Hi all, I switched from a GoDaddy certificate to Let's Encrypt for my domain + subdomains (all configured as subdomains in ISPConfig) and now https://vmsources.com works (as well as all subdomains without www) but https://www.vmsources.com produces an HSTS error. I cleared HSTS in Chrome as well with no difference I had auto-subdomain set to www and I have tried *. as well with no change. THX -John I have explored these pages and I can't make a relation.: https://www.thesslstore.com/blog/cl...TS Settings,related errors cannot be bypassed. https://community.letsencrypt.org/t/letsencrypt-not-working-with-www/106668/2 https://community.letsencrypt.org/t/ssl-not-working-with-www-prefix/64647
Wildcard will definitely not work, but all sub-domains work, is rather confusing to me. Do you mean subfolders instead? Do retry with www, then uncheck and recheck LE SSL box. A simple check that I'll do thereafter would be to see if www is included in the domain renewal conf. But of course you should follow the LE FAQ and check LE log for details if your problem persisted.
Loading www.vmsource.com in browser and checking the certificate shows it is for share.vmsources.com, support.vmsources.com and vmsources.com. That is , www is not included in the certificate. Like @ahrasis wrote, check www gets included in the certificate. It should be, LE includes all subdomains automatically.
Thanks guys - all three of your posts have been helpful to me in the past. I made the conclusion that my build of ISPConfig was hinkey. It has been unusually problematic in strange small ways. First there was the random number warning while installing ISPConfig, then after installation the password I set (and confirmed because I could still see it in Putty) wouldn't work so I had to reset in in the DB. After that, when I logged in to ISPConfig - it looked healthy but none of the services were started! I had to put check-boxes in manually and click save. Thereafter it looked & reported healthy and took my migration (only one site with subdomains). With this last issue of WWW, I decided to build again from scratch. This time the password took, all the services were started by default, ISPConfig updated, additional PHP installed, etc. I am going to start over and let you know! THX
Well I'm back with the same/similar issues on new (very careful) build. It maght all be related to this issue: https://www.howtoforge.com/community/threads/i-seem-to-be-missing-ispserver-pem.84637/ My build of ISPConfig doesn't seem to be generating the bundle or pem? THX again for reading!
If I un-check Let's Encrypt SSL button and then save, when I re-check the button and save, it automatically un-checks itself. After that the site is unreachable due to HSTS issues. Fortunately I have a VMware Snapshot that is able to revert me to a working certificate. I also noticed this in /etc/letsencrypt/renewal/vmsources.com.conf that neither www, nor any new subdomains get included/added. Code: # renew_before_expiry = 30 days version = 0.27.0 archive_dir = /etc/letsencrypt/archive/vmsources.com cert = /etc/letsencrypt/live/vmsources.com/cert.pem privkey = /etc/letsencrypt/live/vmsources.com/privkey.pem chain = /etc/letsencrypt/live/vmsources.com/chain.pem fullchain = /etc/letsencrypt/live/vmsources.com/fullchain.pem # Options used in the renewal process [renewalparams] account = c8fdsafdsa4f87705c1ae1234567890 rsa_key_size = 4096 server = https://acme-v02.api.letsencrypt.org/directory authenticator = webroot webroot_path = /usr/local/ispconfig/interface/acme, [[webroot_map]] share.vmsources.com = /usr/local/ispconfig/interface/acme support.vmsources.com = /usr/local/ispconfig/interface/acme vmsources.com = /usr/local/ispconfig/interface/acme
OK, Thanks. I am continuing with my interim build of ISPConfig as it has partly working Let's Encrypt Certificates.
Auto-subdomain is not www, so that should explain why www is missing from certificate. Have you followed the LE error FAQ to determine why LE can not get the certificate? https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Actually, it was Auto-subdomain WWW most of the time. I had only recently switched it out of desperation. I had reviewed: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ several times but missed the importance of: . My DNS is correct on the inside and outside and the server points to 8.8.8.8, but it is behind NAT - this seems to have made the difference! THX Taleman!!!!
