Hello! I have the following problem when I try to share a link without www on Facebook the debugger throws me the following error: "cURL error": 60 (SSL_CACERT): Cannot validate SSL certificate Either it is self-signed (which will cause warnings in the browser) or it is not valid. However, it works if I try it with www (the anti-spam system of the forum does not let me put links) I have installed the Let's Encrypt SSL certificate via ISPConfig, my website works with and without www in all browsers, furthermore I have checked the SSL status on different sites (like SSLLabs.com) for possible errors, but everything is correct. I do not mind using: www, but some of my customers have their websites adapted for configuration without www. I am using ISPConfig 3.2.1 on a Jessie server on Debian 8 with Apache 2.4.10, PHP 7.4.6 and PHP 5.6.3 I hope you can guide me. Thank you very much.
How are your websites set up? The domain field should contain just the domain name without www and then auto subdomain should be set to 'www'. With this configuration, the LE ssl cert contains the domain without www subdomain as well.
Hi, thanks for answering: I have it set up just like you said: Domain: domain.com Auto-Subdomain: www. However, facebook gives me an error when I insert the URL without www. I don't understand it, because it only happens with Facebook, all other services work correctly. Thanks
Do you have a redirect set from domain.com to www.domain.com? Can you share the domain name (eventually with spaces or in a code block)?
Hello, there are several domains (although I think it happens with all of them) For example: Facebook gives error with this URL: https://ruymantrujillo.com/test/ (This URL has internally links to an image without www) However, this other one is accepted: https://www.ruymantrujillo.com/test2/ (This URL has internally links to an image with www) I have tested this domain as it is hosted without content. Thank you
I have a error with https://ruymantrujillo.com/test/ aswell, so maybe you accepted the incorrect cert in the past and that's why your browser can visit it. Can you try disabling Let's Encrypt and re-enabling it again?
I already tried that once, however I have disabled the SSL again and re-enabled it again. But it doesn't work. I have done several tests on the URL without www and I get good results, for example: https://www.whynopadlock.com/results/8e081285-7bd4-4691-8053-fb552ce74fc9 There must be something I'm missing. Thanks
I found the problem is a IPv4/IPv6 issue: on IPv4, it works. but on IPv6, it doesn't. So all IPv6 clients will have a issue. Most likely you mixed * and IP in the IPv4 address field OR your site is only listening on IPv4. The problem doesn't exist for www. because this only has a A record and not an AAAA record. But removing the AAAA record is not the fix here. Never disable IPv6 because there's a issue, fix it instead. See https://www.ssllabs.com/ssltest/analyze.html?d=ruymantrujillo.com aswell.
Perfect!!. It seems to be solved, I created the AAAA records and added the IPv6 in the domain. Apparently there was also a problem with a particular domain, that domain had lost its configuration in the Apache "sites-enabled" directory, it was no longer a symbolic link but a physical file which was not being updated by ISPConfig. I deleted this file and ISPConfig created the symbolic link again. Till, Th0m... Thank you very much for your help, I could not have done it without you. You are the best. PD: I am very sorry for my English . Regards. Ruymán Trujillo
Glad to hear it was resolved, but it seems like there is no AAAA record for ruymantrujillo.com anymore, so it can not be visited over IPv6. Your english is perfect, no worries!
I had solved it for another much more important domain. Now it also works in ruymantrujillo.com. I also had to completely remove the DNS zones from these domains and create them again. But finally everything works thanks to you. Thanks !!! Ruyman
