Domain redirects to another domain after installing letsencrypt

tharindu · October 13, 2018, 7:03am

Hi,

I’m having an issue. I have two domains in my server and I installed Let’s Encrypt SSL for both domains. First domain works fine without any issue at all. But the second domain redirects to the first domain.

1st domain I installed let’s encrypt is : stackpartner.com
2nd domain is : wpsnappy.com

If you run a SSL check on wpsnappy.com it shows me the stackpartner.com in the applied domain section. I followed certbot guide.

Can someone help me with this because I have no idea where I screwed up things.

My domains are:

stackpartner.com and wpsnappy.com

I ran this command to generate the certificates:

sudo certbot --manual -d "*.stackpartner.com" -d stackpartner.com --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 certonly
sudo certbot --manual -d "*.wpsnappy.com" -d wpsnappy.com --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 certonly

It produced this output:

My web server is (include version):

Nginx - 1.15.5

The operating system my web server runs on is (include version):

Ubuntu 18.04

My hosting provider, if applicable, is:

DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

Thanks

stevenzhu · October 13, 2018, 7:09am

Hi,

The form you omitted upon the thread creation request useful information and would reduce the time spend between responses

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Thank you

tharindu · October 13, 2018, 7:18am

@stevenzhu I have edited the question to include the default template.

Thanks

JuergenAuer · October 13, 2018, 8:47am

Hi @tharindu

I can't find a redirect.

The http of wpsnappy.com goes to https:

D:\temp>download http://wpsnappy.com/ -h
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
Content-Length: 162
Content-Type: text/html
Date: Sat, 13 Oct 2018 08:40:41 GMT
Location: https://www.wpsnappy.com/
Server: nginx

Status: 301 MovedPermanently

306,48 milliseconds
0,31 seconds

The https sends a http-status 200:

D:\temp>download https://wpsnappy.com/ -h
SSL-Zertifikat is valide
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: https://www.stackpartner.com/wp-json/; rel="https://api.w.org/"
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Cache: EXPIRED
Content-Type: text/html; charset=UTF-8
Date: Sat, 13 Oct 2018 08:40:46 GMT
Server: nginx

Status: 200 OK

799,64 milliseconds
0,80 seconds

The certificate is correct.

One thing may be confusing: You don't have two certificates. You have one certificate with four domain names.

DNS-Name: *.stackpartner.com
DNS-Name: *.wpsnappy.com
DNS-Name: stackpartner.com
DNS-Name: wpsnappy.com

And this certificate has *.stackpartner.com as domain name, so it may look wrong. But it isn't wrong. And this is not a redirect.

So I don't see a problem.

tharindu · October 13, 2018, 9:02am

Hi @JuergenAuer,

Yes, I deleted all the certificates those which were generated previously and created a one certificate using this command,

sudo certbot --manual --expand -d *.stackpartner.com -d stackpartner.com -d *.wpsnappy.com -d wpsnappy.com --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns-01 certonly

However the homepage doesn’t redirect but when I enter the admin url which is https://www.wpsnappy.com/wp-admin is redirects to https://www.stackpartner.com/wp-admin.

Sometimes I might be wrong to think that letsencrypt caused this at all. May be it’s nginx or something. I will have to take a deeper look into that.

However I have another question. Is it okay to generate SSL for let’s say 4 domains at once? What’s the difference between generating individual certificates and generating one for all? Is there any SEO disadvantage if I use the same certificate for all domains?

Thanks

JuergenAuer · October 13, 2018, 9:32am

Yes, there is a redirect to the login-page, but then a "back-redirect" to wpsnappy.com.

D:\temp>download https://www.wpsnappy.com/wp-admin/ -h
SSL-Zertifikat is valide
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Cache: BYPASS
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Date: Sat, 13 Oct 2018 09:21:12 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Location: https://www.stackpartner.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.wpsnappy.com%2Fwp-admin%2F&reauth=1
Server: nginx

Status: 302 Redirect

583,44 milliseconds
0,58 seconds

But this is a configuration of your Wordpress. And it's possible (I don't use Wordpress, so it's speculative) that WordPress allows only one login, not two. So it may be impossible to remove this redirect.

This isn't a problem. You can create one certificate with max. 100 domain names. If you have a lot of domains / subdomains on the same server, it may be easier to have only one certificate.

And this isn't SEO relevant. It's important that you have a valide certificate (you have) and no mixed content warnings. The different CommonName (CN=*.stackpartner.com) isn't a problem.

If you have a lot of customers, each with their own domain / subdomain, I prefer to create different certificates. Because some customers don't want to be listet public (in the certificate used by another customer), a single Certificate with all customer names shows them. But if you are owner of all domains, this isn't so relevant.

tharindu · October 13, 2018, 12:09pm

Hi @JuergenAuer,

Thank you for helping me with that. If it wasn’t for you I wouldn’t have identified where the root was at all. By the way I figured out where the issue was taken place. It caused by redis (using the same prefixed database by both websites).

I added the cache key and now everything as I expected.

I have regenerated all the certificates now.

Thank you

system · November 12, 2018, 12:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.