We Keep Coding

Certbot / letsencrypt Error with [non-www] domain after generating [www] certificate

I setup two sites (links below) using certbot and entered the "www." portion of the domain when generating the HTTPS certificate resulting in non-www URL's for both sites causing an error.
There are many similar questions on StackOverflow but none have fixed my issue so far.
Related Links
https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
https://letsencrypt.org/
Working Domains
https://www.fastsitephp.com/en/
https://www.dataformsjs.com/#/en/
Invalid Domains (because of the missing 'www.')
https://fastsitephp.com/en/
https://dataformsjs.com/#/en/
Attempted Fix Commands
sudo certbot certonly --standalone -d fastsitephp.com -d www.fastsitephp.com
sudo certbot delete --cert-name www.fastsitephp.com
Chrome will re-direct to the 'www' site using the above links however the error is clear from Firefox and Mobile Safari
Server
Ubuntu 18.04 LTS with Apache
HELP! What can I do to fix this without having to setup a new server and changing the URL. Ideally the severs would support both www and non-www; however if it can't be fixed an Apache url re-write would also be acceptable.
Thank you in advance!

I ended up solving it myself. The primary issue is that Certbot still leaves the HTTP->HTTPS redirect it created and some other Apache config settings even after running delete (this assumes you selected redirect from HTTP to HTTPS on the original setup).
In case someone else has this issue and needs to fully delete a certificate generated by Certbot here are the commands that I used:
sudo certbot delete
cd /etc/apache2/sites-enabled
ls
sudo nano 000-default.conf
# Remove the redirect
sudo rm 000-default-le-ssl.conf
# Also any file other SSL files such as [000-default-le-ssl.conf.sav]
sudo certbot --apache
# enter both Domains "example.com www.example.com"
sudo service apache2 restart

Wildcard SSL certificates for multiple subdomain

I have a system with multiple clients. Each client has their own subdomain.
client1.example.com
client2.example.com
...
At the server side, all requests are redirected to *.example.com. Then my business logic reads the subdomain (like client1) and gives response to the client accordingly.
So basically, I do not configure each subdomain on the server. I just add it to my database and my code handles it properly.
I am trying to apply wildcard SSL certificates to all these subdomains. Also, I want all future clients to automatically get https.
But I don't know how to configure this. I have tried using Let's Encrypt, but no luck. The actual domain example.com gets https but not the client domains.
Any help with configuration would be really helpful.
Or, may be, this setup is just not possible. I don't know.
Please help.
P.S. example.com is just a dummy domain I am referring to.
P.P.S. I use apache2 web server on Ubuntu 16.04 x64

Well, it is possible. I now have a certificate in place for *.example.com and it works on all my arbitrary subdomains, viz.,
client1.example.com
client2.example.com
...
I followed these steps:
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x ./certbot-auto
$ sudo ./certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns \
-d *.example.com
Then using the files created at /etc/letsencrypt/live/example.com/, I updated the values from my control panel (I use Vestacp)
cat /etc/letsencrypt/live/example.com/cert.pem
^ Copy contents into “SSL Certificate” field.
cat /etc/letsencrypt/live/example.com/privkey.pem
^ Copy contents into “SSL Key” field.
cat /etc/letsencrypt/live/example.com/chain.pem
^ Copy contents into “SSL CA / Intermediate” field.
Make changes according to your control panel.
Follow this article for detailed steps and explanation.

Forcing HTTP redirect to HTTPS is ignoring subdomains

I have set up a Apache server with the 3 virtual hosts tomrouse.me, dev.tomrouse.me and server.tomrouse.me. All of the virtual hosts worked fine. When I went to each one, it would take me to the index for that site.
But when I added SSL and forced HTTP to redirect to HTTPS, it is now always going to the tomrouse.me virtual host no matter what subdomain I request.
Files I have in available sites in Apache:
SSL configuration for Apache:
I dont think it is a issue with the virtual hosts, as all were working fine until I added SSL with redirects using the python-letsencrypt-apache program.

All fixed, i went wrong by trying to install the ssl in all sub domains at once did a full reinstall then did each one one at a time and it works fine!
For example:
This is what it tells you to do (this will not work):
sudo letsencrypt --apache -d tomrouse.me -d dev.tomrouse.me -d server.tomrouse.me
I reinstalled the server the same but did this part like this:
sudo letsencrypt --apache -d tomrouse.me
sudo letsencrypt --apache -d dev.tomrouse.me
sudo letsencrypt --apache -d server.tomrouse.me
and selected the force https like i did before for each this is a fix if you have the same issie however if you already did it the first way you have to restart as far as i know i tryed doing this after the first way and it dint work.
Correct format of apache config files:
All of the ssl config files should be created by the lets encrypted program https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

Multiple subdomains with lets encrypt

I have an attractive message indicating me that it is unfortunately not possible to generate a certificate for multiple subdomains:
Wildcard domains are not supported: *.mynewsiteweb.com
On the other hand it would be possible to generate it one by one for each subdomain.
Is there a better solution? Thank you :)
Edit
Now Certbot supports the Wildcard since 0.22.0 version (2018-03-07)
Links
Automatic script: https://certbot.eff.org
Documentation: https://certbot.eff.org/docs
Thanks
Certbot ❤
Jahid
Ozzy Tashtepe
trojan
Jay Riley

