Invalid cert for www

My Let’sEncrypt cert is active and works for whitecathearing.com, but when I tried to add the cert for www.whitecathearing.com it gives me an invalid cert error on my browser.

My domain is:
whitecathearing.com

I ran this command:
sudo certbot --nginx -d www.whitecathearing.com

It produced this output:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/www.whitecathearing.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/www.whitecathearing.com/privkey.pem
    Your cert will expire on 2019-12-04. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

My web server is (include version):
Amazon Lightsail

The operating system my web server runs on is (include version):
CentOs7

My hosting provider, if applicable, is:
I’m currently still using wix.com to host my domain name. I have configured my A records to point both whitecathearing.com and www.whitecathearing.com to my IP address.

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, I’m using Odoo

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.36.0

Sorry, I managed to fix this!

In case others are interested, I reran the command with:
sudo certbot --nginx -d whitecathearing.com -d www.whitecathearing.com

This gave me the option to expand and replace my existing certificates :slight_smile:

Thanks for this awesome tool!

1 Like

Could you post a screen shot of the error? Because this is what I see when I browse to www:


www redirects to non-www (which is good), and that's secure. There's a mixed content warning because some of your content is loaded by http links rather than https, so you'll need to fix that in your content.

Hi @arualris

yep, if you have both domain names (non-www and www), the easiest solution is to use two -d parameters and create one certificate with both domain names.

So you have one vHost with two domain names and one certificate with the same combination.

You can also do this when renewing certificates. I had created my original certificate and forget adding www, so I was getting an error. I added the www domain when I was renewing the cert and voila, no more error. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.