Www subdomain is not working

sung · May 2, 2023, 11:02am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: goeasyshuttle.com

I ran this command: www.goeasyshuttle.com

It produced this output: "Your connection is not private
Attackers might be trying to steal your information from www.goeasyshuttle.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID" Plus when I checked 'SSL Server Test', I got this outcomes "Common names: goeasyshuttle.com Alternative names: goeasyshuttle.com

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntu 22

My hosting provider, if applicable, is: AWS ec2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

griffin · May 2, 2023, 12:40pm

Hi

You need to acquire and install a new certificate that covers both goeasyshuttle.com and www.goeasyshuttle.com.

sung · May 3, 2023, 8:14am

Hi, Griffin

Thank you for your prompt reply

Do I need to uninstall the certificate first before install a new one?

In Nginx configuration I added 'goeasyshuttle.com' and 'www.goeasyshuttle.com' as well

"server {
server_name goeasyshuttle.com www.goeasyshuttle.com ;"

Is this okay? or do I need to do something else?

Sorry for too many questions

Thanks in advance
Peter

MikeMcQ · May 3, 2023, 1:18pm

No. If you explain how you got your first cert we can give more specific advice. Are you using Certbot for this cert the same as your certs from earlier threads?

That is a good step but I don't think you did it right. Requests to goeasyshuttle.com and the www domain do not return the same results. One gives a 301 redirect and the other a 404 page not found to requests for your home page.

sung · May 4, 2023, 12:26am

Thank you again for your reply, much appreciated

I just followed the instructions as follows;

sudo apt update

sudo apt install snapd

sudo snap install core; sudo snap refresh core

sudo apt-get remove certbot

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot/usr/bin/certbot

sudo certbot --nginx

sudo certbot renew --dry-run

Here are the configuration of Nginx

server {
    server_name goeasyshuttle.com www.goeasyshuttle.com ;

    location = /favicon.ico { access_log off ; log_not_found off ; }
    location /static/ {
        root /home/ubuntu/github/goeasy;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/goeasyshuttle.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/goeasyshuttle.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = goeasyshuttle.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name goeasyshuttle.com www.goeasyshuttle.com ;
    return 404; # managed by Certbot
}

MikeMcQ · May 4, 2023, 2:45am

What happens if you run this command?

sudo certbot --nginx -d goeasyshuttle.com -d www.goeasyshuttle.com

rg305 · May 4, 2023, 4:31am

What shows?:
certbot certificates

And you need to change:

To:
return 301 https://$host$request_uri;

So that it can forward both names.

sung · May 4, 2023, 6:58am

You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/goeasyshuttle.com.conf)

It contains these names: goeasyshuttle.com

You requested these names for the new certificate: goeasyshuttle.com,
www.goeasyshuttle.com.

Do you want to expand and replace this existing certificate with the new
certificate?

(E)xpand/(C)ancel: E

sung · May 4, 2023, 7:00am

Which part has to be changed to "return 301 https://$host$request_uri;" this one?

rg305 · May 4, 2023, 4:06pm

The three lines of code should only be one line of code.

MikeMcQ · May 4, 2023, 4:48pm

You can do it like Rudy suggests with just the one return 301 and remove the other return 404 too. But, Certbot may have already changed it since you got the second name in the cert now. Had you given Certbot both names to start with it would have made your port 80 server block like this:

sung:

server {
    if ($host = goeasyshuttle.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = www.goeasyshuttle.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name goeasyshuttle.com www.goeasyshuttle.com;
    return 404; # managed by Certbot
}

sung · May 5, 2023, 3:21am

Thanks a lot. all good now

sung · May 5, 2023, 3:21am

Thanks a lot. All good now

system · June 4, 2023, 3:22am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.