Invalid cert for www

arualris · September 5, 2019, 11:04am

My Let'sEncrypt cert is active and works for whitecathearing.com, but when I tried to add the cert for www.whitecathearing.com it gives me an invalid cert error on my browser.

My domain is:
whitecathearing.com

I ran this command:
sudo certbot --nginx -d www.whitecathearing.com

It produced this output:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.whitecathearing.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.whitecathearing.com/privkey.pem
Your cert will expire on 2019-12-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"

My web server is (include version):
Amazon Lightsail

The operating system my web server runs on is (include version):
CentOs7

My hosting provider, if applicable, is:
I'm currently still using wix.com to host my domain name. I have configured my A records to point both whitecathearing.com and www.whitecathearing.com to my IP address.

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, I'm using Odoo

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.36.0

arualris · September 5, 2019, 11:11am

Sorry, I managed to fix this!

In case others are interested, I reran the command with:
sudo certbot --nginx -d whitecathearing.com -d www.whitecathearing.com

This gave me the option to expand and replace my existing certificates

Thanks for this awesome tool!

danb35 · September 5, 2019, 11:12am

Could you post a screen shot of the error? Because this is what I see when I browse to www:

www redirects to non-www (which is good), and that's secure. There's a mixed content warning because some of your content is loaded by http links rather than https, so you'll need to fix that in your content.

JuergenAuer · September 5, 2019, 1:31pm

Hi @arualris

yep, if you have both domain names (non-www and www), the easiest solution is to use two -d parameters and create one certificate with both domain names.

So you have one vHost with two domain names and one certificate with the same combination.

tychoash · September 16, 2019, 5:19pm

You can also do this when renewing certificates. I had created my original certificate and forget adding www, so I was getting an error. I added the www domain when I was renewing the cert and voila, no more error.

system · October 16, 2019, 5:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSL invalid cert in some cases and valid in others Help	2	1299	November 11, 2021
Certbot unable to renew: Invalid response Help	26	1236	April 21, 2023
Renew the ssl cert but still say my site invalid Help	7	839	October 15, 2021
Certificate invalid Help	14	2915	April 13, 2019
Let's Encrypt Issue while requesting certificate for my domain Help	7	498	January 17, 2024

Invalid cert for www

Related topics