Κυριακή 30 Ιουλίου 2017

[Experience] LetsEncrypt for www and non-www


I'm writing this just to share my recent experience with LetsEncrypt, that might help others.

I have set up a Nextcloud home server on a PC box (x86) I bought recently. It works without problems, and I already had a domain name and an SSL with the help of LetsEncrypt.



I use DDNS for the domain name and specifically duckdns.org, why? Because it's simple to setup and it works as you'd expect.
I decided to register another domain name with duckdns.org and of course set up an SSL with LetsEncrypt. I did what I should, I mean with apache configuration, etc. The site was up and running in a few minutes. Last step was to produce an SSL certificate with LetsEncrypt.
I issued the command:

certbot -d example.com

And it created a valid SSL for the site. It worked as expected. But then I remembered that I did want an SSL for the www version (www.example.com) also, so I issued the command for the second time

certbot -d www.example.com


The Problem

This time it didn't work as expected. Both Google Chrome and Firefox returned the well-known Name Mismatch error and that the certificate was valid only for the first domain name (this without the www).
I thought I did something wrong and I issued both commands for the second time. The error message persisted.
I checked the apache configuration, but nothing seemed to be wrong, and I didn't know what to think.
I searched the Community database for similar problems, but I found nothing close match to mine.


The Solution

I decided to recreate the certificate(s). This time a bit different. I issued the certbot command without any parameters. It asked me for which site(s) I want the certificate and I selected both www and non-www.
It created ONE certificate that is valid for both variations, and now it is working as it should.
I don't know if this is a bug or I had to do it from the beginning, but that method sounds like the correct one.

As a conclusion, when you want to create a certificate with LetsEncrypt, issue the certbot command as it is. Without any parameters and just follow the easy instructions.

Until next time...
Thanks for reading


Δεν υπάρχουν σχόλια:

Δημοσίευση σχολίου