Open andre-stefanov opened 4 years ago
saghul
commented
4 years ago Then we'd also need to have nginx configured appropriately. TBH this setup is supposed to be as simple as possible, and it's already complex enough.
If you can provide a PR, I'll take a look though.
Mixermachine
commented
4 years ago I second this. I have many users with little knowledge of computers and they sometimes simply type www. before every web address. This often happens when they get invited over the phone to a session (I ordered a three char domain especially for this case).
It would also be possible if we could have a HTTP redirect from www.example.com to example.com? Another possibility is to always request example.com and www.example.com. This should not hurt anybody and would provid a secure connection for everyone.
aminvakil
commented
4 years ago It would hurt me :)
Many people use meet.example.com like me and they don't set a www.meet.example.com record in their DNS, so just changing the code to certbot -d example.com -d www.example.com would result in error in these cases, this should be an option for those who want to append www to their certificates.
Mixermachine
commented
4 years ago Many people use
meet.example.comlike me and they don't set awww.meet.example.comrecord in their DNS
@aminvakil Are you sure this is needed? I have not experienced this problem till now. When I created my Jitsi server I did not specify a www subdomain. Also, when I try to access my other services (like Nextcloud) behind a nginx reverse proxy with just the nextcloud.example.com service specified, www.nexctloud.example.com hits the same service with not problem.
aminvakil
commented
4 years ago Are you sure this is needed? I have not experienced this problem till now.
@Mixermachine Yes, I'm sure.
There isn't anything magical about www, it's just a subdomain like another subdomains, you can check www.meet.jit.si.
Maybe your DNS server automatically creates a CNAME record with a www prefix to your newly created A record, or maybe your browser checks your url without www.
Although not all dns servers does that and not all browsers (I can say for Firefox) does that.
Mixermachine
commented
4 years ago @aminvakil Yes you are right. www.meet.jit.si indeed does not work. I have looked it up and my server is automatically created with an asterix for all subdomains.
Does somebody know a way how we can execute a command on bash with a string parameter? I dont think the current way can be extended for 1...n amount of subdomains
if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
if ! certbot-auto \
certonly \
--no-self-upgrade \
--noninteractive \
--standalone \
--preferred-challenges http \
-d $LETSENCRYPT_DOMAIN \
--agree-tos \
--email $LETSENCRYPT_EMAIL ; then
echo "Failed to obtain a certificate from the Let's Encrypt CA."
# this tries to get the user's attention and to spare the
# authority's rate limit:
sleep 15
echo "Exiting."
exit 1
fi
fi
Hi, by setting
LETSENCRYPT_DOMAIN=example.comthe generated certificate will be only usable with the non-www domain. Browsers don't trust the certificate if you open www.example.com. Is there a way to provide multiple domains so that certbot would execute something like this?
certbot -d example.com -d www.example.com