Reputation: 1241
Lets Encrypt subdomain not secure
I had an LetsEncrypt SSL certificate for my domain (both domain.com and www.domain.com). Now, I wanted to add workflow.domain.com to the certificate. I tried using the expand option of the certbot with the command below:
certbot -d domain.com -d www.domain.com -d workflow.domain.com --expand
Certbot returned a success response. However, the browser was still showing insecure...
So, I have revoked my certificates to start clean.
I ran the certbot with certbot --apache. It showed my 3 options correctly, so I choose all 3 to be included in the certificate.
The certbot returns without errors, though the browser keeps showing me insecure on workflow.domain.com?
The output of certbot certificates is as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: domain.com
Domains: domain.com workflow.domain.com www.domain.com
Expiry Date: 2019-12-20 15:05:24+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem
-------------------------------------------------------------------------------
Note, the other 2 domains (domain.com and www.domain.com) show as secure
The virtual host config for the subdomain is shown below:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName workflow.domain.com
serverAdmin [email protected]
DocumentRoot /var/www/Domain/Workflow
<Directory /var/www/Domain/Workflow>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
AddType application/x-font-ttf ttc ttf
AddType application/x-font-otf otf
AddType application/font-woff woff
AddType application/font-woff2 woff2
AddType application/vnd.ms-fontobject eot
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =domain.com [OR]
# RewriteCond %{SERVER_NAME} =www.domain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
</IfModule>
Upvotes: 3
Views: 2612
Answers (3)
Reputation: 1600
I had to open the url in incognito mode and it showed that connection is secure
Upvotes: 0
Reputation: 2104
I just had to add this flag to the certbot service in my docker-compose.yml file: (--expand -d someone.me,www.someone.me,bo.someone.me)
command: certonly --webroot --webroot-path=/var/www/html --email [email protected] --agree-tos --no-eff-email --force-renewal --expand -d someone.me,www.someone.me,bo.someone.me
Upvotes: 0
Reputation: 1092
The problem turned out to be missing redirect to https. The rewrite code is commented on the subdomain. You can add these lines to you vhost configuration:
RewriteCond %{SERVER_NAME} = workflow.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Please consider editing the question, so that it reflects the actual problem.
Upvotes: 3
Related Questions
- certbot cannot verify domain and connection refused
- Multiple subdomains with lets encrypt
- Update certificate with certbot to add subdomain
- Ubuntu - trouble securing *.mydomain.com and *.sub.mydomain.com using different certs
- Can I use LetsEncrypt to issue a certificate for a sub-domain that I don't own?
- Appending extra sub-domain to currently existing Let's Encrypt SSL certificate created by Certbot
- How to create a Let’s Encrypt self signed certificate for a subdomain only? (error in post)
- SSL Cert for multiple subdomains in poste.io
- How to add certificate for sub-domain using Lets Encrypt
- Adding subdomains to existing certificate