Welcome to Centmin Mod Community
Become a Member

Letsencrypt Error SSL with WWW & letsencrypt certificates

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Askancy, Mar 28, 2016.

  1. Askancy

    Askancy New Member

    9
    1
    3
    Mar 27, 2016
    Ratings:
    +1
    Local Time:
    6:27 AM
    Hello, I installed SSL with letsencrypt, but if I write the url of my site with www, gives me the error that you see in the image.
    [​IMG]
    This is my DNS configuration on DigitalOcean.
    [​IMG]
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    How did you create/obtain letsencrypt ssl certificate ? Did you setup centmin mod nginx vhost via centmin.sh menu option 2 to create both http and https ssl vhost (yes to self-signed ssl creation) ?

    When you create a new nginx vhost domain via centmin.sh menu option 2 or /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags | Centmin Mod Community

    If you answered yes to self-signed ssl certificate auto generation at time of centmin mod vhost generation via centmin.sh menu option 2, you will need to switch from self-signed ssl to letsencrypt web browser trusted ssl certs with below steps.
     
  3. Askancy

    Askancy New Member

    9
    1
    3
    Mar 27, 2016
    Ratings:
    +1
    Local Time:
    6:27 AM
    Hello and thanks for your reply, In /usr/local/nginx/conf/conf.d folder I have only miosito.it.conf, there is no files miosito.it.ssl.conf...
    End this is the content of the file conf:

    Code:
    server {
        listen 80;
        server_name www.miosito.it miosito.it;
        return 301 https://miosito.it$request_uri;
    
        root /home/nginx/domains/miosito.it/public;
        index index.php index.html index.htm;
    
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    
    }
    
    server {
        ssl on;
        listen 443 ssl http2;
        server_name  miosito.it www.miosito.it;
        access_log /home/nginx/domains/miosito.it/log/access.log combined buffer=256k flush=60m;
        error_log /home/nginx/domains/miosito.it/log/error.log error;
        #rewrite_log on;
        root /home/nginx/domains/miosito.it/public;
        ssl_dhparam /etc/ssl/private/dhparams.pem;
        ssl_certificate      /etc/letsencrypt/live/miosito.it/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/miosito.it/privkey.pem;
        #include /usr/local/nginx/conf/ssl_include.conf;
    
        # Enable HSTS, only for HTTPS!
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
        add_header Content-Security-Policy upgrade-insecure-requests;
    
    
    
        #include /usr/local/nginx/conf/protect_upload_directories.conf;
        #include /usr/local/nginx/conf/real_admin_protect.conf;
        #include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
        #include /usr/local/nginx/conf/errorpage.conf;
        include /usr/local/nginx/conf/vts_server.conf;
      }
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    you don't need the php location context as the php.conf include file takes care of that
    Code (Text):
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }

    as to ssl, how did you setup letsencrypt ssl certificate ? sounds like when you created the letsencrypt ssl certificate you did not add the www. version of your domain to common name of ssl certificate and only setup letsencrypt ssl certificate to use non-www. You need for the letsencrypt ssl certificate to cover both www. and non-www version of your domain
     
  5. Askancy

    Askancy New Member

    9
    1
    3
    Mar 27, 2016
    Ratings:
    +1
    Local Time:
    6:27 AM
    That's precisely what I did to install the SSL certificate:
    Code:
    mkdir -p /etc/ssl/private
    chmod 710 /etc/ssl/private
    cd /etc/ssl/private
    openssl dhparam -out dhparams.pem 2048
    chmod 600 dhparams.pem
    service nginx stop
    sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
    cd /opt/letsencrypt
    ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth
    
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    You only installed letsencrypt, you actually hadn't done the command to issue the ssl certificate itself
     
  7. Askancy

    Askancy New Member

    9
    1
    3
    Mar 27, 2016
    Ratings:
    +1
    Local Time:
    6:27 AM
    Excuse me, can you tell me what I forgot? o_O
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  9. Askancy

    Askancy New Member

    9
    1
    3
    Mar 27, 2016
    Ratings:
    +1
    Local Time:
    6:27 AM
    Excuse me if I answer only now, but I was out for work.
    I run the command you gave me only that I receive this error:
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    the domain name's DNS needs to be valid and pointing to the same server IP as the server you're running the letsencrypt command from

    the error message already mentions this ;)

     
  11. Askancy

    Askancy New Member

    9
    1
    3
    Mar 27, 2016
    Ratings:
    +1
    Local Time:
    6:27 AM
    I have checked the DNS domain (which is in the screenshot that I have put in the first post) and it seems fine...
     
  12. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5
  13. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,139
    Local Time:
    2:27 PM
    Nginx 1.13.x
    MariaDB 5.5