I have other domains running nicely over _ttps__ (SSL from LE) and renewal is in operation. Two more sites using subdomain and they receive the certificates nicely. But two sites fail to renew their certificates. The new certificates are created with an extra www. added and I can't understand why? These two sites host Atlassian Confluence and Atlassian Jira applications both running on localhost. But why is the SSL certs created with an extra added www_? What could be causing this? Example: _ttps__gyro_chemovix_com receives certificate _ttps__www_gyro_chemovix_com which of course is not valid. More information: Ubuntu Linux 18_04_1 Linux 4_15_0-50-generic on x86_64 Current ISPConfig3 settings: IP-Address: * (on all sites) Domain: gyro_chemovix_com CGI = Yes Auto-Subdomain = None SSL = Yes Let's Encrypt = Yes but returns unticked PHP = CGI Re-direct type = L SEO Redirect = www_domain_ltd => domain_tld Rewrite HTTP to _ttps = Yes SSL Domain = *_gyro_chemovix_com Apache Directives: <Proxy *> Order deny,allow Allow from all </Proxy> SSLProxyEngine On ProxyRequests On ProxyPreserveHost On ProxyPass / _ttp__127_0_0_1:8080/ ProxyPassReverse / _ttp__127_0_0_1:8080/ I have no _htaccess for these sites. The Server Base URLs are correctly set in Atlassian application. SSL was actually running before renewal failed. I, maybe, desperately changed something but without success. Or other sites were added that reveal the true error that was there from start. I do have A record for DNS set as: gyro_chemovix_com_ (with trailing dot) Any hints and tips are welcomed. Thanks.
Do those websites have subdomains or aliasdomains? Those get added to the certificate by ISPConfig automatically. Examine letsencrypt log to see what happens. https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
That's the reason. Wildcard domains are not supported with LE, so when you choose a wildcard subdomain as SSL domain, then this gets converted to www. Choose no wildcard subdomain here.
First I followed Till's advice and removed the wildcard. I was able to obtain self-signed certificates from ISPConfig3 for the correct domains. Then I requested certificates from LE through ISPConfig3. But no - both sites are provided with LE certs with a prefix www. I cannot use prefixed www. and reach my websites. Thanks for the ideas.
You must have wildcard or subdomain www enabled then either in SSL settings or the website or as an alias or subdomain then. Change/remove that www or wildcard auto subdomain and no www subdomain cert will be requested from LE.
I found a working solution. I removed the text in the Val section that included the proxy rewrite. Then I generated the ssl key from Let's Encrypt. That went well. And then I pasted the rewrite text back again. I think that should work for 90 days or so . Today I read that the explanation is that Let's Encrypt function in ISPConfig 3 is unable to find the .well-known folder when I have this rewrite running. The suggested solution is to include the ProxyPass /.well-known/ ! line in the rewrite. My rewrite section for the apache2 server reads: <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /.well-known/ ! SSLProxyEngine On ProxyRequests On ProxyPreserveHost On ProxyPass / h_t_t_p_:_/_/127.0.0.1_:_4321/ ProxyPassReverse / h_t_t_p_:_/_/127.0.0.1_:_4321/ Does this make sense? Will it work 90 days down the line...?
