Ssl Not working on "www"

My domain is:tanmayplywood.com

I ran this command: sudo certbot certonly --webroot -w /var/www/html -d www.tanmayplywood.com -d tanmayplywood.com

It produced this output: You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/www.tanmayplywood.com.conf)

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): YES i can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):CWP7

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

I wrote

“certbot certificates”

and i found this reply,

Found the following certs:

Certificate Name: tanmayplywood.com
Domains: tanmayplywood.com
Expiry Date: 2019-07-25 19:03:36+00:00 (VALID: 72 days)
Certificate Path: /etc/letsencrypt/live/tanmayplywood.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/tanmayplywood.com/privkey.pem
Certificate Name: www.tanmayplywood.com
Domains: www.tanmayplywood.com tanmayplywood.com
Expiry Date: 2019-07-25 18:51:28+00:00 (VALID: 72 days)
Certificate Path: /etc/letsencrypt/live/www.tanmayplywood.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.tanmayplywood.com/privkey.pem

On PC if i write www.tanmayplywood.com it redirects to tanmayplywood.com and no errors are seen.
but when i open "www.tanmayplywood.com on phone it shows “this connection is not private”

Hi @yohaan

that may be a cached result, so you don’t really see / check the www-version.

But checking your domain the www version isn’t secure ( https://check-your-website.server-daten.de/?q=tanmayplywood.com ):

Domainname Http-Status redirect Sec. G
http://tanmayplywood.com/
13.234.228.103 301 https://tanmayplywood.com/ 0.250 A
http://www.tanmayplywood.com/
13.234.228.103 301 https://www.tanmayplywood.com/ 0.270 A
https://tanmayplywood.com/
13.234.228.103 200 1.723 B
https://www.tanmayplywood.com/
13.234.228.103 200 1.373 N
Certificate error: RemoteCertificateNameMismatch

But: The non-www version has the wrong certificate:

CN=tanmayplywood.com
	26.04.2019
	25.07.2019
expires in 73 days	tanmayplywood.com - 1 entry

What says

apachectl -S

[centos@ip-172-31-29-237 ~]$ sudo apachectl -S
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using ip-172-31-29-237.ap-south-1.compute.internal. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 tanmayplywood.com (/etc/httpd/conf.d/le-redirect-tanmayplywood.com.conf:1)
*:443 tanmayplywood.com (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

Looks like you don’t have a ServerAlias.

ServerName tanmayplywood.com
ServerAlias www.tanmayplywood.com

Add the alias to both vHosts.

Then change the SSLCertificateFile + key line to your other certificate:

Certificate Path: /etc/letsencrypt/live/www.tanmayplywood.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.tanmayplywood.com/privkey.pem

and restart your server.

1 Like

I am a newbie :stuck_out_tongue:

can you guide me how do i “add the alias to both vhost” and the following task.
you can provide me any tutorial link or something.

Thanks

That’s one of your configuration file, the SSL version.

Open it and add / change the lines. Save it and restart your server.

2 Likes

You are awesome…!!! Thanks a ton. IT WORKED :star_struck::star_struck::star_struck:
i love that you replied within few mins and i was in this problem from weeks.

I would like to know what did i do wrong while using certbot .
What should i do.

This below mentioned way i installed SSL .

yum -y install yum-utils

sudo yum install certbot python2-certbot-apache

In cpanel change webserver to “ngnix & apache” . and back to “apache only”

This will make the root folder from usr/local/apache/htdocs to var/www/html because previous folder is not accesible by cerbot or freessl to verify the server

sudo certbot certonly --webroot -w /var/www/html -d www.tanmayplywood.com -d tanmayplywood.com

Sudo certbot

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.