Modify a certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.lanasacoaching.com

I ran this command:
sudo certbot --apache -d lanasacoaching.com
It produced this output:

My web server is (include version):
I am not sure - I am using wordpress so I think it is apache
The operating system my web server runs on is (include version):
ubuntu 16.04.3
My hosting provider, if applicable, is:
digital ocean
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I am a relatively inexperienced Linux administrator and I am using Certbot for the first time. I mistakenly chose not to redirect all http to https when I created the certificate and now wish to do that. I have searched through all the topics here and either I’m not searching well enough or no one has been this dumb before. Is there a way to modify/replace the certificate to eliminate http and redirect everything to https?

1 Like

That’s not a certificate thing, but a feature of certbot. If you run the exact same certbot command as you’ve used before, certbot will recognise the previous issued certificate and will ask you if you’d like a new one issued (which isn’t necessary) or if you’d like to reinstall the existing cert. Choose the latter. As far as I know, certbot should ask you again if you’d like a redirect when installing the cert. Choose “yes” this time.

By the way, you might check your Wordpress Admin first: it has a setting for the URL used. Perhaps also something about HTTPS. This URL setting in Wordpress should contain https://. This might also be enough without using certbot for the redirect. It might also be that if you set the redirect with certbot without having the proper HTTPS URL set in Wordpress, your site might become inoperable. So please also check your Wordpress admin.

2 Likes

Thank you for the super fast response. If I use https://www.lanasacoaching.com the website behaves correctly. And rerunning the command makes sense, I just am very new to Certbot and SSL so I wasn’t sure about the effect of doing that
. Btw - should I have certificates for both lanasacoaching.com and www.lanasacoaching.com? And would that mean that I have to use the --expand option to add www.lanasacoaching.com to the original certificate?

2 Likes

It’s probably the best way to include both hostnames in the same certificate. You can re-run certbot with two -d options, one for each hostname. Certbot should ask you if you’d like to expand the existing certificate. You want that, so choose Yes.

--expand is also a good option so certbot knows what to do, yes. That way it doesn’t have to ask you. But even with --expand, you should add both hostnames on the command line, not just the hostname you’d like to add.

2 Likes

This is really helpful, thank you.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.