Lets encrypt ssl with www


#1

i have installed lets encrypt SSL on my digitalocean.com droplet

while installing i created using my domain aapta.in and i want the ssl to work even with www

so do i have to install with www seperately or is there an alternative for this


#2

Hi,

You could use a certificate that contain both www and root domains.

If you are using certbot, you could run it with the following arguments.

certbot -d aapta.in -d www.aapta.in

Thank you


#3

i am new to this whole vps and ssl command lines - i installed SSL using below

sudo apt-get install python-certbot-apache

letsencrypt --authenticator standalone --installer apache -d example.com

I have also setup a cron job for automatic renewals every 90 days.

Now what am i supposed to do to make it work with www


#4

I did as per your commands - i got to this point where

Do you want to expand and replace this existing certificate with the new

certificate?


(E)xpand/©ancel:


#5

Please enter E (as to expand)

Thank you


#6

thank you so much steven - i did that

now with regards to cron job

0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto certonly --apache --renew-by-default --apache -d example.com >> /var/log/example.com-renew.log 2>&1

should i change any thing from above or - should i leave it


#7

Hi @aapta

why do you use certonly in a cron job? That means, you have to install the certificate manual. Do you want that?


#8

no - honestly i am not sure what i am supposed to do, i just followed a guide which i found online - please correct me if i am wrong


#9

You should run 0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto renew >> /var/log/example.com-renew.log 2>&1

Since renew means renew… certonly means a new issurance…

Thank you


#10

Thanks again steven

one last thing

0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto renew >> /var/log/aapta.in-renew.log 2>&1

is this right? - or should i be using www somewhere - with the above command will the SSL work and renew with and without www


#11

Then first read the certbot commands:


#12

Hi

Thanks will go through commands - now i seem to be stuck at this cronjob

0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto renew >> /var/log/aapta.in-renew.log 2>&1

Will the above command renew my domain SSL - and that renewal will work with both WWW and without WWW

aapta.in
www.aapta.in


#13

Now - yes. Because now you have a certificate with two names:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:aapta.in;issuer_uid:4428624498008853827&lu=cert_search

aapta.in
www.aapta.in

And now it’s installed: https://www.aapta.in/ works with the new certificate

  1. August 2018, 17:14:26

#14

The renew command uses the existing names of currently-installed certs as a basis for the new certificate requests, so it will not change the domain name coverage of your certificates when it renews them.


#15

Could you please let us know where that guide is? It seems like it must be rather old and out-of-date in a few ways; maybe we would be able to contact the guide’s author to get it updated or removed.


#16

so how can i auto renew the certificate - if there is any guide - it would really mean a lot and help me in installing it on all my droplets.


#17

Your last suggested command is OK but I would still like to get the guide you used updated.

If you specify your environment at

you’ll find our own recommendations related to obtaining certificates and automating renewal (which depend on how you installed Certbot).


#18

#19

Thanks, that is definitely not the best advice there in several ways. I will write to the author.

I would also suggest using certbot --apache -d example.com -d www.example.com instead of --authenticator standalone --installer apache. If you use standalone, you have to shut down your web server for certificate issuance and renewals, but this isn’t necessary with --apache.


#20

thanks - again - since i am newbie and dont know most of these commands i am depending on simple step by step instructions to instal and renew SSL

however i seem to get into problems some where

i would appreciate a simple step by step that you can refer me to which will make the job easier - if there is not one, then i appreciate your time in helping me out.

thank you so much