SSL Certificate non-www not working

ssl ssl-certificate apache-2.4
7,528

If you’re not using a wildcard certificate, your certificate should include both names in the Subject Alternative Name field. If you’re using OpenSSL, this can be verified by running:

openssl x509 -in /etc/apache2/ssl-certs/domain.com.crt -noout -text |
     grep -A1 "Subject Alternative"

This should print output similar to:

        X509v3 Subject Alternative Name:
            DNS:domain.com, DNS:www.domain.com

If your SSL/TLS software doesn’t support the Subject Alternative Name extension (most modern software should do), the only name the certificate would be valid for is the Common Name (CN) specified in the certificate’s Subject field. This can be seen by running:

openssl x509 -in /etc/apache2/ssl-certs/domain.com.crt -noout -text | grep Subject:

If the certificate is a wildcard certificate, this would show output similar to:

    Subject: OU=Domain Control Validated, CN=*.domain.com
Share:
7,528

Related videos on Youtube

craphunter
Author by

craphunter

Updated on September 18, 2022

Comments

  • craphunter
    craphunter over 1 year

    If I am going to type https://www.example.com the site is working. If I am going to type https://example.com the site is not working. The certificate should support example.com and also www.example.com. I do have have European-SSL Certifcate (cheapest one).

    Short:

    https://www.example.com --> working
https://example.com --> not working

    What is wrong with the apache2.4.7 config?

    <VirtualHost *:80>
DocumentRoot "/var/www/domain/live/web"

ServerAdmin [email protected]
ServerName www.example.de
DirectoryIndex app.php
<Directory "/var/www/domain/live/web">
     Options Indexes FollowSymlinks
     AllowOverride All
     Require all granted
</Directory>
</VirtualHost>

<IfModule mod_ssl.c>
   <VirtualHost _default_:443>

            DocumentRoot "/var/www/example/live/web"
            ServerAdmin [email protected]
            ServerName www.example.com
            ServerAlias example.com
            DirectoryIndex app.php

            <Directory "/var/www/domain/live/web">
                    Options Indexes FollowSymlinks
                    AllowOverride All
                    Require all granted
            </Directory>

            ErrorLog /var/log/apache2/error_log
            CustomLog /var/log/apache2/access_log combined
            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl-certs/example.com.crt
            SSLCertificateKeyFile /etc/apache2/ssl-certs/example.key
            SSLCertificateChainFile /etc/apache2/ssl-certs/example.com.ca
            SSLProtocol All -SSLv2 -SSLv3
            SSLHonorCipherOrder On
            SSLCompression off
   </VirtualHost>

    PS: I am using symfony2.7 - but I guess it does not matter.

    • Froggiz
      Froggiz over 8 years
      You need one certificate for domain and another one for subdomain, else it is a Wildcard certificate and it cas be applied to both. Is it a Wilcard SSL certificate ?
    • MadHatter
      MadHatter over 8 years
      We are unlikely to be able to help without seeing the certificate.
    • Froggiz
      Froggiz over 8 years
      When you say certificate is not working, that mean site is working but warn with a message that Certificat isn't valid ? Any log in Apache ?
    • craphunter
      craphunter over 8 years
      Oh, okay, misspelled, of course the site, not certifcate. I do have an post on Anthony's answer. So the SSL-Certifcate should work for www and non-www https. Am I right?
    • Anthony Geoghegan
      Anthony Geoghegan over 8 years
      As Froggiz suggested, you should also edit your answer to include relevant entries in the relevant Apache error log. You should also include details of the error reported by the browser when attempting to access http://www.domain.com. I presume www.domain.com resolves to the correct IP address.
    • David Schwartz
      David Schwartz over 8 years
      "The site is not working" is not a helpful problem description. What precisely goes wrong?
    • Anthony Geoghegan
      Anthony Geoghegan over 8 years
      Typo: the URL in my comment above should obviously be https://domain.com and the hostname should be domain.com.
  • Anthony Geoghegan
    Anthony Geoghegan over 8 years
    If this answer doesn't help, the question should be edited to include the information printed by the two OpenSSL commands.
  • craphunter
    craphunter over 8 years
    Hi, thanks for the answer! I get exactly DNS:domain.com, DNS:www.domain.com, so https\:\/\/domain.com should work. Am I right? But it doesnot work.
  • Anthony Geoghegan
    Anthony Geoghegan over 8 years
    @craphunter That's what you should see, alright.
  • Foreever
    Foreever over 5 years
    This doesn't work as for redirecting from non-www to www, you need ssl for both.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache2 - SSL is not working
SSL Configuration failed in Apache after moving keys/certs to another machine
ServerAlias without www not working on SSL virtualhost
Should I care that the "server certificate does NOT include an ID which matches the server name"?
How to enable SSL on ubuntu apache2 ec2 instance correctly?
How to make Apache trust a client certificate using an unknown CA, without validating the CA
Apache's deprecated SSLCertificateChainFile directive (AH02559)
Do web Servers send the certificate chain to the Web Client?
CA Certificate not trusted by Firefox
Let's Encrypt SSL Certificate File Not Found Error, but still working