Si the certificate generate here can be used for both www and non-www?


#1

is the certificate generated from this can be used for both www and non-www?

This normally will “work”

<VirtualHost *:80>
ServerName domain.com
ServerAlias *.domain.com

DocumentRoot /home/domain/public_html
<Directory "/home/domain/public_html">
  Require all granted
</Directory>

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_ALIAS} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I run certbot --apache -d www.domain.com

type the domain in the browser and if the domain is typed without www in it it will redirect to an url that has a www in it, but if you remove www after it loads and enter I got an error saying that the website is not secure . . . if I tried to generate a cert for the domain without www in it

certbot --apache -d domain.com

and do the same thing, open a browser type in www.domain.com, it will show an error saying that the website is not secure and a url that has no www in it just type domain.com will load without a problem.

the rewrite condition is set by certbot automatically, So I didn’t touch those.

what could be possibly wrong here? is the free certificate only applicable for either www.domain.com or domain.com only?

I disable ssl on this domain that I used this, because of this issue.


#2

Hi @blackwing

your both commands are wrong. You must add both domain names with the -d option

Instead:

certbot --apache -d www.domain.com -d domain.com

So you order one certificate with two domain names.

This has nothing to do with your redirects.


#3

yes may mistake that was with “-d” in the command. @JuergenAuer. at some point I did tried to use that command. But end-up with the same issue, but I will try again and see if it will work.

I also use

certbot --apache

and choose on the list of domain

  1. domain.com
  2. www.domain.com

In which I did both. is that also wrong?


#4

No, choosing domains from the interactive list works about the same as using -d arguments.

Can you tell us your domain, Certbot’s output, the output of “sudo certbot certificates”, and what’s going wrong?

Be mindful of Let’s Encrypt’s rate limits and don’t generate too many duplicate certificates while working on this.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#5

My domain is: http://www.growingstrongergame.com

I ran this command: certbot --apache

It produced this output:

  1. growingstrongergame.com
  2. Www.growingstrongergame.com

Then . .

  1. No redirect . . .
  2. Redirect . . .

Then all is good

My web server is (include version): httpd

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Again I disable ssl for now. Since thebproblem is when I type growingstrongergame.com it will redirect to https://www.growingstrongergame.com which is perfect, but if I remove www on that url that loads it will say website is not fully secure its immitating www.growingstrongergame.com something like that.


#6

Now you have a special problem - Grade Q in my ranking system ( https://check-your-website.server-daten.de/?q=growingstrongergame.com ):


Domainname Http-Status redirect Sec. G
http://growingstrongergame.com/
207.29.229.39 200 0.344 H
http://www.growingstrongergame.com/
207.29.229.39 200 0.347 H
https://growingstrongergame.com/
207.29.229.39 -4 0.677 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
https://www.growingstrongergame.com/
207.29.229.39 -4 0.673 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://growingstrongergame.com:443/
207.29.229.39 200 0.347 Q
http://www.growingstrongergame.com:443/
207.29.229.39 200 0.343 Q

Your https doesn’t work - with a special error message:

SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.

Reason: You send http over port 443. This is checked - and there is a http status 200 sent.

Http over port 443 is always bad.


#7

This happens when the names are in two vhost configs.
if both names go to the same folder, then combine them into just one vhost config:
servername growingstrongergame.com
serveralias www.growingstrongergame.com
(or whatever the syntax is for your web server software)

If the two names do two different things (separate folders), then you will have to treat them as completely separate sites and issues them certs individually.


#8

This is in just 1 vhost config

Servername growingstrongergame.com
ServerAlias www.growingstrongergame.com


#9

Please show:
grep -Eri 'growingstrongergame|servername|serveralias|sslcertificate' /etc/apache2/
ls -l /etc/apache2/sites-enabled/


#10

/etc/httpd/conf/httpd.conf:# ServerName gives the name and port that the server uses to identify itself.
/etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
/etc/httpd/conf/httpd.conf:#Include /etc/httpd/sites-available/growingstrongergame.com-le-ssl.conf
/etc/httpd/sites-available/growingstrongergame.com.conf: ServerName growingstrongergame.com
/etc/httpd/sites-available/growingstrongergame.com.conf: ServerAlias www.growingstrongergame.com
/etc/httpd/sites-available/growingstrongergame.com.conf: ErrorLog logs/growingstrongergame.com-error_log
/etc/httpd/sites-available/growingstrongergame.com.conf: CustomLog logs/growingstrongergame.com-access_log common

ls -l /etc/httpd/sites-available/
-rw-r–r-- 1 root root 378 Dec 2 11:47 growingstrongergame.com.conf


#11

For now, I would try:
1,2 [at first prompt]
1 [at second prompt]


#12

I asked for the sites-ENABLED:

So, please show:
ls -l /etc/httpd/sites-enabled/


#13

growingstrongergame.com.conf -> /etc/httpd/sites-available/growingstrongergame.com.conf


#14

I actually did this, but still in the same problem


#15

Did you try them together in one request (as @JuergenAuer suggested)?:


#16

yup I did and still end up with the same issue.


#17

There is no certificate with two domain names:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:growingstrongergame.com&lu=cert_search

Three with the non-www - version (pre- and leaf-certificate), one

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:www.growingstrongergame.com&lu=cert_search

with the www-version.

No certificate with two domain names.


#18

I was able to make it work in a different domain and server this time using the above command.

domain: racequeen.ph

both https://racequeen.ph and https://www.racequeen.ph work.


#19

will this work on a server that has multiple domain in one IP?


#20

Will “what” work?
If you mean, can certbot handle multiple domains in one IP? YES
If you mean, can my system (web server) handle multiple domains in one IP?
That depends on your web server version and your configuration.