Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:jondowd.com
I ran this command: sorry, I don't remember
It produced this output:
My web server is (include version): Apache/2.4.57 (Debian)
The operating system my web server runs on is (include version): Debian GNU/Linux 12 (bookworm)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0
I host my own domain on a debian webserver in my home. I apologize that I don't remember how I (somewhat accidentally) succeeded in getting an https for www.jondowd.com let alone why there is no https for jondowd.com or howto remedy this omission.
Thanks so much. ( ♫He was born in the 50s...)
Jon Dowd
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server jondowd.com (/etc/apache2/sites-enabled/jondowd.com-le-ssl.conf:2)
port 443 namevhost jondowd.com (/etc/apache2/sites-enabled/jondowd.com-le-ssl.conf:2)
alias www.jondowd.com
port 443 namevhost serveronthewall.com (/etc/apache2/sites-enabled/serveronthewall.com-le-ssl.conf:2)
alias www.serveronthewall.com
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost jondowd.com (/etc/apache2/sites-enabled/jondowd.com.conf:1)
alias www.jondowd.com
port 80 namevhost serveronthewall.com (/etc/apache2/sites-enabled/serveronthewall.com.conf:1)
alias www.serveronthewall.com
Linux DEB-SOTW 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Feb 24 11:29:35 2024 from 10.0.0.12
jondowd@DEB-SOTW:~$ sudo certbot certificates
[sudo] password for jondowd:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
You don't need 3 certificates.... save yourself a lot of future headaches, make a new certificate covering all 4 names (serveronthewall.com www.serveronthewall.com jondowd.com www.jondowd.com), or if you're using DNS authentication to generate your certificates, you can ditch the www's and do wildcards instead (serveronthewall.com *.serveronthewall.com jondowd.com *.jondowd.com), this will let you add subdomains later without having to generate another certificate.
give the certificate a sensible name like "main" or "master" or whatever you prefer
put the SSL certificate configuration in global Apache configuration:
go through your port 443 vhosts and remove all existing SSLCertificateFile / SSLCertificateKeyFile directives from them (they will inherit these from global configuration) but leave the SSLEngine on
Restart Apache, SSL should work properly for all 4 names now, you can then either delete your 3 old certificates with certbot delete or just let them expire
You should be good on the SSL front at this point but your Apache configuration still looks to be a bit of a mess. For one thing, for port 80, you should generally only need a single vhost, no matter how many domains you have, since all it should generally be doing is redirecting to HTTPS (and stripping off www subdomains, if you're using the apex as canonical). Your port 80 vhost also doesn't need a DocumentRoot since all it should be doing if redirecting to HTTPS. For your two domains, you should also decide whether your want to use the apex domain or the www subdomain as canonical. Assuming you want to use the apex domain as canonical, then you want the www subdomain forwarding to it, you probably don't want them both serving the same content as you have it now.
This is a lot to unpack for me as I'm only a hobbyist, but I'm going to go through all that you gave me slowly and please know I GREATLY APPRECIATE your help.
It's likely I will have more questions, but let's see how it goes.
Thanks again, Jon
Thank you.
It appears to me that simply running certbot and then pressing Enter has solved my problem, as I no longer receive a browser warning for either domain whether I prepend with www. or not. Do you agree or have I more to do? Thanks so much for your help.
jondowd@DEB-SOTW:~$ sudo certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
Here are sites available -
root@DEB-SOTW:/etc/apache2/sites-available# ls
000-default.conf jondowd.com.conf serveronthewall.com.conf
default-ssl.conf jondowd.com-le-ssl.conf serveronthewall.com-le-ssl.conf
and sites enabled -
root@DEB-SOTW:/etc/apache2/sites-enabled# ls
000-default.conf jondowd.com.conf jondowd.com-le-ssl.conf serveronthewall.com.conf serveronthewall.com-le-ssl.conf
Thanks for your hlep !
