https on www.site.com and site.com

Question

All seems well with my site on https://bejebeje.com.

I want the same on https://www.bejebeje.com.

The site is hosted on an Ubuntu VPS with nginx, for the certs I am using Certbot.

Here's what I did. For my site config I started with:

server {
    server_name   www.bejebeje.com bejebeje.com;
    location / {
        proxy_pass         http://localhost:5010;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

I then ran certbot --nginx and that updated my .conf file to:

server {
    server_name   www.bejebeje.com bejebeje.com;
    location / {
        proxy_pass         http://localhost:5010;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/bejebeje.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/bejebeje.com-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = bejebeje.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name   www.bejebeje.com bejebeje.com;
    listen 80;
    return 404; # managed by Certbot
}

Is Certbot messing up somehow? Cause the above, even after reload nginx config is giving me the following when I navigate to https://www.bejebeje.com

Well i looked up your website and for me it seems like you forgott to add "-d www.bejebeje.com" to your certbot command. So this certificate isn't valid for this "www". The CN in Certificate informations in your firefox doesn't contain *.bejebeje.com so it's not a wildcard certificate. Did you check this? — Lorem ipsum, Sep 11 '20 at 11:09
I'm an idiot, thank you @LukasRäpple, that was it. When I ran `certbot --nginx` command, it listed the sites, but I only selected the number for `bejebeje.com`, I should have also selected the number for `www.bejebeje.com` (separate numbers by commas). My bad. Thank you so much. All is good now. — J86, Sep 11 '20 at 12:07
@LukasRäpple This is an answer, and you can post it as an answer below. — Michael Hampton, Sep 11 '20 at 16:22

score 1 · Accepted Answer · answered Sep 11 '20 at 17:24

Your certificate isn't valid for www.bejebeje.com, but only for bejebeje.com. You probably forgot to add -d www.bejebeje.com option to your certbot command. Also your certificate isn't a wildcard certificate. So in order to resolve this problem add www.bejebeje.com with certbot.

https on www.site.com and site.com

1 Answers1