Site doesn't show as https after running certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: techwittys.com

I ran this command: https://certbot.eff.org/lets-encrypt/centos6-apache

It produced this output: Congratulations! You have successfully enabled https://www.techwittys.com

My web server is (include version): Apache webserver on CentOS 6

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: e2enetworks

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, I can.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.3.0

So i have successfully installed the SSL certificates on my webserver, but when now when I am accessing my site, it still not showing the secure lock sign. I ran a check on SSLlabs here: https://www.ssllabs.com/ssltest/analyze.html?d=www.techwittys.com

Could someone help me out as to where I might be going wrong and it isn’t showing the secure sign?

Thanks and Regards,

Nikhil Pandita

1 Like

Hi @nikhil_pandita

checking your domain via https://check-your-website.server-daten.de/?q=techwittys.com#connections

You have created a certificate with only one domain name:

CN=www.techwittys.com
	04.03.2020
	02.06.2020
expires in 90 days	www.techwittys.com - 1 entry

So your www is secure, your non-www not. Create one certificate with both domain names.

1 Like

@JuergenAuer
Thank you for the reply, I ran the installer again, but it isn’t showing me the techwittys.com image
Could you please help me as to how I can create a certificate with both domain names?

1 Like

You can either type the domains there (I guess) or give them to certbot on the commandline:

certbot {your options} -d www.techwittys.com -d techwittys.com

Your port 80 vHost is wrong.

What says

apachectl -S

One vHost with both domain names is required.

2 Likes

@JuergenAuer Thank you again for the reply, after putting the command I am getting the following output. Could you guide me in the right direction as to how I can fix this?

@9peppe Thank you for the reply, I ran the command but it is giving me the following error.
image
Any idea as to how I can fix that?

That’s your choice.

Do you want all visitors redirected to www? do you want to serve the same site for www and non-www?

There is a missing second alias. Add the non-www alias. And that’s not a “localhost”. Looks like you have created that configuration manual, so change it.

PS: @9peppe : If the vHost configuratiion is buggy, the -d option isn’t a good idea.

2 Likes

I want the visitors to be redirected to the https:// page for both www and non www webpage.

I assume I have to make some changes here, in the httpd.conf file of the server, could you please help me as to what I have to change in the following files? Sorry for the questions but I’m new to all this. Appreciate all the help so far. :slight_smile:

It might be, as long as it’s the default virtualhost :slight_smile:

yeah, but do you want to redirect https:://example.com to https://www.example.com ?

If no, add both to the same virtualhost. If yes, add the redirect in a separate one.

I want the users to be automatically redirected to the https://techwittys.com even if they enter only https://techwittys.com or https://www.techwittys.com.

If no, add both to the same virtualhost. If yes, add the redirect in a separate one.

Could you please help me as to how I can do so? Also I have posted the httpd.conf file in the above reply, could you let me know what changes I have to make so it works perfectly?
Thanks a lot!

1 Like

in this case, remove your serveralias directive and set servername to techwittys.com

then, you add another virtualhost before all others and set it so that redirects to the main one. this virtualhost can either have a servername of www.techwittys.com or it might have a random one, it’s your default virtualhost, it will catch anything not defined elsewhere. Set it to www.techwittys.com if you want it to be easier, as certbot will read that file and see the virtualhost.

if you want to go completely overboard, add a dns record like * 3000 in A @ so that every subdomain will default resolving to the second level domain. But then you might need a wildcard certificate.

1 Like

Thank you, I made the changes in the config file and its working now. Cheers!

1 Like