Not www.* but www.outrightsoftware.com .
As long as there is no other VirtualHost
which occupies that name, yes
As a general rule of thumb: all names which the certificate is valid for should be listed as ServerAlias
, one of them as ServerName
.
1 Like
Thanks for taking out time to reply.
Its still working on with www. Please advise.
<VirtualHost *:443>
DocumentRoot /opt/bitnami/apps/wordpress/htdocs
ServerName outrightsoftware.com
ServerAlias wwww.outrightsoftware.com
SSLEngine on
SSLCertificateFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/fullchain.pem
SSLCertificateKeyFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/private.pem
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”
<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
BrowserMatch “MSIE [2-6]”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch “MSIE [17-9]” ssl-unclean-shutdown
Try commenting out ServerAlias and restarting / reloading Apache
I am trying to fix www issue by adding ServerAlias, will that solve the purpose if I remove that?
So you want your site to only respond on https://outrightsoftware.com/ and not https://www.outrightsoftware.com/ ??
Then take out ServerAlias in the Port 443 config and do a redirect on the port 80 for both to redirect to https://outrightsoftware.com/
<VirtualHost *:80>
ServerName outrightsoftware.com
ServerAlias www.outrightsoftware.com
Redirect permanent / https://outrightsoftware.com/
</VirtualHost>
You can also redirect the SSL www site to the non www by adding another vhost configuration
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.outrightsoftware.com
SSLEngine on
SSLCertificateFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/fullchain.pem
SSLCertificateKeyFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/private.pem
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”
Redirect permanent / https://outrightsoftware.com/
</VirtualHost>
1 Like
Great, the last section with SSL redirect worked. Thanks a ton for your time and support.
1 Like
Excellent and no problem at all, through our combined efforts @bytecamp glad you are up and running now
You still offer the wrong certificate when retrieving https://www.outrightsoftware.com/
gotham
November 29, 2017, 11:42am
29
Expanding ssl certs to domain with www will help you in this situation.
certbot --expand -d outrightsoftware.com -d www.outrightsoftware.com
gotham:
Expanding ssl certs
The certificate is already valid for both domain names. The OP just doesn't have configured Apache to offer it on www.outrightsoftware.com , too.
This cannot work as there are no SSL*
statements.
1 Like
LOL … you got me … my brain is really not with it at the moment … (updated it)
I tried by adding ServerAlias, is there any other method?
That was right, but you put a typo in the name:
ServerAlias wwww .outrightsoftware.com
Ooops, Great, this works. Thanks a ton. Is there any way to remove the 2nd certificate as SSLLabs showing 2nd certificate as bad.
Have a look into your configuration. There must be another VirtualHost
which references this certificate. I would recommend deleting the whole VirtualHost
which uses it - just to clean up your configuration.
Try to find with grep:
$ grep -r SSLCertificateFile /etc/apache2
1 Like
Great, Thanks a ton for the support. I found that in one of the bitnami files. Really helpful.
1 Like
wscott
December 28, 2017, 1:27pm
38
BTW. I had the same problem.
on Ubuntu 17.10 with the default apache2 config where all I added was a ServerName directive
certbot found the domain and created a new SSL apache config
Chrome didn’t trust that site because it couldn’t validate the owner.
The fix was to change SSLCertificateFile
from fullcert.pem
to cert.pem
and add a SSLCertificateChainFile
with chain.pem
.
My question is why didn’t certbot do the right thing by default?
version 0.19.0
system
Closed
January 27, 2018, 1:27pm
39
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.