Using Expand to add www subdomain, certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: revkit.com

I ran this command: certbot --expand -d revkit.com -d builds.revkit.com -d rev.revkit.com -d staging.revkit.com -d www.revkit.com

It produced this output:
We were unable to find a vhost with a ServerName or Address of www.revkit.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)

1: staging.revkit.com-le-ssl.conf | Multiple Names | HTTPS | Enabled
2: rev.revkit.com.conf | rev.revkit.com | | Enabled
3: staging.revkit.com.conf | Multiple Names | | Enabled
4: rev.revkit.com-le-ssl.conf | rev.revkit.com | HTTPS | Enabled
5: builds.revkit.com-le-ssl.conf | builds.revkit.com | HTTPS | Enabled
6: builds.revkit.com.conf | builds.revkit.com | | Enabled
7: 000-default-le-ssl.conf | revkit.com | HTTPS | Enabled
8: 000-default.conf | | | Enabled

Select the appropriate number [1-8] then [enter] (press ‘c’ to cancel): 8
The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.

My web server is (include version): Ubunto 16.04 with Apache2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): YES!

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Hi @mikedkap,

Do you have an existing Apache virtual host that directly refers to www.revkit.com?

1 Like

I don’t (I don’t think so).
I have an A record for www that points to our IP.

Could you maybe add a ServerAlias telling Apache that the revkit.com virtual host can also answer requests for www.revkit.com? After that, I think Certbot will do what you expect.

1 Like

Hmmm, could you say a little more about that? Where would I start?

Thanks!

grep -r "ServerName revkit.com" /etc/apache2

Then edit that stanza to add

ServerAlias www.revkit.com

within the same stanza. This is also often necessary in order to make Apache respond the way that you expect to requests that use the www form.

1 Like

I received this message, not sure how to edit it. Much appreciated!

root@testing:~# grep -r "ServerName revkit.com" /etc/apache2
/etc/apache2/sites-available/000-default-le-ssl.conf:ServerName revkit.com

Ah, do I add it into here somewhere?

<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

ServerName revkit.com
SSLCertificateFile /etc/letsencrypt/live/revkit.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/revkit.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Yes, you can add it right after the ServerName line.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.