Do not certificate for both www and without www


#1

Greetings,

I ran into a problem with the let’s encrypt certificate, its working fine for the www and it autorenew flawless (this 31/12/2018) but we just notice it that without www, it do not work, this problem could be running from the start, 4 months ago but we just notice it.

There is any way to recertificate for both?

My domain is: cloudworldwideservices.com

My web server is (include version):WordPress 5.0.2

The operating system my web server runs on is (include version): Ubuntu 12.04-x86_64

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): wp-admin and shell


#2

Hi @JavierF

that’s the problem using only a browser. Browsers cache good 301 redirects, so the user doesn’t see some sites.

Your redirects are good, but your certificate

CN=www.cloudworldwideservices.com
	31.12.2018
	01.04.2019
	www.cloudworldwideservices.com - 1 entry

has only one domain name. Create one certificate with two domain names - cloudworldwideservices.com + www.cloudworldwideservices.com.

If you use certbot, then --d www.cloudworldwideservices.com --d cloudworldwideservices.com should work.


#3

Thanks for the reply Juergen

this was the input:
certbot --d www.cloudworldwideservices.com --d cloudworldwideservices.com

And this the output

certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: ambiguous option: --d could match --dns-route53, --dns-sakuraclo ud, --delete-after-revoke, --domains, --duplicate, --dns-digitalocean, --dns-ovh , --dns-dnsimple, --disable-renew-updates, --domain, --debug, --dns-google, --di sable-hook-validation, --debug-challenges, --deploy-hook, --dns-gehirn, --dialog , --dns-dnsmadeeasy, --dns-cloudflare, --dns-nsone, --dry-run, --dns-linode, --d ns-rfc2136, --dns-cloudxns, --dns-luadns

Seems it do not recognice the --d as correct, im a bit new with certbot so im sure i did something wrong


#4

You have to add your other commands.

There was no information in your topic how you have created the certificate.

So do the same - but with the additional domain.


#5

It should be -d with one hyphen instead of two :slight_smile:


#6

Yep, sorry - now I’ve reread the doc: --domain or -d


#7

Thanks for the replies again,

Yes , with that the command worked but with this error

[Errno 13] Perminision Denied: ‘/var/log/letsencrypt/.certbot.lock’

As for the way we implemented letsencrypt the first time it was with the documentation on the bitnami web https://docs.bitnami.com/aws/how-to/get-started-wordpress-aws-marketplace-intermediate/ if i remember correctly, but was some months ago and the one that did it is no longer on the company


#8

Doesn’t your wp-admin offer options to manage the certificate?

If there is such a management system, using certbot direct is the wrong way.


#9

When i try to modify something in it gave me this error.

Could not create directory /opt/bitnami/apps/wordpress/letsencrypt/live . Please check your filesystem permissions.


#10

there is any way to recreate the certificate part without have to recreate the whole server?


#11

How did you created your certificates? It was my speculation that you have used certbot.

Use the same method - but there should be an option to add the non-www-version.


#12

Thats the root of the problem, i didnt create it and i do not know the method, since the person who did it is no longer around and he dont document anything, i created it on other servers and i do not have problems to mess with them, recertificate, modify etc, but with this one, im a bit lost


#13

Upps, stupid question: Do you run Certbot as root? If not, this may be the problem.


#14

Yeah was run as a root, anyway, there was so much investigation just to know how that was setup, so i just move the content to a new one an used Lego to recertificate and setup the renew, everthing is running smooth now, and is certificate for both with and without www.

Thx for the support and sorry for the time lost.


#15

Also, i left everything documented on our Knowledge base, hahahaha

pd: even the support find here


closed #16

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.