I'm using https://www.sslshopper.com/ssl-checker.html to check my site, and it's failing with this error message:
None of the common names in the certificate match the name that was entered (example.net). You may receive an error when accessing this site in a web browser. It looks like you just need to add the "www." when accessing the site with SSL. Learn more about name mismatch errors.
My 000-default-le-ssl.conf is set up like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName example.net
ServerAlias www.example.net
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.net
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/www.example.net-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.net-0001/privkey.pem
</VirtualHost>
<VirtualHost *:80>
ServerName example.net
ServerAlias www.example.net
Redirect permanent / https://www.example.net/
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>
</VirtualHost>
Is it because I only have SSLCertificateFiles for www.example.net and I'm missing one for example.net? I tried to force a redirect to www.example.net to work around this if so.
(Update: Solved below)
