SSL working on root, but not on www

(Nick Research) #21

I did it through app.yml

It now seems to be working. The issue I think was that I had an A record for the subdomain www (as in instead of using a CNAME record. For anyone reading this in future, the right config seems to be:

  1. An A record pointing to the IP address of your host (e.g. Digital Oceans droplet)
  2. A CNAME record with * pointing to (and NOT

With this setup the letsencrypt through app.yml works a treat. Thanks all

( #22

Hi ,
@ Nick Research
I have exactly same problem.

Can you explain the solution ? What must i do ?

Thank you in advance.

(Nick Research) #23

Hi @atozsoft I’m not sure how to answer your question–look through the thread at my previous post describing my setup, and then this post with the changes to that.

Where are you up to? What errors are you getting?

If you give some more information then I might be able to help you.

(Jay Pfaffman) #24

Setting up Let’s Encrypt with Multiple Domains does sort-of what you want it to do. You’ll need to make some modifications. There was a another topic on the same issue recently.

( #25

Thank you Nick,

When i install discourse i only entered my domain without www. So www version has no certificate. Now i want to add certificate to www version too. But i am not sure how can do this exactly.

Thank you.

(Nick Research) #26

With my setup my issue was not with the letsencrypt certificate, but rather with the way that my DNS records were setup. That’s what makes troubleshooting hard, because your DNS, your letencrypt and your app.yml all need to be aligned to make this work.

My understanding is that to “make www. work” there are two options:

(1) is to make sure that your letsencrypt works for the subdomain so that people can access your site through - this is probably ideal, but I never got this working. See responses from @pfaffman and @dionbeukes and ignore mine if this is what you are after.

(2) is more simple which is to setup the DNS for your site so that anyone typing in the simply gets taken to the automatically–they won’t get any security warnings.

You do this through your DNS (e.g., in your host provider) by making sure that you have a CNAME record for but not

(Michael Brown) #27

This is almost always going to break your entire domain. For this to do the Right Thing your DNS server has to do CNAME flattening.

(Nick Research) #28

I’m glad you know what’s going on.

I probably need the disclaimer that my posts are simply what worked for me with this issue, where my setup is digital oceans server and dreamhost domain management with their one click let’s encrypt cert.

I’m definitely no expert on this!