• 3
name

I have a wildcard certificate from Let's Encrypt for a website (*.storyfortwo.com).

When I go to http://storyfortwo.com or http://www.storyfortwo.com (no SSL) they are both redirected to https://www.storyfortwo.com and it loads properly.

On https://www.storyfortwo.com (with WWW) all is well too.

When I go to https://storyfortwo.com (without WWW), it gives me ERR_CERT_COMMON_NAME_INVALID error.

I use Apache2 (2.4.29) with VirtualHost files:

<VirtualHost *:80>
    ServerName storyfortwo.com
    ServerAlias www.storyfortwo.com
    DocumentRoot /var/www/storyfortwo.com/www

    # Redirect Requests to SSL
    Redirect permanent / https://www.storyfortwo.com/
</VirtualHost>

and

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName storyfortwo.com
        ServerAlias www.storyfortwo.com
        DocumentRoot /var/www/storyfortwo.com/www    

        ErrorLog ${APACHE_LOG_DIR}/storyfortwo.com.error.log
        CustomLog ${APACHE_LOG_DIR}/storyfortwo.com.access.log combined

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/storyfortwo.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/storyfortwo.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/storyfortwo.com/chain.pem

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory /var/www/storyfortwo.com/www>
            SSLOptions +StdEnvVars
            AllowOverride All
            Require all granted
        </Directory>

    </VirtualHost>
</IfModule>

What am I doing wrong?

*.example.com does not match example.com. You need a certificate with your bare domain as either the CN, which is common for wildcards, or as a SAN (Subject Alternative Name).

  • 3
Reply Report
      • 1
    • Only from http. With https, https negotiation will take effect, and thus the error, before any redirection can occur.

Do you have the domain storyfortwo.com added to the certificate? Without it storyfortwo.com does not match the wildcard *.storyfortwo.com in the certificate.

  • 2
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags