Lets encrypt not supporting mozilla firefox for some verssions

could please suggest me the solution

You have all you need.

Certificates

and you know how to install these. So do that.

And there is no error shared. If you have an error with a Firefox, share a screenshot and the exact url. Use the online tool to check and to fix your configuration.

1 Like

Please find the screen shot

That’s already answered - 7 days earlier.

Your www version has the wrong certificate.

1 Like

Overall I think there are two big difficulties here:

(1) Each of the certificates seems to have either merritos.com or *.merritos.com, but not both. This is a problem because wildcards don’t cover the base domain. The *.merritos.com certificate is not valid for https://merritos.com/, although Chrome may overlook this mismatch. This could be fixed by getting a single certificate that covers both names. That can be requested in Certbot by giving multiple -d flags, for example.

(2) Some of your existing certificates are stored in /etc/letsencrypt in a way that’s invalid from Certbot’s point of view, as can be seen from the errors about expecting files to be symlinks. It would be good to understand how this happened. It may be causing problems with certbot renew and possibly in some other situations; for example, this likely has something to do with the reason why there are so many different -0001, -0002, etc., certificates. One thing we could look at is the output of ls -lR /etc/letsencrypt/{live,archive} to see what’s there compared to what Certbot expects.

3 Likes

Thank you!

can we run this command to get new certificate for www.merritos.com

certbot certonly --manual -d www.merritos.com --preferred-challenges dns

Unless there’s a good reason not to share certificates between the two domains, I think you should run

certbot certonly --manual -d www.merritos.com -d *.merritos.com -d www.merritos.in -d *.merritos.in --preferred-challenges dns

And never deviate from that until you add more domains. Every time you mix which domains you obtain or renew, the file names will change, and as you’ve seen, it leads to a lot of confusion to have a mix of certificates that cover different sets of domains.

2 Likes

Hi ,

We are getting below error, could you please check

[root@li1636-240 ~]# certbot certonly --manual -d merritos.com -d www.merritos.com --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/merritos.com-0005.conf)

It contains these names: merritos.com

You requested these names for the new certificate: merritos.com,
www.merritos.com.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/©ancel: E
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for merritos.com
dns-01 challenge for www.merritos.com


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: Y


Please deploy a DNS TXT record under the name
_acme-challenge.merritos.com with the following value:

v1cEeE2WIJ01yhlc6ZM857x47BjA_1dXgnyacCkbud8

Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.www.merritos.com with the following value:

uGyr4-a2-iRKQSHGejYwrlTIBFN7HjuNIPS0tkpW4F0

Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification…
Resetting dropped connection: acme-v02.api.letsencrypt.org
Cleaning up challenges
Failed authorization procedure. www.merritos.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.merritos.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.merritos.com
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.www.merritos.com

1 Like

I see multiple TXT records for _acme-challenge.merritos.com but none for _acme-challenge.www.merritos.com, as the error says. I don’t think you ever said who your DNS provider is, are you able to create nested subdomains? Nearly all DNS providers should let you create a _acme-challenge.www TXT record. Domainkeys can get 2 or 3 deep.

Actually, *.merritos.com already includes www.merritos.com, I think I meant to recommend -d *.merritos.com -d merritos.com , no subdomain at all.

1 Like

ya we thought the same if *.merritos.com have certificates then no need for www.merritos.com.
But in firefox we are getting error.Except www.merritos.com all other subdomains are working good for *.merritos.com
And linode is our domain provider.

1 Like

You still aren’t using a cert with *.merritos.com on www.meritos.com. That one’s only valid for meritos.com, no subdomains. Still a configuration update issue.

1 Like

thank you so much for your support, issue has been resolved by mapping with subdomain certificates

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.