Good night everyone! I'm suffering from a trouble caused by SSL

#1
------Overview
I am suffering from a trouble caused by SSL when I type in fitpolo.net and visit the site in firefox
It pops up the following error
Can someone help me with this error
Thanks a ton! Took me a lot of time trying to fix it but failed

------More info
I already generate two certificates with certbot but failed to apply both (for www and non-www) to 1 vhost

2019-1-19 星期六 下午 6-43-09.jpg
 

lsqtwrk

Administrator
#8
In addition to David's reply

As you can see in my screenshots , for example of this forum , you can see the cert is valid for both "www.forum.openlitespeed.org" domain and "forum.openlitespeed.org"

while check yours is only for "www.fitpolo.net" , that's why you have SSL error when access non-www domain, you will need to extend it to cover both www and non-www

1.JPG

2.JPG
 
#9
In addition to David's reply

As you can see in my screenshots , for example of this forum , you can see the cert is valid for both "www.forum.openlitespeed.org" domain and "forum.openlitespeed.org"

while check yours is only for "www.fitpolo.net" , that's why you have SSL error when access non-www domain, you will need to extend it to cover both www and non-www

View attachment 162

View attachment 163
You and David are right and I knew it. But the question is how to apply both certs to one vhost? I tried to set one ssl for www or non-www at listener 443->SSL section and then set another in Vhost->SSL section, not working!
I already gave up. Why I replied is to hope to help another one meeting this same problem.
 

lsqtwrk

Administrator
#10
Hi,

From what I know , I don't think it's possible to set up 2 certs for single domain , people issues 1 cert with multiple domains , like in my screenshot.

your issue here, is not about how to configure the webserver to use 2 cert for 1 domain, but how to issue a 2-domains on 1 cert from Let's encrypt.
 
#11
Hi,

From what I know , I don't think it's possible to set up 2 certs for single domain , people issues 1 cert with multiple domains , like in my screenshot.

your issue here, is not about how to configure the webserver to use 2 cert for 1 domain, but how to issue a 2-domains on 1 cert from Let's encrypt.
You might be right. I will have a try when i m free. But with ng its quite easy just one certbot command line.
 

lsqtwrk

Administrator
#12
You might be right. I will have a try when i m free. But with ng its quite easy just one certbot command line.
Hi,

you can do the same with very exact same certbot command ,

when you have certbot command generated the 2-domain cert , set it up in listener if you have only one virtual host on your server, set it on your listener AND vhost if you have multiple vhost.

the listener for 443 MUST have a cert set , this cert doesn't matter and can even be a self-signed , vhost cert will override it and set to client.

best regards,
 
#13
Hi,

you can do the same with very exact same certbot command ,

when you have certbot command generated the 2-domain cert , set it up in listener if you have only one virtual host on your server, set it on your listener AND vhost if you have multiple vhost.

the listener for 443 MUST have a cert set , this cert doesn't matter and can even be a self-signed , vhost cert will override it and set to client.

best regards,
Thank you! If its working I will post the setting screenshot
 
#14
Hi,

you can do the same with very exact same certbot command ,

when you have certbot command generated the 2-domain cert , set it up in listener if you have only one virtual host on your server, set it on your listener AND vhost if you have multiple vhost.

the listener for 443 MUST have a cert set , this cert doesn't matter and can even be a self-signed , vhost cert will override it and set to client.

best regards,
certbot certonly --webroot -w /usr/local/lsws/fitpolo/wp/ -d fitpolo.net
certbot certonly --webroot -w /usr/local/lsws/fitpolo/wp/ -d www.fitpolo.net
I used the above commands to generate certs
What is your command?
 

lsqtwrk

Administrator
#15
try this

Code:
certbot certonly --webroot -w /usr/local/lsws/fitpolo/wp/  -d fitpolo.net -d www.fitpolo.net
the generated cert should be as my screenshot which contains both domains.


best regards,
 
#16
try this

Code:
certbot certonly --webroot -w /usr/local/lsws/fitpolo/wp/  -d fitpolo.net -d www.fitpolo.net
the generated cert should be as my screenshot which contains both domains.


best regards,
Thank you Sir It's normal now. (y)
BTW could you help me check my command 15 2 * * 6 /usr/bin/certbot renew --quiet --post-hook "service lsws reload"
I find something strange. Though I set it reload service but sometimes it still pops up expired ssl error? and To solve it I have to reload the server manually with service lsws reload

Is there something wrong the command?
 

lsqtwrk

Administrator
#17
Thank you Sir It's normal now. (y)
BTW could you help me check my command 15 2 * * 6 /usr/bin/certbot renew --quiet --post-hook "service lsws reload"
I find something strange. Though I set it reload service but sometimes it still pops up expired ssl error? and To solve it I have to reload the server manually with service lsws reload

Is there something wrong the command?
try with command

Code:
/usr/local/lsws/bin/lswsctrl restart
 
Top