Https certificate not working with www

My domain is: doctowait.fr

I ran this command: my webserver is hosted on Amazon EC2 (Amazon Linux 2) and I used this procedure to get my certificate (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt)

I’ve put both doctowait.fr and www.doctowait.fr in my httpd.conf file and I had both lines here

Which names would you like to activate HTTPS for? 
------------------------------------------------------------------------------- 
1: doctowait.fr
2: www.doctowait.fr
------------------------------------------------------------------------------- 
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):

And I had this message at the end

Congratulations! You have successfully enabled https://example.com and
https://www.example.com

My /etc/httpd/conf/httpd-le-ssl.conf file looks like this.

<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName "doctowait.fr"
ServerAlias "www.doctowait.fr"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doctowait.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doctowait.fr/privkey.pem
</VirtualHost>
</IfModule>

So I don’t understand why I can access my website through doctowait.fr and can’t through www.doctowait.fr.

If you have any idea

Hi @schtipoun,

I’ve no problem to access your site:

And your certificate issued on 11/11 is covering both domains with and without www:

imagen.png1245×782 49.7 KB

Maybe it is a browser’s cache problem…

Cheers,
sahsanu

And you entered www.doctowait.fr ?

Yes, I entered www.doctowait.fr

Hi @schtipoun

additional: I see no problem with your certificates. www and non-www are correct.

The only thing:

You have 3 versions with https + 200. So your redirect http+www -> https+www should have a /.

And you should have a preferred version (www or non-www) and a redirect non-preferred -> preferred).

Alright, cool.
I’m automatically redirected to https://doctowait.fr when I enter www.doctowait.fr (so I never see https://www.doctowait.fr in the URL bar of my browser).
But you might be right about browser’s cache problem.

Thanks for replying so quick

Thanks for your additional information.

What I want is for the user to see https://www.doctowait.fr on the URL bar when they browse my website.
So I need to check my web redirection.

Which tool did you use to have all the versions?

This is my own tool. Created in the last weeks because of the questions in this forum. It's not possible to check such redirects with a browser, because the browser caches 301 - redirects. But checking 4 - 6 urls manual (offline) isn't good.

First correct your basic redirects http/domain -> https/domain, not a domain change.

Then add a https redirect non-www -> www.

Alright, thanks for this information

I don’t know what the DNS records were like a few minutes ago, but right now www.doctowait.fr is a CNAME to doctowait.fr, and doctowait.fr has no A or AAAA records.

@mnordhoff, my cached dns shows this:

$ dig www.doctowait.fr +short
doctowait.fr.
35.180.161.80

$ dig doctowait.fr +short
35.180.161.80

But you are right, right now the A record for doctowait.fr has gone…

$ dig @a.root-servers.net doctowait.fr  +trace +nodns 

; <<>> DiG 9.11.1 <<>> @a.root-servers.net doctowait.fr +trace +nodns
; (2 servers found)
;; global options: +cmd
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.
;; Received 811 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 12 ms

fr.                     172800  IN      NS      d.ext.nic.fr.
fr.                     172800  IN      NS      d.nic.fr.
fr.                     172800  IN      NS      e.ext.nic.fr.
fr.                     172800  IN      NS      f.ext.nic.fr.
fr.                     172800  IN      NS      g.ext.nic.fr.
;; Received 349 bytes from 199.7.83.42#53(l.root-servers.net) in 33 ms

doctowait.fr.           172800  IN      NS      ns-162-c.gandi.net.
doctowait.fr.           172800  IN      NS      ns-181-a.gandi.net.
doctowait.fr.           172800  IN      NS      ns-139-b.gandi.net.
;; Received 147 bytes from 193.176.144.22#53(e.ext.nic.fr) in 13 ms

doctowait.fr.           10800   IN      SOA     ns1.gandi.net. hostmaster.gandi.net. 1542276262 10800 3600 604800 10800
;; Received 101 bytes from 2604:3400:aaac::a3#53(ns-162-c.gandi.net) in 22 ms

@schtipoun Did you modify your DNS records?.

Cheers,
sahsanu

Yes, I did redirect all the traffic coming from *.doctowait.fr to https://www.doctowait.fr/ but it looks like I did something wrong

Redirect how? What DNS Records do you have now in Gandi’s control panel?

Redirects are a thing of your webserver configuration, not your dns settings.

Check your ReWrite - rules of your vHosts.

Capture d’écran 2018-11-15 à 11.38.14.png1836×146 16.8 KB

I have this on Gandi. If I put https://www.doctowait.fr instead of https://doctowait.fr in the redirection, it doesn’t work.
I’m kinda confused on what I should do on Gandi and on my webserver.

Ok, I’ll check that on an another website of mine.
I’ve done it well on that time but forgot since ^^

Hi @schtipoun,

Once you fix your dns issue...

http redirections are fine, all of them redirect to https://www.doctowait.fr and if you want to redirect also https://doctowait.fr to https://www.doctowait.fr you should edit the file /etc/httpd/conf/httpd-le-ssl.conf so it looks like this:

<IfModule mod_ssl.c>

<VirtualHost *:443>
ServerName "doctowait.fr"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doctowait.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doctowait.fr/privkey.pem
Redirect permanent / https://www.doctowait.fr/
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName "www.doctowait.fr"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doctowait.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doctowait.fr/privkey.pem
</VirtualHost>

</IfModule>

Cheers,
sahsanu

Thanks for your advices.

I’ve changed the settings accordingly.
Now, anything you enter (doctowait.fr, www.doctowait.fr, etc.) redirects to https://www.doctowait.fr so that’s great.
But, the URL is unreachable.
I can access the website by its IP address but not by https.
My A record is still in the Gandi DNS.
I’m sure it’s something stupid but I can’t find it

I’ve used JuergenAuer’s tool (https://check-your-website.server-daten.de/?q=doctowait.fr) and the result is really strange.

Capture d’écran 2018-11-15 à 16.28.44.png2000×276 54 KB

Looks only like a caching problem. I use the normal dns server of the datacenter.