I have certificate for all three - wild card, root domain and www certificate and firefox tells me that I have certifcate only for www and not the root domain

Help
1

My domain is: namefit.com

My web server is (include version):Apache

The operating system my web server runs on is (include version):Ubuntu 18.04.3 LTS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I understand that * is only for subdomains but when I try to access directly in firefox - https://namefit.com - it is fine, it gets redirected to https://www.namefit.com but if I access twitter (x) link like the one below - it does not redirect to www and gives error of bad certificate.

https://t.co/q7U71uxEO5
https://t.co/AMqjGRJ4yN

when I installed root an wild card a couple or less months ago, it was working fine, in past few days something happened and I started getting this problem.

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for namefit.com. The certificate is only valid for www.namefit.com.

2

Hello @namefit, welcome to the Let's Encrypt community. :slightly_smiling_face:

Here is a list of issued certificates https://crt.sh/?q=namefit.com I see no recent certificate that has all three

image
image1028×259 4.02 KB

This is the presently being served certificate https://decoder.link/sslchecker/namefit.com/443 for namefit.com

Common Name:	www.namefit.com
SANs:		DNS:www.namefit.com
Total number of SANs: 1
2 Likes
3

See:
SSL Server Test: namefit.com (Powered by Qualys SSL Labs)

3 Likes
4

@namefit Note especially that SSL Labs shows your namefit.com domain sending out two different leaf/chain combinations.

One is a leaf for www.brandya.com that expired in March

The other leaf is for www.namefit.com which expires Nov9. But note requests to your apex name get a leaf that only has the www subdomain in it so won't match. As you already knew.

Just wanted to point out the duplicate which is pretty unusual.

3 Likes
5

I reinstalled both sudo certbot -d namefit.com -d www.namefit.com again and seem to work but I proobably lost my submdomain (*.namefit.com) capability ( I do no have URL to check but will update once I test)

6

Welcome to the Let's Encrypt Community! :slightly_smiling_face:

You probably need:

sudo certbot -d namefit.com -d *.namefit.com

2 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.