The first domain is dandy. The second domain, however, seems problematic. I cannot produce a certificate that covers both https://vixen.international and https://www.vixen.international. Where the first site has a certificate that covers www, the second can only produce one or the other - no matter what I do. Producing a certificate that includes www appears to overwrite the certificate without a prefix.
I am using Certbot (python-certbot-apache) to generate certificates automatically. Is there an option I can throw in to generate a certificate that covers ā*.vixen.internationalā as well as the root domain? sudo certbot --apache appears to only be able to to this for one site.
Interestingly, there is no erroneous output. The certificate appears to generate within certbot, and the only indication of an issue is upon navigation to the site itself. For the time being I am using redirection to eliminate www, but this is a messy workaround and will fail once I add subdomains to the site.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server incoherent.xyz (/etc/apache2/sites-enabled/incoherent.xyz-le-ssl.conf:2)
port 443 namevhost incoherent.xyz (/etc/apache2/sites-enabled/incoherent.xyz-le-ssl.conf:2)
alias www.incoherent.xyz
port 443 namevhost vixen.international (/etc/apache2/sites-enabled/vixen.international-le-ssl.conf:2)
alias www.vixen.international
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost incoherent.xyz (/etc/apache2/sites-enabled/incoherent.xyz.conf:1)
alias www.incoherent.xyz
port 80 namevhost vixen.international (/etc/apache2/sites-enabled/vixen.international.conf:1)
alias www.vixen.international
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
Note that initially, when I generated that multi-domain cert, I couldnāt get HTTPS redirection working properly on the vixen domain. Iām actually having some issues getting it to redirect now, although Iāve only just learned that certbot creates an additional conf for the ssl implementation.
Huh. So is it more likely that certbot just didnāt recognise the two separate domains first time around? Also, will auto-renewal have been set up this time around?
The result is saved in your config file. So it should work. Later, you may delete your certificates with one domain name, because you don't need these (and you don't need a renew).
certbot certificates, then certbot delete certificatename.