Hello,
This is my certificate
Certificate Name: foro.losumo.com
Domains: foro.losumo.com www.foro.losumo.com
Expiry Date: 2019-06-01 08:20:10+00:00 (VALID: 75 days)
Certificate Path: /etc/letsencrypt/live/foro.losumo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/foro.losumo.com/privkey.pem
This URL works fine https://foro.losumo.com
but this URL https://www.foro.losumo.com gives me this error
What did I do wrong?
Thanks
You probably forgot to include the www in the vhost config.
You should find lines like:
ServerName foro.losumo.com
ServerAlias www.foro.losumo.com
Here is my virtual host
<Directory /var/www/html/losumo.com/public_html>
Require all granted
</ Directory>
<VirtualHost *:80>
ServerName foro.losumo.com
ServerAlias www.foro.losumo.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/foro.losumo.com/public_html
ErrorLog /var/log/apache2/foro.losumo.com.error.log
CustomLog /var/log/apache2/foro.losumo.com.access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.foro.losumo.com [OR]
RewriteCond %{SERVER_NAME} =foro.losumo.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</ VirtualHost>
Or, since now I see that you are using CloudFlare, you may need to include the WWW in their configuration.
curl -Iki https://foro.losumo.com
HTTP/2 200
date: Sun, 17 Mar 2019 20:40:10 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d039532466cdcf62530df81c129ddf7b81552855208; expires=Mon, 16-Mar-20 20:40:08 GMT; path=/; domain=.losumo.com; HttpOnly
set-cookie: phpbb3_bkj55_u=1; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/; domain=foro.losumo.com; secure; HttpOnly
set-cookie: phpbb3_bkj55_k=; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/; domain=foro.losumo.com; secure; HttpOnly
set-cookie: phpbb3_bkj55_sid=dd39125225706a00e81f29ab92d2bb36; expires=Mon, 16-Mar-2020 20:40:10 GMT; path=/; domain=foro.losumo.com; secure; HttpOnly
cache-control: private, no-cache=“set-cookie”
expires: Sun, 17 Mar 2019 20:40:10 GMT
expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct”
server: cloudflare
cf-ray: 4b91c7bf6b4ab955-MIA
curl -Iki https://www.foro.losumo.com
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Name: foro.losumo.com
Addresses: 2606:4700:30::681c:aba
2606:4700:30::681c:bba
104.28.10.186
104.28.11.186
Name: www.foro.losumo.com
Addresses: 2606:4700:30::681c:bba
2606:4700:30::681c:aba
104.28.10.186
104.28.11.186
losumo.com is using cloudflare, but not foro.losumo.com
Maybe I should add it too?
Hi @fernandoch
the site use Cloudflare:
| Host | T | IP-Address | is auth. | ∑ Queries | ∑ Timeout |
|---|---|---|---|---|---|
| foro.losumo.com | A | 104.28.10.186 | yes | 1 | 0 |
| A | 104.28.11.186 | yes | 1 | 0 | |
| AAAA | 2606:4700:30::681c:aba | yes | |||
| AAAA | 2606:4700:30::681c:bba | yes | |||
| www.foro.losumo.com | A | 104.28.10.186 | yes | 1 | 0 |
| A | 104.28.11.186 | yes | 1 | 0 | |
| AAAA | 2606:4700:30::681c:aba | yes | |||
| AAAA | 2606:4700:30::681c:bba | yes |
But the Cloudflare certificate is a wildcard without the www-version:
CN=sni.cloudflaressl.com, O="CloudFlare, Inc.",
L=San Francisco, S=CA, C=US
13.03.2019
13.03.2020
expires in 362 days sni.cloudflaressl.com,
losumo.com, *.losumo.com - 3 entries
www doesn't work:
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
Hi @JuergenAuer
And do you know how to fix it?
These may be your internal ip addresses.
But your public ip addresses are 104.28.10.186 etc.
If you want to use Cloudflare, you must have a complete certificate before you activate Cloudflare.
So first deactivate Cloudflare, so the 37.... is your public ip address. Then create a correct certificate, then activate Cloudflare.
Or use the Cloudflare - integrated solution.
A few hours earlier I have updated the page
and added a link to the Cloudflare blog @schoen had shared.
I had the complete certificate before activating cloudflare.
Maybe. But we can't check it. We see only Cloudflare.
Oh, wait. I can check it. But I need your complete ip.
Or check it direct using my tool - https://check-your-website.server-daten.de/
Yesterday I have added a new field - Hostname.
So it's possible to add the ip address in the main field and the hostname in the extra field.
Then you can check it without having a dns A- or AAAA entry.
So you need two checks: Both with the same ip address and one time the non-www, the other time the www domain name in the hostname field.
Just removed the certificate and created it again but now with cloudflare…
A bit lost in here, what to do? Should I remove cloudflare and stay without it?
Recheck the domain to see if it works - https://check-your-website.server-daten.de/?q=foro.losumo.com
You need to either disable Cloudflare’s proxy on https://www.foro.losumo.com/ or buy a Dedicated Certificate with Custom Hostname that matches that hostname from Cloudflare.
I will disable cloudflare from all the domain I guess…
With that https://check-your-website.server-daten.de/?q=foro.losumo.com what do we get?
The last check is one hour old - (that post Weird certificate problem - #7 by JuergenAuer ).
If you have changed your configuration, then you can recheck your domain.
But if I recheck, then what?
Is there a proper way to have a certificate with cloudflare? Or better to remove cloudflare?
The tool is only an online tool to see the configuration. Without too much manual checks.
There are a lot of websites using Cloudflare. But I don't know the details, I don't use Cloudflare. You can use it with an own working certificate. But then you need first a working configuration, then activate Cloudflare.
