i have a domain lets say example.com
when i type in https://example.com it redirects to a ssl safe version
when i type in example.com or www.example.com it redirects to an unsafe version
example.com and www.example.com should redirect to a safe version
My VPS is from Vultr with Ubuntu and Nginx and i installed an Lets Encrypt Cerrtificate via https://certbot.eff.org/lets-encrypt/ubuntuother-nginx
can you help me? i followed the instructions and i dont know what went wrong?
Related
I am serving my website (Angular App) on an Ubuntu machine on AWS. My domain example.com is registered on GoDaddy. My website is served on AWS. I have set name servers on GoDaddy to point to AWS Route53 Hosted zone. On Route53 I have an A record for example.com along with TXT record. I am using Let's Encrypt for my ssl certificate. I am using Apache2 to serve my website. My https://example.com works fine on all browsers.
I created a CNAME record www.example.com on Route53 to route traffic to example.com. https://www.example.com works fine on Chrome (and on Edge). However, Safari and Firefox complains "site not found" if https://example.com is not cached. If that is cached, it complains "connection is not private".
I have tried different configurations:
in httpd.conf using ServerAlias
configuring separate VirtualHost one for www.example.com and the other for example.com with their own certificates
two separate hosted zones one for example.com and the other for www.example.com
Finally I figured out the issue. The issue was with the certificate generated.
Initially I was trying to generate two certs one with example.com and another with www.example.com.
The actual error when I tried to access www.example.com was: SSL_ERROR_BAD_CERT_DOMAIN, and when I drilled down a bit more, I noticed the cert served was for example.com. On Chrome based browsers, it would switch to example.com and everything was happy. But, Safari and Firefox did not do that and was erring. Since the certs are not readable, it was hard to figure out from the cert itself.
The fix I did was to generate one cert that expand to honor both:
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d example.com -d www.example.com --manual --preferred-challenges dns-01 certonly
I am self-hosting a website on a Debian computer with apache, and in my DNS configuration I have set all subdomains of my domain (*.mydomain.com) to go to the IP of my Debian computer. How do I configure apache so that if someone goes to a subdomain that doesn't have a virtual host, I have a separate file for each subdomain, they get a 404 error instead of seeing the content on the root domain? I have tried editing the 000-default.conf file and put the following in it:
<VirtualHost *:80>
ServerName null
Redirect 404 /
</VirtualHost>
<VirtualHost *:443>
ServerName null
Redirect 404 /
</VirtualHost>
But now when I got to mydomain.com I get the following error:
This site can’t provide a secure connection
mydomain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Oddly if I go to one of the subdomains that I have configured for mydomain.com it works correctly and I see the page that should be on the subdomain.
Your connection is not private
error messages comes from the certificate used which is probably not valid for the domain you're connecting to.
Wilcard certificates such as *.mydomain.com are valid for 'third-Level.mydomain.com' but NOT for 'somthing.third-Level.mydomain.com' which requires a wildcard like '*.third-Level.mydomain.com'.
You can get free and valid wildcard certificates from Let's Encrypt (https://letsencrypt.org/)
And, instead of adding port 443 to 000-default.conf, use the default-ssl.conf file. Enable default-ssl.conf using a2enconf default-ssl, and then remove the 443 from the 000-default.conf. And then, restart/reload apache using systemctl restart apache2
I have created a subdomain for a domain. I successfully added SSL to the domain but it gives the below error for the subdomain:
selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
My DNS is correct. I can access the http version of the subdomain site without any problem.
I even added subdomain and IP to /etc/hosts
My goal is to add an SSL certificate to subdomain via certbot --apache -d www.sub.example.com -d sub.example.com
I have five more domain on my virtual host and I created SSL certificates for all of them without any problem.
I have tried to change sub directory address...change NameAlias...
I got the below error:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I solved this issue. I added subdomain to ServerAlias and certbot --apache -d sub.example.com works. However, someone suggested me to add AAAA record for my subdomain and try certbot --apache -d www.sub.example.com again.
I'm running apache with on a multi-tenant server with vhost sites configured.
So I have a vhost for domain1.com that has SSL cert defined in the vhost file. Then I have domain2.com that does not have SSL cert defined. If I visit https://domain2.com, the browser pulls up the website for domain1.com, then of course displays a broken SSL cert warning in the browser.
The way I'm trying to correct this is:
First, in the vhost.conf file for domain2 I've put this:
<VirtualHost ip:443>
ServerName domain2.com
DocumentRoot /var/www/domain2/
SSLEngine on
SSLCertificateFile /var/certs/cert.crt
SSLCertificateKeyFile /var/certs/cert.key
Redirect permanent / http://www.domain2.com
</VirtualHost>
Of course this client doesn't actually own their own SSL certificate, so I'm pointing it to a certificate file for one of our domains. This in some instances gives a certificate warning to the user when they visit https://www.domain2.com or https://domain2.com. (in Chrome I can go to https://domain2.com and get redirected without a warning)
Of course generating a self-signed cert to use for this purpose also throws a cert warning. If I remove the "SSLEngine On" directive so I don't have to specify a cert at all, it essentially breaks SSL on the entire server and no sites work right.
How can I successfully do this without having to worry about users getting the certificate warning, and simply redirect all their HTTPS requests for domain2.com to HTTP?
You can't.
The only way to have a proper redirect without certificate warnings is to have a proper certificate for the domain you want to redirect from.
A redirect is done at the HTTP level, that is inside the TLS tunnel created by the HTTPS connection. Thus the clients first needs to create the TLS connection before it can get the redirect. But creating the TLS connection already results in the certificate issue because name in the URL and in the certificate do not match.
Another way is to move all SSL hosts to one IP address and all other hosts to another IP address. This way the client will not get a certificate warning but will see that there is no HTTPS on this address.
I have a new Plesk 12 installation. I have configured a domain (example.com) with hosting that also requires wildcard subdomains.
To achieve this I had to create a vhost.conf file with
ServerAlias *.example.com
This works and I can go to anything.example.com with no issue.
I purchased a wildcard SSL certificate for *.example.com and successfully installed it.
If I go to https://example.com, it works perfectly and shows the correct certificate, however if I go to https://anything.example.com it tells me the connection is untrusted, when I view the certificate, it shows the Parallels Plesk self certified certificate and not my purchased certificate.
I created a vhost_ssl.conf with
ServerAlias *.example.com
ServerAlias *.example.com:443
If I add an exception, then I am taken to the correct place, albeit with the incorrect certificate.
Of course I have executed httpdmng --reconfigure-domain example.com and also tried a full reboot.
In summary:
http://example.com - works
http://anything.example.com - works
https://example.com works with my certificate
https://anything.example.com has Parallels certificate but routes to correct page
How about create same directive for nginx?
cat /var/www/vhosts/system/domain.tld/conf/vhost_nginx.conf
server_name *.domain.tld;
Actually all this can be done from Plesk GUI: