Website blocked on my certificate

Hi

I have generated a certificate (this is actually an update of a certificate that worked fine) but for some reason it will not let me access my site claiming there is a mismatch.

Here are the images of the notice I received:

Not sure if you will be able see those but hopefully once saved it will allow the link to work.

Cannot see what I am dong wrong. Can anyone offer some advice please?

Geoff

Here is the bottom of the message;

Have checked the other sties and I only get the blocking on these sites:

oldcognacdistillery.eu
lecurieduparc.eu

perignac.eu is OK so it is not a .eu thing.

Any ideas anyone?

Apologies for the dribs and drabs.

When I remove the www. from lecurieduparc, it works.

It does not work when I do the same for oldcognacdistillery.eu

Geoff

Hi @GeoffatMM,

The certificate used in your sites is only valid for these domains:

anglofrenchvintage.com
boutiquefrenchwine.com
lecurieduparc.eu
nl.boutiquefrenchwine.com
oldcognacdistillery.eu
perignac.eu
uk.boutiquefrenchwine.com

So it won’t work if you try to access your sites using www.domain. Just an example, oldcognacdistillery.eu doesn’t work because you have an automatic redirect from oldcognacdistillery.eu to www.oldcognacdistillery.eu which is not covered in your cert.

Solution: Create a new certificate but this time include both, non-www and www domains.

Cheers,
sahsanu

3 Likes

Hi sahsanu, thanks for the response.

I seem to remember that when I generated the certificate it made it clear that it AUTOMATICALLY included the www. option unless I specifically asked it not to. So, I have generated the certificate on the basis that it will automatically include the www. sub domain.

If this is not working properly how do we get it to the right people to sort out? In the meantime, I will have to regenerate the certificate and add the www. domains manually.

Thanks.

You haven't specified which Let's Encrypt client/plugin you use. If you generate your certificate using control panel of your hosting provider, you should contact their support (www. subdomain was never added on Let's Encrypt side automatically, but client/plugin/whatever you use to obtain certificate from LE may have provided option to include it in certificate request for you).

Hi

I did not use a plug in, I installed the certificates manually following the instructions on the website.

It worked before but it has not worked this time.

I guess you have used https://www.sslforfree.com/ - is that right? If so, there is “Need Help?” link on their page, where you should probably report your issue.

Please note that any website which offers Let’s Encrypt certificates using only browser (with no additional software) is not operated by Let’s Encrypt itself (this is why I’m asking you about website you used - there are numerous sites available, which are not affiliated with each other).

1 Like

Thank you. You are right. I used sslforfree.com!

Not sure of the difference between using them and using lets encrypt direct? if I use lets encrypt direct (can I?) would I still need to refresh the certificate every 90 days?

Also, here is the list of domains on the certificate I just lifted from my godaddy account

anglofrenchvintage.com, boutiquefrenchwine.com, lecurieduparc.eu, nl.boutiquefrenchwine.com, oldcognacdistillery.eu, perignac.eu, uk.boutiquefrenchwine.com, www.anglofrenchvintage.com, www.boutiquefrenchwine.com, www.lecurieduparc.eu, www.oldcognacdistillery.eu, and www.perignac.eu

As you can see all the www. options are listed.

You have to use Let's Encrypt client of some kind (sslforfree.com is considered "in-browser client", there are many others), as there is no simple "direct" UI for obtaining certificate (Let's Encrypt is focused on automating certificate requests and renewals, so there is only API endpoint provided). Whatever you choose, certificate validity stays the same - 90 days.

If you are using shared hosting which doesn't have Let's Encrypt integrated in control panel, you'll always have to renew certificate manually, unfortunately. In this case you have to make sure that you always use your full domains list (including www. subdomains) while renewing certificate.

1 Like

Just to close this and offer my thanks. The sslforfree generator is not adding the www option and I will contact them about it.

In the meantime I tried sahsanu’s suggestion but it gave me issues with not recognising the encryption on the www site folders I added so in thee and I added some internal redirects from www to the Palin domain and it is all working now. I will chase sslforfree when the certificate is next due to expire.

Thanks for both your inputs.

Geoff

This is not a bug - it should not and will not add domains to the list that you did not explicitly request. If you want a certificate to cover domain.com and www.domain.com, you need to list both of those.

Jared

This is from the sslforfree home page (Advanced Options);

Prevent WWW from being Added

We automatically add the www version of the domain if not already added as most users want that implicitly. To remove the www just submit the domains you want to verify then on the verification page near the top click on “Add / Edit Domains” and remove it and submit again.

So the default they are generating should include the www subdomain.

Geoff

It looks like the problem has been solved as requesting a cert for a domain now generates both the domain and the www subdomain. I have resolved my problem so am closing of my comments. Thanks again for your help.

Geoff

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.