Problem with www

Hello,

I have a domain (https://domain.com) with a www subdomain (https://www.domain.com).
I mainly use “domain.com” but for SEO reasons I would like to have no problem with www.domain.com.

To renew certificates I use the command
certbot-auto renew

It returns to me for the www domain and subdomain
Cert not yet due for renewal

Problem when I go to https://www.domain.com the browser puts a security alert and says the connection is not encrypted.

So I tried this command instead
certbot-auto --force-renewa

There I have the choice between the two domains to renew

  1. domain.com
  2. www.domain.com

If I choose the 2 the www works, but the 1 puts me an error message.
If I choose the 1 it is the 2 that puts me the error message.

Can you help me ?

Thank you

What’s your real domain?

What does certbot-auto certificates show?

Found the following certs:
Certificate Name: astuto.fr
Domains: astuto.fr
Expiry Date: 2019-11-25 09:05:35+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/astuto.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/astuto.fr/privkey.pem
Certificate Name: www.astuto.fr-0001
Domains: www.astuto.fr
Expiry Date: 2019-11-25 09:05:02+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.astuto.fr-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.astuto.fr-0001/privkey.pem
Certificate Name: www.astuto.fr
Domains: astuto.fr www.astuto.fr
Expiry Date: 2019-11-16 17:22:23+00:00 (VALID: 81 days)
Certificate Path: /etc/letsencrypt/live/www.astuto.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.astuto.fr/privkey.pem

You have three certificates, but https://astuto.fr/ and https://www.astuto.fr/ both use this one:

Check the Apache configuration and change it to use the www.astuto.fr certificate.

You can also delete the other two, if you're not using them for other tihngs.

Thank you !

I try to delete the two certificates but I have the same problem.

For apache configuration, i do not know where i could do that.
In /etc/apache2/sites-available/asuto-le-ssl.conf the ssl certificates are quoted, but it is the only file and I do not see what modification to make therefore.


ServerName astuto.fr ServerAlias www.astuto.fr

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/astuto.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/astuto.fr/privkey.pem

Change "astuto.fr" to "www.astuto.fr" in those two directives, and any other identical SSLCertificateFile or SSLCertificateKeyFile directives.

After this change, without doing anything more it doesn’t work.
If I renew the www

Which names would you like to activate HTTPS for?


1: astuto.fr
2: www.astuto.fr

It work but astuto.fr without www doesn’t work.
Of course I want both to work.

You don’t need to issue or renew any certificates. You already have some.

If you keep issuing certificates, all it will do is waste resources, and soon hit the duplicate certificate rate limit.

All you have to do is edit the Apache configuration.

Can you post the output of “certbot-auto certificates” again?

I understand that what you are advising me to do, is only to change the configuration of Apache, but if I do it it does not work.

The real question is why the same certificate can not work with and without the www?
I guess elsewhere it works but not to my configuration.

My priority is that astuto.fr works (without www) so I have one last time renewed the certificate. I saw that it changed the file /etc/apache2/sites-available/asuto-le-ssl.conf to remove the www in those two directives letsencrypt/
So simply putting the www is not the solution.

I will try another solution for today but all ideas will be welcome.

How have you changed it, and how is it failing?

If you can get Apache to use the certificate that includes both names, it will work.

What command did you run? Please don't run it again, just say what it was.

If you run Certbot and tell it to reinstall one of the existing certificates without issuing a new one, it can try to configure Apache to use that certificate. (But depending on your Apache configuration, it might not update all the right virtual hosts.)

But you can also modify the Apache configuration by hand to make the same changes.

Can you post the output of “certbot-auto certificates” again?

Right now, https://astuto.fr/ is using a certificate for astuto.fr that was issued about half an hour ago.

https://www.astuto.fr/ now has a different IP address pointing to a different computer, using some certificate for cluster006.hosting.ovh.net.

astuto.fr.      1304  A  51.38.48.80
www.astuto.fr.  1307  A  213.186.33.17

As I can not generate the www certificate I use a backup solution through an all in one web hoster for the www.

All command run but it doesn’t work.

I have 2 certificates again because with /etc/letsencrypt/live/www.astuto.fr/privkey.pem “astuto.fr” doesn’t work.

/bin/certbot-auto has insecure permissions!
To learn how to fix them, visit Certbot-auto deployment best practices
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: astuto.fr
Domains: astuto.fr
Expiry Date: 2019-11-25 11:02:40+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/astuto.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/astuto.fr/privkey.pem
Certificate Name: www.astuto.fr
Domains: www.astuto.fr
Expiry Date: 2019-11-25 10:45:13+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.astuto.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.astuto.fr/privkey.pem


Which commands? In what way did they fail to work?

Earlier, you had a certificate that included both hostnames.

Now it's been replaced by one that only has www.astuto.fr...

You could create two Apache virtual hosts, one using the asuto.fr certificate and one using the www.astuto.fr certificate.

Or you could issue another certificate for both hostnames -- or recover the one you had before -- and have Apache use that.

By the way…

Your server is running Debian, right?

And could you also post the output of “sudo apachectl -t -D DUMP_VHOSTS”?

Thank you for your help, I will continue testing tomorrow.

Here is the result of the command sudo apachectl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:443 astuto.fr (/etc/apache2/sites-enabled/astuto-le-ssl.conf:;0;2)
*:80 is a NameVirtualHost
default server v.ovh.net (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost v.ovh.net (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost astuto.fr (/etc/apache2/sites-enabled/astuto.conf:1)
alias www.astuto.fr

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.