Prior to support for wildcards I found it necessary to explicitly list each domain on a certificate in the form
… -d example.com -d www.example.com -d blog.example.com -d www.blog.example.com …
(which due to complexities in the odd mix of redirected domains I'm using worked best with the --webroot authentication).
Thanks to Trojan's explanation and documentation here:
https://certbot.eff.org/docs/install.html?highlight=wildcard
I was able to generate wildcard certs that are live now. Unfortunately there is not a plugin for EasyDNS.com yet, so I had to perform manual validation (Where Trojans example saved the day). With this approach I was able to generate a certificate in the form
… -d *.example.com -d example.com -d *.blog.example.com …
Since (for example's sake) blog.example.com was already covered by the *.example.com wildcard, I only had to add the wildcard for *.blog.example.com. In fact certbot would not allow redundancy (complained if I tried to include both *.example.com and www.example.com).
Currently available plug-ins are listed here:
https://certbot.eff.org/docs/using.html#dns-plugins
As of this writing they include these DNS providers:
certbot-dns-cloudflare
certbot-dns-cloudxns
certbot-dns-digitalocean
certbot-dns-dnsimple
certbot-dns-dnsmadeeasy
certbot-dns-google
certbot-dns-luadns
certbot-dns-nsone
certbot-dns-rfc2136
certbot-dns-route53
Perhaps I'll take a peek over the weekend and see how hard it is to write a plug-in for my own DNS provider.

it is unfortunately not possible to generate a certificate for multiple subdomains
Not true. It is possible to generate a cert for multiple sub-domains. Just include those subdomains in the configuration file by their names:
domains = example.org, www.example.org, sub.example.org, www.sub.example.org
Then run certbot with the configuration file:
certbot-auto -c config.ini
You will have to verify ownership for each domain.
See more about configuration file.

I just went through the process of generating a single Let's Encrypt certificate for multiple subdomains. There were some minor challenges that I encountered and resolved. I posted a short article in the link below explaining the leasons learned I gained when installing Let's Encrypt digital certificates on my Apache web server which provides HTTP and HTTPS access to multiple subdomains.
My most important "lesson learned" is that you need to create a VirtualHost for the HTTP access AND a VirtualHost for each subdomain accessible via HTTPS. IMPORTANT: Each VirtualHost definition must be specified in a single configuration file. The Let's Encrypt certbot will not operate correctly if multiple VirtualHosts are defined within a single configuration file. I defined three (3) VirtualHosts in three (3) different configuration files below. The dummy.conf file serves no functional purpose within Apache (i.e., it will not cause an unnecessary 999 listening port), but it is absolutely necessary for digital certificates to be successfully generated by the Let's Encrypt certbot.
Then you can run the following command to generate the certificate:
certbot certonly -d example.com -d www.example.com
https://www.hueyise.com/index.php/letsencrypt

Wildcard domains are now supported by certbot (from ver. 0.22)
Domain will have to be validated via DNS (you will have to add _acme-challenge.yourdomain.tld TXT record to your DNS entry with random generated value)
Example:
certbot-auto --server https://acme-v02.api.letsencrypt.org/directory -d *.example.pl --manual --preferred-challenges dns-01 certonly

Lets Encrypt SSL Wildcard/multiple subdomain support will be available starting from February 27, 2018 officially.
We introduced a public test API endpoint for the ACME v2 protocol and
wildcard support on January 4, 2018. ACME v2 and wildcard support will
be fully available on February 27, 2018
Source: https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

Change webroot-path of registered letsencrypt cert

I am new with Let's Encrypt certificate. I registered my domain for a nginx server at digitalocean.com following this command
cd /opt/letsencrypt ./letsencrypt-auto certonly -a webroot
--webroot-path=/usr/share/nginx/html -d mydomain.com -d www.mydomain.com
and it works fine. Then i have changed my webroot path to /var/www/xxx for my domain.
Now when i trying to renew my letsencrypt certificate it's getting error.
Then i rollback my webroot path, try again and the renewal works perfectly.
Now my question is how can i change my registered webroot-path for Let's Encrypt?

change it in /etc/letsencrypt/renewal/mydomain.conf
set
authenticator = webroot
webroot_path=/var/www/xxx/
and key moment that took me several hours to figure out - configure webrooth path with webroot_path=/var/www/xxx/ not with webroot-path=/var/www/xxx, note the underscore

You don't have to roll back your webroot path in nginx, just change the webroot value when run let's encrypt script.
/opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/var/www/xxx -d mydomain.com -d www.mydomain.com
The letsencrypt script requires your webroot because the authentication is based on files that added to your webroot, which should be under /.well-known/acme-challenge/, the authentication process including external requests to those files so if the two webroot values doesn't match, you will see an error because the auth server couldn't reach that file. Every time you try to get/renew a cert, just make sure you pass exact the same root value from nginx to let's encrypt.