My domain is: www.aspire-learning.com
I ran this command: /certbot-auto certonly /// /certbot-auto nginx
It produced this output: [Everything here is OK]
My operating system is (include version): CentOS 6
My web server is (include version): CentOS 6 + nginx
My hosting provider, if applicable, is: private VPS
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Wordpress (installed, not the host)
Details:
I used the certbot-auto on my CentOS server to create an SSL for my domain. However, I only included the domain (aspire-learning.com) WITHOUT the “www”, so after launching the site it displayed as untrustworthy. After some fiddling, I made a second mistake: I applied for a second SSL with the domain as “www.aspire-learning.com” and NO “aspire-learning.com”. I think this resulted in two separate SSL certificates being issued, while neither is correctly tied to the site.
After some looking around online I finally realized (too late) that I could have applied for them together,
And NOW, somehow I have THREE SSL certificates in the “letsencrypt/live” folder, and I really have now idea how.
I tried to revoke the certificates so I could start again clean, but for some reason the revoke command is not working at all (it keeps telling me to include the directory, even though I have tried to do that with multiple formats).
So can someone help me either: 1. Start fresh and revoke everything the right way? or 2. Combine the two SSL certificates (or three?) into something that will work with my site?
Just in case, here are my config files:
“wordpress_https.conf”
upstream php-handler-https {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 443 ssl default_server;
server_name www.aspire-network.com, aspire-network.com;
#server_name wordpress.example.com;
ssl_certificate /etc/letsencrypt/live/aspire-network.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aspire-network.com-0001/privkey.pem; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4; # no RC4 and known insecure cipher
root /var/www/html/;
index index.php;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/wordpress_https_access.log combined;
error_log /var/log/nginx/wordpress_https_error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler-https;
fastcgi_read_timeout 60s;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
“wordpress_https.conf”
upstream php-handler-http {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80 default_server;
server_name www.aspire-network.com, aspire-network.com;
#server_name wordpress.example.com;
root /var/www/html/;
index index.php;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/wordpress_http_access.log combined;
error_log /var/log/nginx/wordpress_http_error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-handler-http;
fastcgi_read_timeout 60s;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
EDIT: I managed to revoke the prior certificates, which allowed me to try a fresh setup, but now I see the bigger problem: for some reason running “certbot-auto --nginx” and entering my domain as “www.aspire-network.com, aspire-network.com” results in “Cannot find a VirtualHost matching domain www.aspire-network.com.”