LetsEncrypt domain.com and www.domain.com

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
thad

LetsEncrypt domain.com and www.domain.com

Post by thad »

I tried to run DietPi-LetsEncrypt with both example.com and http://www.example.com in the Domain field. I've tried it with a comma, I've tried adding -d between the domains. None of these are working for me.

My solution was to run DietPi-LetsEncrypt twice, once with each domain. Then I duplicated the VirtualHost section in /etc/apache2/sites-available/000-default-le-ssl.conf and took out the 'www' in the second block.

That seemed to work but there must be a better way. Did I miss an early configuration file option?

Can you add the option to user "--test-cert" for testing and setup? I'm sure I'm about to hit the rate limit.
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: LetsEncrypt domain.com and www.domain.com

Post by Fourdee »

Hi Thad,

DietPi-LetsEncrypt is just a frontend for Let Encrypt Auto with a few additions to work with DietPi (eg: cron). Also, if the ServerName does not exist in /etc/apache2/sites-available/000-default.conf , DietPi will add the url you're using in the menu once only. It may be worth checking that file to ensure the ServerName is matching the same value you're using in the menu.

When you select the menu to create the cert, the following is run:

Code: Select all

./letsencrypt-auto --duplicate --agree-tos $cli_redirect --rsa-key-size $LETSENCRYPT_KEYSIZE --email $LETSENCRYPT_EMAIL -d $LETSENCRYPT_DOMAIN
We did have another user report issues with non www. urls, but I'am unable to replicate it on my network. I simply use the example.com and it works 1st time.

Wish I could help more, but I cant seem to break it. LetsEncrypt with or without www. works everytime on my network.
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
thad

Re: LetsEncrypt domain.com and www.domain.com

Post by thad »

Fourdee, thanks for pointing me in the right direction.

I made of copy of VirtualHost for both domain.com and http://www.domain.com.

Code: Select all

 
#/etc/apache2/sites-available/000-default.conf
UseCanonicalName Off

<VirtualHost *:80>
	ServerAdmin user@domain.com
        ServerName domain.com
	DocumentRoot /var/www

	ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin user@domain.com
        ServerName www.domain.com
        DocumentRoot /var/www

        ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>
And then successfully ran letsencrypt-auto.

Code: Select all

/etc/letsencrypt_scripts/letsencrypt-auto --duplicate --agree-tos $cli_redirect --rsa-key-size 2048 --email user@domain.com -d domain.com -d www.domain.com
Both domains are now happily https and test well on https://www.ssllabs.com/ssltest/index.html.

Will I need to setup a cron job manually for renewal?
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: LetsEncrypt domain.com and www.domain.com

Post by Fourdee »

thad wrote:Fourdee, thanks for pointing me in the right direction.

I made of copy of VirtualHost for both domain.com and http://www.domain.com.

Code: Select all

 
#/etc/apache2/sites-available/000-default.conf
UseCanonicalName Off

<VirtualHost *:80>
	ServerAdmin user@domain.com
        ServerName domain.com
	DocumentRoot /var/www

	ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin user@domain.com
        ServerName www.domain.com
        DocumentRoot /var/www

        ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>
And then successfully ran letsencrypt-auto.

Code: Select all

/etc/letsencrypt_scripts/letsencrypt-auto --duplicate --agree-tos $cli_redirect --rsa-key-size 2048 --email user@domain.com -d domain.com -d www.domain.com
Both domains are now happily https and test well on https://www.ssllabs.com/ssltest/index.html.

Will I need to setup a cron job manually for renewal?
Hi Thad,

As this setup is unique, the cron job created in dietpi-letsencrypt only works on 1 domain name. I can create a script for you that will run both domains as a cron.monthly if you need it.

Before I do that, i need to ask (just to be sure) :). Are you using domain.com as the domain name, or, are you changing it before posting?
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
thad

Re: LetsEncrypt domain.com and www.domain.com

Post by thad »

<whisper>Actually domain.com isn't my real domain name.</whisper>
User avatar
Fourdee
Site Admin
Posts: 2788
Joined: Tue Feb 06, 2007 1:36 pm

Re: LetsEncrypt domain.com and www.domain.com

Post by Fourdee »

thad wrote:<whisper>Actually domain.com isn't my real domain name.</whisper>
:)

Cron monthly job (change details as needed):

Code: Select all

cat << _EOF_ > /etc/cron.monthly/dietpi-letsencrypt
#!/bin/bash
{
	#////////////////////////////////////
	# DietPi-LetsEncrypt Autorenew script
	#////////////////////////////////////

	#----------------------------------------------------------------
	# Main Loop
	#----------------------------------------------------------------
	/etc/letsencrypt_scripts/letsencrypt-auto --duplicate --agree-tos --no-redirect --rsa-key-size 2048 --email user@domain.com -d domain.com -d www.domain.com
	#----------------------------------------------------------------
	exit
	#----------------------------------------------------------------
}
_EOF_
chmod +x /etc/cron.monthly/dietpi-letsencrypt
Test with:

Code: Select all

/etc/cron.monthly/dietpi-letsencrypt
Change when cron.monthly will run:

Code: Select all

dietpi-cron
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
thad

Re: LetsEncrypt domain.com and www.domain.com

Post by thad »

Perfect! Thank you.
Post Reply