i have installed lets encrypt SSL on my digitalocean.com droplet
while installing i created using my domain aapta.in and i want the ssl to work even with www
so do i have to install with www seperately or is there an alternative for this
i have installed lets encrypt SSL on my digitalocean.com droplet
while installing i created using my domain aapta.in and i want the ssl to work even with www
so do i have to install with www seperately or is there an alternative for this
Hi,
You could use a certificate that contain both www and root domains.
If you are using certbot, you could run it with the following arguments.
certbot -d aapta.in -d www.aapta.in
Thank you
i am new to this whole vps and ssl command lines - i installed SSL using below
sudo apt-get install python-certbot-apache
letsencrypt --authenticator standalone --installer apache -d example.com
I have also setup a cron job for automatic renewals every 90 days.
Now what am i supposed to do to make it work with www
I did as per your commands - i got to this point where
Do you want to expand and replace this existing certificate with the new
certificate?
(E)xpand/(C)ancel:
Please enter E
(as to expand)
Thank you
thank you so much steven - i did that
now with regards to cron job
0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto certonly --apache --renew-by-default --apache -d example.com >> /var/log/example.com-renew.log 2>&1
should i change any thing from above or - should i leave it
Hi @aapta
why do you use certonly in a cron job? That means, you have to install the certificate manual. Do you want that?
no - honestly i am not sure what i am supposed to do, i just followed a guide which i found online - please correct me if i am wrong
You should run 0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto renew >> /var/log/example.com-renew.log 2>&1
Since renew means renew... certonly means a new issurance....
Thank you
Thanks again steven
one last thing
0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto renew >> /var/log/aapta.in-renew.log 2>&1
is this right? - or should i be using www somewhere - with the above command will the SSL work and renew with and without www
Then first read the certbot commands:
Hi
Thanks will go through commands - now i seem to be stuck at this cronjob
0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto renew >> /var/log/aapta.in-renew.log 2>&1
Will the above command renew my domain SSL - and that renewal will work with both WWW and without WWW
aapta.in
www.aapta.in
Now - yes. Because now you have a certificate with two names:
aapta.in
www.aapta.in
And now it's installed: https://www.aapta.in/ works with the new certificate
- August 2018, 17:14:26
The renew
command uses the existing names of currently-installed certs as a basis for the new certificate requests, so it will not change the domain name coverage of your certificates when it renews them.
Could you please let us know where that guide is? It seems like it must be rather old and out-of-date in a few ways; maybe we would be able to contact the guide's author to get it updated or removed.
so how can i auto renew the certificate - if there is any guide - it would really mean a lot and help me in installing it on all my droplets.
Your last suggested command is OK but I would still like to get the guide you used updated.
If you specify your environment at
you’ll find our own recommendations related to obtaining certificates and automating renewal (which depend on how you installed Certbot).
Thanks, that is definitely not the best advice there in several ways. I will write to the author.
I would also suggest using certbot --apache -d example.com -d www.example.com
instead of --authenticator standalone --installer apache
. If you use standalone, you have to shut down your web server for certificate issuance and renewals, but this isn’t necessary with --apache
.
thanks - again - since i am newbie and dont know most of these commands i am depending on simple step by step instructions to instal and renew SSL
however i seem to get into problems some where
i would appreciate a simple step by step that you can refer me to which will make the job easier - if there is not one, then i appreciate your time in helping me out.
thank you so much