I added a new site to DNS, and to sites. site dns gets to server fine. but under the site page, when I pull up the site, I have SSL and Lets checked. auto-sub is 'www' as per normal. but when I pull up the site, says its not secure. I look at the certificate and it lists the under Subject Alt names: www.thesite.com but thesite.com is NOT listed as it is when I pull up cert on a working site!!!! that site lists www.thesite.com thesite.com as the Alt DNS names.. so if I go to http:///thesite.com I get cert error. cert is for www.thesite,com not thesite.com any idea why with subdomain www picked as per default it would NOT add thesite.com as an alt name??? I've unchecked SSL and LetsEncrypt, saved, then checked them both again saved. same result!
As mentioned in the Let's encrypt FAQ, use debug mode when doing "I've unchecked SSL and LetsEncrypt, saved, then checked them both again saved." and post the output that you get on the shell when running server.sh as root.
actually problem was explainable and predictable - I had just repointed name servers, and the local isp nameserver had not updated references properly and www.thesite.com and thesite.com pinged different ips! needless to say certbot could talk to the one but not the other so the SSL included only one of the sites!