SSL Certificat missing URL

Hi there,

I had today the issue, that a Website had problems with the SSL Certificate and the www. subdomain.

I had all the settings from your side, but it seemed that for www.example .com used the example .com certificate.

But in my honest opinion, why does the cleavr script not include the www. version in the request if you already take care of the www. redirection.

I had to install and run certbot myself to get it working.

I presume that the DNS Settings have an issue.
What it is:
example .com A 192.168.1.1
www. example .com A 192.168.1.1

What it should be in my eyes
example.com A 192.168.1.1
www.example .com CNAME @

Somehow, some browsers redirected from www.example .com automatically to example .com, but some browsers didn’t and pushed the error. So regarding that the IT of the client (DNS Manager) tells me it’s on our end, but where we put a CNAME in the dns ourselfs it worked fine, i’m a bit lost :frowning:

My 2 Requests/questions:

  1. What is the issue exactly?
  2. Could the www. also be included in the ssl generation? Or that we can add multiple domains to it?

Hello @Houbsi,

Welcome to the Cleavr forum and thanks for asking your questions!

If using the LetsEncrypt SSL, we do apply it to just the domain you set the site up with during site creation. We do this to reduce instances where either the www record or even the @ record aren’t configured and pointing to the correct IP to reduce chances of not being able to apply SSL.

Most browsers will just redirect at the server level without any fuss. But you are correct, some browsers may not like www not having a cert and may display the cert warning.

You can add the www record post site creation by going to the site > SSL Creation, click Edit SSL Certificate under the ellipsis menu, and then add the new domain - such as in the example below.

This will then issue a new cert including the added domains.

Using a CNAME is another way to do it. In this case, the CNAME is at the DNS level, maps to the non-www address, which points to the IP. So, the redirect is basically done at the DNS level whereas if WWW is an A record that points to the server’s IP, the request will redirect at the server level where some browsers (or apps) may flag an issue if the www record doesn’t have SSL.

I hope that helps answer questions!

Please let me know if anything is unclear or if you have additional questions.

3 Likes

Thanks :slight_smile: Fixed and worked like a charm @amiedema

some remarks:

  • If you install a 2nd SSL, it deactivates the old one, so why have the possibility to install multiple ones?
  • Maybe include some tip in the interface so that someone does not forget to include the www. if needed :slight_smile:
1 Like