilple hosts with a single cert. Just leave off the www.example.com to generate a cert for the bare domain.
letsencrypt certonly --agree-tos --email=your-email --webroot -w /var/www/html -d example.com
Keep in mind, this can cause all manner of subtle problems depending on your Apache config + what terminal/final link your site uses (bare domain or www).
Also keep in mind, many tools + even some broken browsers will attempt prefetching www, if www has ever been referenced. This can also cause hard to debug problems.
Due to the bare domain + www complexities, most examples show bare domain + www using the same cert.
Unless you’re a Command Line Shell Savant, best use bare domain + www for your main site certs.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.