Letsencrypt installation not secure and won't redirect

Hello everyone,

Please I need help to resolve the letsencrypt installation error on my website.

My domain is: webhostville.com

I ran this command: sudo certbot --expand -d webhostville.com -d www.webhostville.com -d demo.webhostville.com -d live.webhostville.com

It produced this output:

"failed redirect for webhostville.com
unable to set enhancement redirect for webhostville.com
unable to find the corresponding http vhost, unable to create one as intended address conflicts, current configuration does not support automated redirection.

IMPORTANT NOTE
We were unable to set up enhancement redirect for your server
However, we successfully install your certificate.
....
"

My web server is (include version): Apache 2

The operating system my web server runs on is (include version):Ubuntu 18.04

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): EC2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

I have installed letsencrypt initially with the following code:
sudo certbot --apache -d webhostville.com -d www.webhostville.com -d demo.webhostville.com -d www.demo.webhostville.com -d live.webhostville.com -d www.live.webhostville.com

I think there was an error in this code, though it installed the certificate, I decided to re-installed using the --expand option after reading the faq.

There is an error flag on the url for https://www.webhostville and https://webhostville.com that is not secure and those of the subdomains too.

I will appreciate help to resolve this.

Thank you.

2 Likes

Hi @whv,

A few different things in response to your question:

  • Did you manually retype the error message instead of copying and pasting? Several parts of that message don't quite match what Certbot would actually output!
  • Could you use a more recent version of Certbot? The updated installation advice at https://certbot.eff.org/lets-encrypt/ubuntubionic-apache provides a new, revised procedure using snaps, which will give you a more recent version than 0.31.0.
  • Could you try running sudo apachectl -S to get a summary of your Apache configuration?

I think there was an error in this code, though it installed the certificate, I decided to re-installed using the --expand option after reading the faq.

--expand doesn't do what you expected here. It's not an all-purpose flag for changing the coverage of an existing certificate; for that, you should use --cert-name and the cert name of the existing certificate. --expand has the very minimal behavior of making Certbot not prompt you interactively to confirm a change to an existing certificate that adds new names without removing old names. But your change removes the old "demo" names, and so --expand is totally ignored in this case.

4 Likes

@schoen Thank you for your response.

Summary of Apache Configuration when I ran apachectl -S

VirtualHost configuration:
*:80 is a NameVirtualHost
default server webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:16)
port 80 namevhost webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:16)
alias www.webhostville.com
port 80 namevhost webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:27)
alias www.webhostville.com
port 80 namevhost live.webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:36)
alias www.live.webhostville.com
port 80 namevhost demo.webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:46)
alias www.demo.webhostville.com
*:443 is a NameVirtualHost
default server webhostville.com (/etc/apache2/sites-enabled/webhostville-le-ssl.conf:2)
port 443 namevhost webhostville.com (/etc/apache2/sites-enabled/webhostville-le-ssl.conf:2)
alias www.webhostville.com
alias demo.webhostville.com
alias live.webhostville.com
port 443 namevhost webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:56)
alias www.webhostville.com
port 443 namevhost live.webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:66)
alias www.live.webhostville.com
port 443 namevhost demo.webhostville.com (/etc/apache2/sites-enabled/webhostville.conf:76)
alias www.demo.webhostville.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

1 Like

This is the message I got when I ran this command: sudo certbot --expand -d webhostville.com -d www.webhostville.com -d demo.webhostville.com -d live.webhostville.com

1 Like

I got the following output when I ran this command: sudo certbot --apache -d webhostville.com -d www.webhostville.com -d demo.webhostville.com -d www.demo.webhostville.com -d live.webhostville.com -d www.live.webhostville.com

1 Like