Lets encrypt: www ?

OK so I added a letsencrypt SSL certificate simply by clicking on the request certificate button for a specific domain.

Works fine for https://domain.com

But not for https://www.domain.com

How can I fix that behavior? I’d also like to add some others such as mail.domain.com and host.domain.com (which do not run on apache but I want ssl for my mail).

Ideas? Thanks

First of all, I don’t think you actually need all the domains you mention. For mail, users should be connecting to the underlying server, not to their own domain names.

I read in some of the discussions that in an upcoming release of Virtualmin, they will include some additional domains in the same SSL Certificate. In theory Letsencrypt allows a large number (I think up to 99).

Virtualmin should already have installed a ‘letsencrypt’ command on your server, so you should be able to use it to generate additional SSL certificates. However, the letsencrypt command seems to want a lot of input data. If you can’t figure it out, below is another method.

You can generate Letsencrypt certificates using a Docker image as they document at this link. http://letsencrypt.readthedocs.org/en/latest/using.html#running-with-docker. The Letsencrypt stuff runs inside a Docker container.

You will need to switch off your web server for a few minutes. Then just use the commands they give you, enter the domain names when prompted, and your SSL certificate will arrive a few seconds later. It worked for me quite nicely.

Is there a solution to this problem of generating a certificate using Virtualmin once you have LetsEncrypt properly installed to cover the domain and the www.domain? I can do this manually following the protocols previously published here at the command line. It is pretty sad to have Virtualmin support LetsEncrypt, but not be able to use the simple command as it doesn’t generate usable certificates for most sites (www and @).

Normally you wont need https://domain.com and https://www.domain.com to exist at the same time. It breaks SEO since your site will be ranked against domain.com and www.domain.com

You only need one and write a force forward on the other. Example: redirect 301 your domain.com to www.domain.com

SSL certificates are domain based (only for domain.com), some are domain wide (this includes all @.domain.com)

“Normally normally”. Google knows well enough to combine www and non-www. I have a few other subdomains that I would like to have a certificate for that has nothing to do with SEO (I don’t care about it in this case). The tool should allow me to specify those subdomains easily.

If you have both www.example.com and example.com point to the exact same website, Google will usually figure it out and not penalize you. However, I think it’s better to not live dangerously, and redirect one to the other. This will also help prevent user confusion, because some people will bookmark www.example.com/page1, and later visit example.com/page1 and bookmark it again, and end up with two bookmarks to the same page.

HOWEVER, you still need your ssl certificate(s) to include both www.example.com and example.com. Unlike Google, people’s web browsers will not automatically realize that they are the same website. So even if you redirect one to the other, the user will still see an SSL warning before the redirection occurs. The redirection doesn’t occur until after the ssl connection has completed.

Using the Virtualmin LetEncrypt setup, is there a way to generate a certificate for both www & non-www ?


Would you mind sharing how to create both www & non-www for a domain using the Virtualmin LetEncrypt setup?

I already did. See my posting where I wrote, “If you can’t figure it out, below is another method.”

Apologies if I was not clear Joe443, I will try again with my question.

If you go to Virtualmin > Server Configuration > Manage SSL Certificate > Let’ Encrypt (tab) it is possible to request a certificate by clicking Request Certificate.

I am questioning whether it is possible to request a certificate which covers both the www and non-www domains using this process.

Best that I can tell, the current release of Virtualmin doesn’t include both example.com and www.example.com in the Letsencrypt certificate. I have seen it mentioned in some posting in these forums that the next release will do so. I think you can get verification of this if you search through the forum postings.

I found a pre-release version of the upcoming fix here: https://www.virtualmin.com/node/39341.