Greenlock-express - naked (non-www) domain still has "fake certificate"

Hi there,

I’m using greenlock-express for node/express. I have set it up almost identically to how it is set up under “Usage” here (except I have opts.domains set to an array of domains.

When I first ran the app in staging mode (and also my first run in production mode), I only had my www domain in the array of opts.domains. I then had issues accessing my site when typing mydomain.com (versus www.mydomain.com). All browsers were (and still are) saying that the certificate is untrusted. HOWEVER, when I access www.mydomain.com, everything works fine - we have a green lock. When I access the naked (non-www) domain (mydomain.com), I notice that the certificate is “Fake LE Intermediate X1”.

Note that NOW, in the setup as per the above link, I have included both www and non-www versions of my domain in the opts.domains array: opts.domains = [‘www.mydomain.com’, ‘mydomain.com’]. This, however, hasn’t changed my results when trying to access my site via the non-www URL.

I have already tried to redirect the naked/non-www URL to the www URL using GoDaddy. This temporarily worked and then resulted in a forwarding loop. I also have tried using Express middleware to redirect all naked domain requests to their www counterpart; however the app is initially accessed at the naked domain, and so the browser sends the alert that the site is insecure and - if you proceed - you then get to the www version which is secure.

Any help would be hugely appreciated! Been banging my head against the wall.

Please show the configuration files for :80 and :443

hi @ec123

I suspect that you are using the staging server

From the code snippet in your link

var lex = require(‘greenlock-express’).create({
// set to https://acme-v01.api.letsencrypt.org/directory in production
server: ‘staging’

Andrei

Hi @rg305 and @ahaw021,

I was using the correct server for production (sorry that I neglected to mention that). I restarted my server today, and, lo and behold, a certificate was generated (I think) for the naked domain as well. It is now working exactly as expected. Perhaps this was due to my running it in production for the first time with just the www domain in opts.domains, before then also adding the naked domain.

It appears to be all good now.

Thanks :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.