LetsEncrypt domain.com and www.domain.com

[thad]

I tried to run DietPi-LetsEncrypt with both example.com and http://www.example.com in the Domain field. I've tried it with a comma, I've tried adding -d between the domains. None of these are working for me.

My solution was to run DietPi-LetsEncrypt twice, once with each domain. Then I duplicated the VirtualHost section in /etc/apache2/sites-available/000-default-le-ssl.conf and took out the 'www' in the second block.

That seemed to work but there must be a better way. Did I miss an early configuration file option?

Can you add the option to user "--test-cert" for testing and setup? I'm sure I'm about to hit the rate limit.

[Fourdee]

Hi Thad,

DietPi-LetsEncrypt is just a frontend for Let Encrypt Auto with a few additions to work with DietPi (eg: cron). Also, if the ServerName does not exist in /etc/apache2/sites-available/000-default.conf , DietPi will add the url you're using in the menu once only. It may be worth checking that file to ensure the ServerName is matching the same value you're using in the menu.

When you select the menu to create the cert, the following is run:

Code: Select all

./letsencrypt-auto --duplicate --agree-tos $cli_redirect --rsa-key-size $LETSENCRYPT_KEYSIZE --email $LETSENCRYPT_EMAIL -d $LETSENCRYPT_DOMAIN

We did have another user report issues with non www. urls, but I'am unable to replicate it on my network. I simply use the example.com and it works 1st time.

Wish I could help more, but I cant seem to break it. LetsEncrypt with or without www. works everytime on my network.

[thad]

Fourdee, thanks for pointing me in the right direction.

I made of copy of VirtualHost for both domain.com and http://www.domain.com.

Code: Select all

 
#/etc/apache2/sites-available/000-default.conf
UseCanonicalName Off

<VirtualHost *:80>
	ServerAdmin user@domain.com
        ServerName domain.com
	DocumentRoot /var/www

	ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin user@domain.com
        ServerName www.domain.com
        DocumentRoot /var/www

        ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>

And then successfully ran letsencrypt-auto.

Code: Select all

/etc/letsencrypt_scripts/letsencrypt-auto --duplicate --agree-tos $cli_redirect --rsa-key-size 2048 --email user@domain.com -d domain.com -d www.domain.com

Both domains are now happily https and test well on https://www.ssllabs.com/ssltest/index.html.

Will I need to setup a cron job manually for renewal?

[Fourdee]

Fourdee, thanks for pointing me in the right direction.

I made of copy of VirtualHost for both domain.com and http://www.domain.com.

Code: Select all

 
#/etc/apache2/sites-available/000-default.conf
UseCanonicalName Off

<VirtualHost *:80>
	ServerAdmin user@domain.com
        ServerName domain.com
	DocumentRoot /var/www

	ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin user@domain.com
        ServerName www.domain.com
        DocumentRoot /var/www

        ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]
</VirtualHost>

And then successfully ran letsencrypt-auto.

Code: Select all

/etc/letsencrypt_scripts/letsencrypt-auto --duplicate --agree-tos $cli_redirect --rsa-key-size 2048 --email user@domain.com -d domain.com -d www.domain.com

Both domains are now happily https and test well on https://www.ssllabs.com/ssltest/index.html.

Will I need to setup a cron job manually for renewal?

Hi Thad,

As this setup is unique, the cron job created in dietpi-letsencrypt only works on 1 domain name. I can create a script for you that will run both domains as a cron.monthly if you need it.

Before I do that, i need to ask (just to be sure) . Are you using domain.com as the domain name, or, are you changing it before posting?

[thad]

<whisper>Actually domain.com isn't my real domain name.</whisper>

[Fourdee]

<whisper>Actually domain.com isn't my real domain name.</whisper>

Cron monthly job (change details as needed):

Code: Select all

cat << _EOF_ > /etc/cron.monthly/dietpi-letsencrypt
#!/bin/bash
{
	#////////////////////////////////////
	# DietPi-LetsEncrypt Autorenew script
	#////////////////////////////////////

	#----------------------------------------------------------------
	# Main Loop
	#----------------------------------------------------------------
	/etc/letsencrypt_scripts/letsencrypt-auto --duplicate --agree-tos --no-redirect --rsa-key-size 2048 --email user@domain.com -d domain.com -d www.domain.com
	#----------------------------------------------------------------
	exit
	#----------------------------------------------------------------
}
_EOF_
chmod +x /etc/cron.monthly/dietpi-letsencrypt

Test with:

Code: Select all

/etc/cron.monthly/dietpi-letsencrypt

Change when cron.monthly will run:

Code: Select all

dietpi-cron

[thad]

Perfect! Thank you.