Https certificate not working with www


#1

My domain is: doctowait.fr

I ran this command: my webserver is hosted on Amazon EC2 (Amazon Linux 2) and I used this procedure to get my certificate (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt)

I’ve put both doctowait.fr and www.doctowait.fr in my httpd.conf file and I had both lines here

Which names would you like to activate HTTPS for? 
------------------------------------------------------------------------------- 
1: doctowait.fr
2: www.doctowait.fr
------------------------------------------------------------------------------- 
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):

And I had this message at the end

Congratulations! You have successfully enabled https://example.com and
https://www.example.com

My /etc/httpd/conf/httpd-le-ssl.conf file looks like this.

<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName "doctowait.fr"
ServerAlias "www.doctowait.fr"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doctowait.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doctowait.fr/privkey.pem
</VirtualHost>
</IfModule>

So I don’t understand why I can access my website through doctowait.fr and can’t through www.doctowait.fr.

If you have any idea :slight_smile:


#2

Hi @schtipoun,

I’ve no problem to access your site:

imagen

And your certificate issued on 11/11 is covering both domains with and without www:

Maybe it is a browser’s cache problem…

Cheers,
sahsanu


#3

:hushed:

And you entered www.doctowait.fr ?


#4

Yes, I entered www.doctowait.fr :wink:


#5

Hi @schtipoun

additional: I see no problem with your certificates. www and non-www are correct.

The only thing:

You have 3 versions with https + 200. So your redirect http+www -> https+www should have a /.

And you should have a preferred version (www or non-www) and a redirect non-preferred -> preferred).


#6

Alright, cool.
I’m automatically redirected to https://doctowait.fr when I enter www.doctowait.fr (so I never see https://www.doctowait.fr in the URL bar of my browser).
But you might be right about browser’s cache problem.

Thanks for replying so quick :+1:t3:


#7

Thanks for your additional information.

What I want is for the user to see https://www.doctowait.fr on the URL bar when they browse my website.
So I need to check my web redirection.

Which tool did you use to have all the versions?


#8

This is my own tool. Created in the last weeks because of the questions in this forum. It’s not possible to check such redirects with a browser, because the browser caches 301 - redirects. But checking 4 - 6 urls manual (offline) isn’t good.

First correct your basic redirects http/domain -> https/domain, not a domain change.

Then add a https redirect non-www -> www.


#9

Alright, thanks for this information :slight_smile:


#10

I don’t know what the DNS records were like a few minutes ago, but right now www.doctowait.fr is a CNAME to doctowait.fr, and doctowait.fr has no A or AAAA records. :confused:


#11

@mnordhoff, my cached dns shows this:

$ dig www.doctowait.fr +short
doctowait.fr.
35.180.161.80

$ dig doctowait.fr +short
35.180.161.80

But you are right, right now the A record for doctowait.fr has gone…

$ dig @a.root-servers.net doctowait.fr  +trace +nodns 

; <<>> DiG 9.11.1 <<>> @a.root-servers.net doctowait.fr +trace +nodns
; (2 servers found)
;; global options: +cmd
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.
;; Received 811 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 12 ms

fr.                     172800  IN      NS      d.ext.nic.fr.
fr.                     172800  IN      NS      d.nic.fr.
fr.                     172800  IN      NS      e.ext.nic.fr.
fr.                     172800  IN      NS      f.ext.nic.fr.
fr.                     172800  IN      NS      g.ext.nic.fr.
;; Received 349 bytes from 199.7.83.42#53(l.root-servers.net) in 33 ms

doctowait.fr.           172800  IN      NS      ns-162-c.gandi.net.
doctowait.fr.           172800  IN      NS      ns-181-a.gandi.net.
doctowait.fr.           172800  IN      NS      ns-139-b.gandi.net.
;; Received 147 bytes from 193.176.144.22#53(e.ext.nic.fr) in 13 ms

doctowait.fr.           10800   IN      SOA     ns1.gandi.net. hostmaster.gandi.net. 1542276262 10800 3600 604800 10800
;; Received 101 bytes from 2604:3400:aaac::a3#53(ns-162-c.gandi.net) in 22 ms

@schtipoun Did you modify your DNS records?.

Cheers,
sahsanu


#12

Yes, I did redirect all the traffic coming from *.doctowait.fr to https://www.doctowait.fr/ but it looks like I did something wrong :confused:


#13

Redirect how? What DNS Records do you have now in Gandi’s control panel?


#14

Redirects are a thing of your webserver configuration, not your dns settings.

Check your ReWrite - rules of your vHosts.


#15

I have this on Gandi. If I put https://www.doctowait.fr instead of https://doctowait.fr in the redirection, it doesn’t work.
I’m kinda confused on what I should do on Gandi and on my webserver.


#16

Ok, I’ll check that on an another website of mine.
I’ve done it well on that time but forgot since ^^


#17

Hi @schtipoun,

Once you fix your dns issue…

http redirections are fine, all of them redirect to https://www.doctowait.fr and if you want to redirect also https://doctowait.fr to https://www.doctowait.fr you should edit the file /etc/httpd/conf/httpd-le-ssl.conf so it looks like this:

<IfModule mod_ssl.c>

<VirtualHost *:443>
ServerName "doctowait.fr"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doctowait.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doctowait.fr/privkey.pem
Redirect permanent / https://www.doctowait.fr/
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName "www.doctowait.fr"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/doctowait.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/doctowait.fr/privkey.pem
</VirtualHost>

</IfModule>

Cheers,
sahsanu


#18

Thanks for your advices.

I’ve changed the settings accordingly.
Now, anything you enter (doctowait.fr, www.doctowait.fr, etc.) redirects to https://www.doctowait.fr so that’s great.
But, the URL is unreachable.
I can access the website by its IP address but not by https.
My A record is still in the Gandi DNS.
I’m sure it’s something stupid but I can’t find it :confused:


#19

I’ve used JuergenAuer’s tool (https://check-your-website.server-daten.de/?q=doctowait.fr) and the result is really strange.


#20

Looks only like a caching problem. I use the normal dns server of the datacenter.