Problems with manual installation and WWW version of my domain

r00t · December 10, 2015, 11:55am

Due to the nature of my configuration, I’m forced to manually load the certificates.

This is what my configuration looks like:

<virtualhost *:443>
ServerName mydomain.com
ServerAlias  www.mydomain.com
ServerAdmin webmaster@mydomain.com
DocumentRoot "/var/sentora/hostdata/myusername/public_html/mydomain_com"
php_admin_value open_basedir "/var/sentora/hostdata/myusername/public_html/mydomain_com:/var/sentora/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/sentora/logs/domains/myusername/mydomain.com-error.log" 
CustomLog "/var/sentora/logs/domains/myusername/mydomain.com-access.log" combined
CustomLog "/var/sentora/logs/domains/myusername/mydomain.com-bandwidth.log" common
<Directory "/var/sentora/hostdata/myusername/public_html/mydomain_com">
  Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>
AddType application/x-httpd-php .php3 .php
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)

# Custom VH settings (if any exist)
SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem

</virtualhost>

<virtualhost *:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
ServerAdmin webmaster@mydomain.com
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] 
</virtualhost>

How do I get my certificate to work with WWW as well as the non-www version? The alternative question would be - what command should I have executed to obtain my certificate in a way that would cover this?

I apologize for the stupid question but I’m a bit new to SSL certificates.

Osiris · December 10, 2015, 12:02pm

I’m sorry, but my crystal ball is damaged as of late…

Could you provide us with some more details? How did you obtain the certificate? (Commands entered?) Errors?

What is the exact problem?

Did you supply the letsencrypt command with -d mydomain.com -d www.mydomain.com or just one -d, only for mydomain.com?

r00t · December 10, 2015, 12:04pm

Just the -d mydomain.com

I suppose that was the problem here?

Osiris · December 10, 2015, 12:06pm

Probably… Look at the certificate with openssl x509 -noout -text -in /etc/letsencrypt/live/mydomain.com/cert.pem and look at the “DNS:” entries after X509v3 Subject Alternative Name:: it probably only contains mydomain.com, but you would like to have the www-version as well. You should have added that one too with a second -d. You can have many, many domains in that list

r00t · December 10, 2015, 12:08pm

So now what? Do I just request a new certificate with the proper command or is there a “proper” way to do it?

Octal · December 10, 2015, 12:08pm

Yep, you’ll need to specify all the subdomains, even the obvious ones as “www” (others CAs do it automatically, LE doesn’t). Request a new certificate with :

-d domain.com -d www.domain.com

It will generate one certificate valid for both sites.

r00t · December 10, 2015, 12:28pm

Okay, thanks both of you for helping me out, it works fine now.

@Osiris, sorry about your crystal ball. Here’s a picture of cats.