I have generated a certificate (this is actually an update of a certificate that worked fine) but for some reason it will not let me access my site claiming there is a mismatch.
So it won’t work if you try to access your sites using www.domain. Just an example, oldcognacdistillery.eu doesn’t work because you have an automatic redirect from oldcognacdistillery.eu to www.oldcognacdistillery.eu which is not covered in your cert.
Solution: Create a new certificate but this time include both, non-www and www domains.
I seem to remember that when I generated the certificate it made it clear that it AUTOMATICALLY included the www. option unless I specifically asked it not to. So, I have generated the certificate on the basis that it will automatically include the www. sub domain.
If this is not working properly how do we get it to the right people to sort out? In the meantime, I will have to regenerate the certificate and add the www. domains manually.
You haven't specified which Let's Encrypt client/plugin you use. If you generate your certificate using control panel of your hosting provider, you should contact their support (www. subdomain was never added on Let's Encrypt side automatically, but client/plugin/whatever you use to obtain certificate from LE may have provided option to include it in certificate request for you).
I guess you have used https://www.sslforfree.com/ - is that right? If so, there is “Need Help?” link on their page, where you should probably report your issue.
Please note that any website which offers Let’s Encrypt certificates using only browser (with no additional software) is not operated by Let’s Encrypt itself (this is why I’m asking you about website you used - there are numerous sites available, which are not affiliated with each other).
Not sure of the difference between using them and using lets encrypt direct? if I use lets encrypt direct (can I?) would I still need to refresh the certificate every 90 days?
Also, here is the list of domains on the certificate I just lifted from my godaddy account
You have to use Let's Encrypt client of some kind (sslforfree.com is considered "in-browser client", there are many others), as there is no simple "direct" UI for obtaining certificate (Let's Encrypt is focused on automating certificate requests and renewals, so there is only API endpoint provided). Whatever you choose, certificate validity stays the same - 90 days.
If you are using shared hosting which doesn't have Let's Encrypt integrated in control panel, you'll always have to renew certificate manually, unfortunately. In this case you have to make sure that you always use your full domains list (including www. subdomains) while renewing certificate.
Just to close this and offer my thanks. The sslforfree generator is not adding the www option and I will contact them about it.
In the meantime I tried sahsanu’s suggestion but it gave me issues with not recognising the encryption on the www site folders I added so in thee and I added some internal redirects from www to the Palin domain and it is all working now. I will chase sslforfree when the certificate is next due to expire.
This is not a bug - it should not and will not add domains to the list that you did not explicitly request. If you want a certificate to cover domain.com and www.domain.com, you need to list both of those.
This is from the sslforfree home page (Advanced Options);
Prevent WWW from being Added
We automatically add the www version of the domain if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on “Add / Edit Domains” and remove it and submit again.
So the default they are generating should include the www subdomain.
It looks like the problem has been solved as requesting a cert for a domain now generates both the domain and the www subdomain. I have resolved my problem so am closing of my comments. Thanks again for your help.