Website showing as insecure by Chrome, Firefox

Not www.* but www.outrightsoftware.com.
As long as there is no other VirtualHost which occupies that name, yes :slight_smile:

As a general rule of thumb: all names which the certificate is valid for should be listed as ServerAlias, one of them as ServerName.

1 Like

Thanks for taking out time to reply.

Its still working on with www. Please advise.

<VirtualHost *:443>
DocumentRoot /opt/bitnami/apps/wordpress/htdocs
ServerName outrightsoftware.com
ServerAlias wwww.outrightsoftware.com
SSLEngine on
SSLCertificateFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/fullchain.pem
SSLCertificateKeyFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/private.pem

Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”

<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars

BrowserMatch “MSIE [2-6]”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch “MSIE [17-9]” ssl-unclean-shutdown

Try commenting out ServerAlias and restarting / reloading Apache

I am trying to fix www issue by adding ServerAlias, will that solve the purpose if I remove that?

So you want your site to only respond on https://outrightsoftware.com/ and not https://www.outrightsoftware.com/ ??

Then take out ServerAlias in the Port 443 config and do a redirect on the port 80 for both to redirect to https://outrightsoftware.com/

<VirtualHost *:80>
ServerName outrightsoftware.com
ServerAlias www.outrightsoftware.com
Redirect permanent / https://outrightsoftware.com/
</VirtualHost>

You can also redirect the SSL www site to the non www by adding another vhost configuration

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.outrightsoftware.com
SSLEngine on
SSLCertificateFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/fullchain.pem
SSLCertificateKeyFile /opt/bitnami/apps/wordpress/letsencrypt/live/outrightsoftware.com/private.pem
Include “/opt/bitnami/apps/wordpress/conf/httpd-app.conf”
Redirect permanent / https://outrightsoftware.com/
</VirtualHost>
1 Like

Great, the last section with SSL redirect worked. Thanks a ton for your time and support.

1 Like

Excellent and no problem at all, through our combined efforts @bytecamp glad you are up and running now :+1:

You still offer the wrong certificate when retrieving https://www.outrightsoftware.com/

Expanding ssl certs to domain with www will help you in this situation.
certbot --expand -d outrightsoftware.com -d www.outrightsoftware.com

The certificate is already valid for both domain names. The OP just doesn't have configured Apache to offer it on www.outrightsoftware.com, too.

This cannot work as there are no SSL* statements.

1 Like

LOL … you got me … my brain is really not with it at the moment … (updated it)

I tried by adding ServerAlias, is there any other method?

That was right, but you put a typo in the name:

ServerAlias wwww.outrightsoftware.com

Ooops, Great, this works. Thanks a ton. Is there any way to remove the 2nd certificate as SSLLabs showing 2nd certificate as bad.

Have a look into your configuration. There must be another VirtualHost which references this certificate. I would recommend deleting the whole VirtualHost which uses it - just to clean up your configuration.

Try to find with grep:

$ grep -r SSLCertificateFile /etc/apache2

1 Like

Great, Thanks a ton for the support. I found that in one of the bitnami files. Really helpful.

1 Like

BTW. I had the same problem.

  • on Ubuntu 17.10 with the default apache2 config where all I added was a ServerName directive
  • certbot found the domain and created a new SSL apache config
  • Chrome didn’t trust that site because it couldn’t validate the owner.

The fix was to change SSLCertificateFile from fullcert.pem to cert.pem and add a SSLCertificateChainFile with chain.pem.

My question is why didn’t certbot do the right thing by default?

version 0.19.0

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.