Running certbot did not give me https

My domain is:

I ran the commands on this site with no errors.

All codes succeeded but my website is still not https.

The operating system my web server runs on a raspberry pi with Buster.

My hosting provider is: google domains

I can login to a root shell on my machine (yes)

Dry run works and says it was successful.

The only thing i can think of for why it isnt working is when it asked for the domain, i put in instead of
Not sure if that will affect it, but let me know how to change that if so.


Welcome to the Let's Encrypt Community, Garrett :slightly_smiling_face:

Your certificate needs to cover both and

Certificate History

Could you please guide me on how to add the new domain to the existing cert?


You can't. You have to generate a new certificate.

Use -d "," in your certbot command.


Here is what has happened once following your instructions

pi@raspberrypi:~ $ sudo certbot --apache -d ","
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/

It contains these names:

You requested these names for the new certificate:,

Do you want to expand and replace this existing certificate with the new

(E)xpand/(C)ancel: E
Renewing an existing certificate for and
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of
Which virtual host would you like to choose?

1: 000-default-le-ssl.conf | | HTTPS | Enabled
2: 000-default.conf | | | Enabled

Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

1 Like

Is selecting 1 the correct option here? Im not sure why there are two...

Thanks for your help so far, super helpful!

1 Like

You need to specify ServerAlias in your apache vHost.


FYI, i selected 1 as the option there.

Here is what happened, the site is still not HTTPS.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Enhancement redirect was already set.
Enhancement redirect was already set.

You add it as a line right below the ServerName line in your 000-default.conf file.

By the way:

1 Like

Your Apache configuration doesn't have a HTTP to HTTPS redirect set for the www subdomain.

Please show apachectl -S


Here is inside the 000-default

Is this the correct way to add the serveralias?

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

RewriteEngine on
RewriteCond %{SERVER_NAME},
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

vim: syntax=apache ts=4 sw=4 sts=4 sr noet


Add these lines at the top:


then restart apache.

1 Like

pi@raspberrypi:~ sudo apachectl -S AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive globally to suppress this message VirtualHost configuration: *:443 (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2) *:80 (/etc/apache2/sites-enabled/000-default.conf:1) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex watchdog-callback: using_defaults PidFile: "/var/run/apache2/" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33 pi@raspberrypi:~


No, he doesn't:

osiris@erazer ~ $ curl -LI
HTTP/1.1 200 OK
Date: Tue, 05 Jan 2021 20:41:13 GMT
Server: Apache/2.4.38 (Raspbian)
Last-Modified: Tue, 05 Jan 2021 18:55:39 GMT
ETag: "5661-5b82bc0b57c8c"
Accept-Ranges: bytes
Content-Length: 22113
Vary: Accept-Encoding
Content-Type: text/html

osiris@erazer ~ $ 

No redirect at all for the www subdomain.


Oh really... are you sure... :wink:

It's malformed isn't it. :confused:


The fact there are a bunch of Rewrite rules supposed to make a redirect doesn't mean the webserver actually is redirecting.


Oh really... are you sure... :wink:

It's malformed isn't it.

That was to ask how to put it in there, is that not correct?


Not quite.

You need the lines I mentioned.

Certbot should add the redirects by itself.

1 Like

You put the ServerName and ServerAlias directives at the place where in your current configuration file there is a commented ServerName. Don't forget to add the www. at the ServerAlias directive which was forgotten by @griffin earlier :wink: Using the same value for ServerName and ServerAlias isn't going to work.


You forgot to put the www....