Let’s Encrypt to Include Root and www with Re-Direct

Today I'm going to show you how to create a Let's Encrypt SSL request that includes not only the root of the domain, but also www. For example, using our domain here at Matrix 7 the SSL certificate issued by Let's Encrypt would include matrix7.com.au and www.matrix7.com.au. This article assumes you have Let's Encrypt installed and running on your server. We created an earlier tutorial on how to install Let's Encrypt here...

I'm carrying this process out on Ubuntu 20.04, but this procedure will work in other flavours of Linux as well. First, log onto your server via SSH and if you have previously created a SSL certificate for your domain, ensure you delete it before you commence the tutorial. This can be done with the following syntax:

certbot delete --cert-name mydomain.com

Replace mydomain.com in the example above with the domain you've previously setup a Let's Encrypt request for. Also, you should delete the the certbot created conf file mydomain.com.le-ssl.conf that is located in /etc/apache2/sites-available. Finally, you need to edit the virtual host mydomain.com.conf file to remove the certbot redirect so all I had was the raw virtual host and ensured that is contained an alias for www like so:

ServerAlias www.mydomain.com.au

Your virtual host file should look something like this:

<VirtualHost *:80>
	ServerAdmin support@mydomain.com
	DocumentRoot "/var/www/html/mydomain.com/public"
	ServerName mydomain.com
	ServerAlias www.mydomain.com
	ErrorLog "/var/www/html/mydomain.com/log/error.log"
	CustomLog "/var/www/html/mydomain.com/log/error.log" combined

<Directory /var/www/html/mydomain.com/public/">
	DirectoryIndex index.html index.php
	Options FollowSymLinks
	AllowOverride All
	Require all granted
</Directory>
</VirtualHost>

Now that we have a clean slate, let's start:

The actual syntax to create a Let's Encrypt request for root and www for your domain is very simple and is as follows:

certbot --apache -d mydomain.com -d www.mydomain.com

Just replace mydomain.com in the example above with your actual domain and follow the setup prompts. Allow the setup to create the re-direct when prompted and this will automatically insert a rewrite rule at the bottom of your virtual host conf file like the example below:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I'm using Apache as the web server so when you've finished the above steps it's good practice to force a reload using the following syntax:

systemctl reload apache2

That's it your task is complete. Your site will now re-direct to a valid SSL certificate for both the root of the domain as well as www and anyone visiting your site will not get a certificate error. This will work for any other sub domain you need by simply including those within the certbot request.

If you've found this useful, you may want to sign up to our newsletter where you'll receive notices on when we post new articles and helpful "how tos". Just fill out your details below and we'll do the rest…

No Comments Yet.

Leave a comment


Sign up to our newsletter where you’ll receive notices on when we post new articles and helpful “how tos” to make your IT life easier.