When typing my domain with www warning message pops up for user

ronenin · October 14, 2020, 3:39pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tpoint.club

I ran this command: www.tpoint.club

It produced this output:

My web server is (include version): Apache

The operating system my web server runs on is (include version): windows and mac

My hosting provider, if applicable, is: AWS Lightsail

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Osiris · October 14, 2020, 4:30pm

That's because your certificate is only valid for tpoint.club: it doesn't contain the hostname www.tpoint.club.

You do seem to have a wildcard certificate for tpoint.club and *.tpoint.club, but this certificate isn't used for the hostname www.tpoint.club by your webserver.

Funny thing, the wildcard certificate linked above has a RSA key, but your currently active certificate has a ECDSA key. Both are issued on the same day (2 days ago).

ronenin · October 14, 2020, 6:01pm

Thanks for replying.
so what should I do?

Osiris · October 14, 2020, 6:09pm

That's impossible to say with the information we have now. I could say "Install the correct certificate into your webserver.", but that probably wouldn't help you.

We'd need to know how you got those two certificates and how you've installed the certificate currently in use.

ronenin · October 15, 2020, 6:22am

Lightsail runs bitnami for wordpress.
At the beginning I tried to use a wordpress plugin to configure ssl but it didn't work.
Then I notice that aws provide a tool for lets encrypted so I tried the tool and when it popped up the question about www I probably provided the wrong answer.

This morning I tried to run bncert-tool but it created a problem of ERR_TOO_MANY_REDIRECTS.

_az · October 15, 2020, 6:29am

What's happening here is:

You have Apache configured to redirect https://tpoint.club to https://www.tpoint.club.
You have WordPress configured to redirect https://www.tpoint.club to https://tpoint.club

The combination results in an infinite loop.

The easiest way to prevent the loop is probably to remove the redirect from Apache. It might be in /opt/bitnami/apache2/conf/bitnami/bitnami.conf, have a look around.

ronenin · October 15, 2020, 7:31am

I had this code twice in bitnami.conf so I removed it.

BEGIN: Enable non-www to www redirection

#RewriteCond %{HTTP_HOST} !^www. [NC]
#RewriteCond %{HTTP_HOST} !^localhost
#RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)? #RewriteCond %{REQUEST_URI} !^/\.well-known #RewriteRule ^(.*) http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]

I restated the server and tried to access website but the browser gave me the following message:

(Attachment bitnami.conf is missing)

ronenin · October 15, 2020, 7:34am

Sorry your server rejected the .conf file.
Here is the full code after my changes:

# Default Virtual Host configuration.

<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
</IfVersion>

<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
# BEGIN: Support domain renewal when using mod_proxy without Location
<IfModule mod_proxy.c>
ProxyPass /.well-known !
</IfModule>
# END: Support domain renewal when using mod_proxy without Location
# BEGIN: Enable HTTP to HTTPS redirection
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) [https://%{SERVER_NAME}/$1](https://%{SERVER_NAME}/$1) [R,L]
# END: Enable HTTP to HTTPS redirection
# BEGIN: Enable non-www to www redirection
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ [http://www.%{HTTP_HOST}%{REQUEST_URI}](http://www.%{HTTP_HOST}%{REQUEST_URI}) [R=permanent,L]
# END: Enable non-www to www redirection
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>

# Error Documents
ErrorDocument 503 /503.html

# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
# BEGIN: Support domain renewal when using mod_proxy within Location
<Location /.well-known>
<IfModule mod_proxy.c>
ProxyPass !
</IfModule>
</Location>
# END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

<VirtualHost _default_:443>
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/[www.tpoint.club.crt](http://www.tpoint.club.crt)"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/[www.tpoint.club.key](http://www.tpoint.club.key)"

# BEGIN: Support domain renewal when using mod_proxy without Location
<IfModule mod_proxy.c>
ProxyPass /.well-known !
</IfModule>
# END: Support domain renewal when using mod_proxy without Location
# BEGIN: Enable non-www to www redirection
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ [https://www.%{HTTP_HOST}%{REQUEST_URI}](https://www.%{HTTP_HOST}%{REQUEST_URI}) [R=permanent,L]
# END: Enable non-www to www redirection
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>

# Error Documents
ErrorDocument 503 /503.html

# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
# BEGIN: Support domain renewal when using mod_proxy within Location
<Location /.well-known>
<IfModule mod_proxy.c>
ProxyPass !
</IfModule>
</Location>
# END: Support domain renewal when using mod_proxy within Location
</VirtualHost>

# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

_az · October 15, 2020, 7:37am

Hey @ronenin,

The full configuration you just replied with still contains 3 of those redirects.

ronenin · October 15, 2020, 11:07am

Seems to work well thank you very much for you wonderful support

system · November 14, 2020, 11:07am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.