Letsencrypt Error SSL with WWW & letsencrypt certificates

How did you create/obtain letsencrypt ssl certificate ? Did you setup centmin mod nginx vhost via centmin.sh menu option 2 to create both http and https ssl vhost (yes to self-signed ssl creation) ?

When you create a new nginx vhost domain via centmin.sh menu option 2 or /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

• Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
• Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
• Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
• Vhost public web root will be at /home/nginx/domains/newdomain.com/public
• Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags | Centmin Mod Community

If you answered yes to self-signed ssl certificate auto generation at time of centmin mod vhost generation via centmin.sh menu option 2, you will need to switch from self-signed ssl to letsencrypt web browser trusted ssl certs with below steps.

• All steps outlined at Nginx SPDY SSL Configuration are still valid (exception is you do not need to create the ssl settings themselves as 123.08 stable and higher auto generate those when you answer yes to self-signed ssl creation during centmin.sh menu option 2) references HTTP/2 changes needed. You just need to do the unified file and file concatenation of your SSL providers provided files.
• To switch from self signed SSL to paid SSL see sections at Nginx Vhost & NSD DNS Setup (including setting for http to https redirect)

 

you don't need the php location context as the php.conf include file takes care of that

Code (Text):

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

as to ssl, how did you setup letsencrypt ssl certificate ? sounds like when you created the letsencrypt ssl certificate you did not add the www. version of your domain to common name of ssl certificate and only setup letsencrypt ssl certificate to use non-www. You need for the letsencrypt ssl certificate to cover both www. and non-www version of your domain

 

You only installed letsencrypt, you actually hadn't done the command to issue the ssl certificate itself

 

see webroot authentication method in docs User Guide — Let's Encrypt 0.5.0.dev0 documentation and very early version of my webroot testing at SSL - Letsencrypt Free SSL certificates with web root authentication method | Centmin Mod Community

Code (Text):

letsencrypt certonly --webroot -w /home/nginx/domains/example.com/public -d www.example.com -d example.com

 

the domain name's DNS needs to be valid and pointing to the same server IP as the server you're running the letsencrypt command from

the error message already mentions this

 

check using whatsmydns.net could be the dns servers letsencrypt uses hasn't updated yet

if it's still a problem try post on official letsencrypt issuance tech forums at Issuance Tech - Let's Encrypt Community Support

in the past certain dns servers had issues, not sure if they corrected it

edit: this was posted 3 days ago DNS problem: query timed out looking up A? - Issuance Tech - Let's Encrypt Community Support

 

history status page shows planned maintenance and dns issue too Let's Encrypt Status