Over on my personal website https://elliotcooper.com I encountered a problem when I created a redirect from https://www.elliotcooper.com to https://elliotcooper.com. The web server, in this case, Apache2, first negotiates the HTTPS connection before doing the redirect.
This was a problem because the Let’s Encrypt certificate I generated was only valid for the Common Name (CN) elliotcooper.com. This caused my browser to display a certificate warning as the certificate didn’t include the CN www.ellitocooper.com.
I’ve also noticed this elsewhere when I click on links that are different, usually it’s the wwws, to the CN in the certificate.
The problem was easily solved by using Certbot utility to add additional CNs to the certificate it generates and renews for my site.
All you need to do is to use the certbot utility with its –expand option.
Here is the command I ran to generate a certificate for elliotcooper.com and www.elliotcooper.com:
certbot certonly --expand -d elliotcooper.com -d www.elliotcooper.com
You can add as many hostnames as you like by just appending them with a -d.
Taking a look at the certificate with OpenSSL :
openssl x509 -in /etc/letsencrypt/live/elliotcooper.com/cert.pem -text
We can see the following sections:
Subject: CN = elliotcooper.com
X509v3 Subject Alternative Name:
DNS:elliotcooper.com, DNS:www.elliotcooper.com
The certificate now allows the webserver redirection from https://www.elliotcooper.com to https://elliotcooper.com without any errors.