SSL not working with "www" prefix

My website is working for “” but is not working for “” even though the certificate I’m using specified both domains. What am I doing wrong?

My domain is: AND

I ran this command: sudo certbot certonly --standalone -d -d

It produced this output:

Do you want to expand and replace this existing certificate with the new

(E)xpand/©ancel: E
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for
http-01 challenge for
Waiting for verification…
Cleaning up challenges


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2018-09-16. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

My web server is (include version): Custom java webserver

The operating system my web server runs on is (include version): Ubuntu 16.04.4 LTS

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi mirraj2

the tls-sni-01 - challenge is outdated. So use the http-01 - challenge with both domains.

shows both names.

X509v3 Subject Alternative Name:

So it looks like a local problem.

PS: I can’t open one of your pages

4 * “no connection”.

Does your Java webserver directly use /etc/letsencrypt/live/ in its configuration, or did you have another step to import that PEM certificate into a JKS file or another kind of certificate representation that the webserver uses? In the latter case, you'll have to repeat that import step every time your certificate or private key changes.

Ah, I think schoen figured it out. I forgot to re-import into the JKS file. I’ll try that when I get to my laptop and update this thread. Thanks

Its working now, thanks! I had to re-create the JKS file after expanding the certificate - silly me


You may want to look at automating this process (for example with Certbot’s --deploy-hook feature) because the JKS file will also need to be recreated every time the certificate is renewed, even if the domain name coverage doesn’t change. Let’s Encrypt certificates are only valid for 90 days, so renewal is a frequent occurrence!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.