SSL Certificate non-www not working
If you’re not using a wildcard certificate, your certificate should include both names in the Subject Alternative Name field. If you’re using OpenSSL, this can be verified by running:
openssl x509 -in /etc/apache2/ssl-certs/domain.com.crt -noout -text |
grep -A1 "Subject Alternative"
This should print output similar to:
X509v3 Subject Alternative Name:
DNS:domain.com, DNS:www.domain.com
If your SSL/TLS software doesn’t support the Subject Alternative Name extension (most modern software should do), the only name the certificate would be valid for is the Common Name (CN) specified in the certificate’s Subject
field. This can be seen by running:
openssl x509 -in /etc/apache2/ssl-certs/domain.com.crt -noout -text | grep Subject:
If the certificate is a wildcard certificate, this would show output similar to:
Subject: OU=Domain Control Validated, CN=*.domain.com
Related videos on Youtube
craphunter
Updated on September 18, 2022Comments
-
craphunter over 1 year
If I am going to type https://www.example.com the site is working. If I am going to type https://example.com the site is not working. The certificate should support example.com and also www.example.com. I do have have European-SSL Certifcate (cheapest one).
Short:
https://www.example.com --> working https://example.com --> not working
What is wrong with the apache2.4.7 config?
<VirtualHost *:80> DocumentRoot "/var/www/domain/live/web" ServerAdmin [email protected] ServerName www.example.de DirectoryIndex app.php <Directory "/var/www/domain/live/web"> Options Indexes FollowSymlinks AllowOverride All Require all granted </Directory> </VirtualHost> <IfModule mod_ssl.c> <VirtualHost _default_:443> DocumentRoot "/var/www/example/live/web" ServerAdmin [email protected] ServerName www.example.com ServerAlias example.com DirectoryIndex app.php <Directory "/var/www/domain/live/web"> Options Indexes FollowSymlinks AllowOverride All Require all granted </Directory> ErrorLog /var/log/apache2/error_log CustomLog /var/log/apache2/access_log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl-certs/example.com.crt SSLCertificateKeyFile /etc/apache2/ssl-certs/example.key SSLCertificateChainFile /etc/apache2/ssl-certs/example.com.ca SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCompression off </VirtualHost>
PS: I am using symfony2.7 - but I guess it does not matter.
-
Froggiz over 8 yearsYou need one certificate for domain and another one for subdomain, else it is a Wildcard certificate and it cas be applied to both. Is it a Wilcard SSL certificate ?
-
MadHatter over 8 yearsWe are unlikely to be able to help without seeing the certificate.
-
Froggiz over 8 yearsWhen you say certificate is not working, that mean site is working but warn with a message that Certificat isn't valid ? Any log in Apache ?
-
craphunter over 8 yearsOh, okay, misspelled, of course the site, not certifcate. I do have an post on Anthony's answer. So the SSL-Certifcate should work for www and non-www https. Am I right?
-
Anthony Geoghegan over 8 yearsAs Froggiz suggested, you should also edit your answer to include relevant entries in the relevant Apache error log. You should also include details of the error reported by the browser when attempting to access
http://www.domain.com
. I presumewww.domain.com
resolves to the correct IP address. -
David Schwartz over 8 years"The site is not working" is not a helpful problem description. What precisely goes wrong?
-
Anthony Geoghegan over 8 yearsTypo: the URL in my comment above should obviously be
https://domain.com
and the hostname should bedomain.com
.
-
-
Anthony Geoghegan over 8 yearsIf this answer doesn't help, the question should be edited to include the information printed by the two OpenSSL commands.
-
craphunter over 8 yearsHi, thanks for the answer! I get exactly DNS:domain.com, DNS:www.domain.com, so https\:\/\/domain.com should work. Am I right? But it doesnot work.
-
Anthony Geoghegan over 8 years@craphunter That's what you should see, alright.
-
Foreever over 5 yearsThis doesn't work as for redirecting from non-www to www, you need ssl for both.