Getting ssl for for domain in caddy . www.valleyforge.com valleyforge.com

barber007 · January 11, 2023, 4:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.valleyforge.com

I ran this command:

It produced this output:

My web server is (include version):caddy

The operating system my web server runs on is (include version): ubuntu 22

My hosting provider, if applicable, is:digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

barber007 · January 11, 2023, 4:41pm

so i want valleyforge.com to automatic https to https www.valleyforge.com i am using caddy server from hatchbox they provide auto ssl on 1 domain but not subdomain

Bruce5051 · January 11, 2023, 4:46pm

Hello @barber007, welcome to the Let's Encrypt community.

Using this online tool https://crt.sh/ here is a list of issued certificates crt.sh | www.valleyforge.com, the latest being 2023-01-03 from C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA
and the one before that was on 2022-12-30 from Let's Encrypt.

Using this online tool SSL Server Test (Powered by Qualys SSL Labs) has these results SSL Server Test: www.valleyforge.com (Powered by Qualys SSL Labs)

Using this online tool https://www.hardenize.com/ show an issue with http results are here Hardenize Report: valleyforge.com

rg305 · January 11, 2023, 5:26pm

There's something wrong with your web server:

curl -Ii https://valleyforge.com/
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

curl -Ii https://www.valleyforge.com/
HTTP/2 200
...

curl -Iik https://167.172.26.204/
HTTP/2 200
...

Even the IP address "works".
But the base domain fails hard.

rg305 · January 11, 2023, 6:06pm

I see that has been corrected:

curl -Ii https://valleyforge.com/
HTTP/2 200
...

Although it still doesn't redirect to "www".

Bruce5051 · January 11, 2023, 6:22pm

I am seeing an A for both, they each have their own certificate.
https://www.ssllabs.com/ssltest/analyze.html?d=valleyforge.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.valleyforge.com

mcpherrinm · January 11, 2023, 6:33pm

I think this is what caddy does if you request a domain that doesn't have a certificate issues.

mcpherrinm · January 11, 2023, 6:36pm

It looks like http://valleyforge.com and http://www.valleyforge.com both redirect to https, and both have valid certificates. Is your problem resolved now?

rg305 · January 11, 2023, 9:14pm

Individually...
But the desire was:

[for all to end-up @ https://www...]

mholt · January 13, 2023, 5:23am

Should just be:

www.valleyforge.com {
    ...
}

valleyforge.com {
    redir https://www.valleyforge.com{uri}
}

What is your Caddy config?

system · February 12, 2023, 5:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.