SSL is not valid for www.domain.com

Installation
1

My SSL is not valid for www.domain.com but it is with domain.com

How would I make it secure with www? I have the free SSL you get upon self hosting discourse

2

You can’t.

Lets Encrypt is free too, so :man_shrugging:

3

Yeah I know it’s free, but what’s a method to encrypt www?

Since I have it to direct to domain.com but it pops up with “this site is not secure” when going through www

4

Because it is created only for apex, or you are referring it wrong where ever you are trying to terminate it.

Discourse creates SSL when installed. And it’s by Lets Encrypt. So perhaps you should ask from what ever company now gave it to you.

I don’t totally understand why to bother.

5

Because when you visit www.mysite.com, it prompts with “This site is unsecure, do you wish to continue” type of message, then it redirects to the SSL version (https). I’ll ask Lets Encrypt on any solutions.

6

You have to create it for www too.

If you create it by manually you have to use something like certbot certonly --nginx -d domain.com -d www.domain.com. Basically every sub-domain needs its own.

I don’t know how it is now, but wildcard certificate (same for apex and every subdomains) didn’t work too well when created using Lets Encrypt.

But again. You don’t need to worry that, because Discourse does it for you — except if your DNS settings are wrong or some other reason when your forum is unreachable.

7

Sorry I don’t exactly understand, DNS works fine I guess, its just a URL redirect.

www → https://domain.com
this part says

www.domain.com doesn't support a secure connection
You are seeing this warning because this site does not support HTTPS

But when using domain.com its fine.

Should I try certbot certonly --nginx -d domain.com -d www.domain.com?

8

I don’t know what you should try, Idon’t even know what you are trying to do, how and where.

All I try to say is:

  • you need different certificates for apex and www, or your sites in web server are configurated wrong
  • you don’t need to do anything because Discourse creates SSL certificate for you when setting up a forum
9

There’s a topic on this:

3 Likes
10

Thank you.

after_ssl:
   # tell letsencrypt what additional certs to get
    - replace:
        filename: "/etc/runit/1.d/letsencrypt"
        from: /--keylength/
        to: "-d site.com -d www.mysite.com --keylength"
    - replace:
        filename: "/etc/runit/1.d/letsencrypt"
        from: /--fullchainpath/
        to: "-d site.com -d www.mysite.com --fullchainpath"

So this should make the www go to mysite.com? Or is it the opposite way around?

11

No. It gives to you two certificates. One for apex, one for www.

1 Like
12

If your hostname is site.com then you have it right. And that seems to be the case.

It’s generally recommended that your site be at www.site.com and have the apex domain redirect to the www. What I would do is change your hostname to www.site.com and do it the other way around.

I think that it gives one certificate that is valid for both.

2 Likes