Open andre-stefanov opened 4 years ago
Then we'd also need to have nginx configured appropriately. TBH this setup is supposed to be as simple as possible, and it's already complex enough.
If you can provide a PR, I'll take a look though.
I second this. I have many users with little knowledge of computers and they sometimes simply type www. before every web address. This often happens when they get invited over the phone to a session (I ordered a three char domain especially for this case).
It would also be possible if we could have a HTTP redirect from www.example.com to example.com? Another possibility is to always request example.com and www.example.com. This should not hurt anybody and would provid a secure connection for everyone.
It would hurt me :)
Many people use meet.example.com
like me and they don't set a www.meet.example.com
record in their DNS, so just changing the code to certbot -d example.com -d www.example.com
would result in error in these cases, this should be an option for those who want to append www
to their certificates.
Many people use
meet.example.com
like me and they don't set awww.meet.example.com
record in their DNS
@aminvakil Are you sure this is needed? I have not experienced this problem till now. When I created my Jitsi server I did not specify a www subdomain. Also, when I try to access my other services (like Nextcloud) behind a nginx reverse proxy with just the nextcloud.example.com service specified, www.nexctloud.example.com hits the same service with not problem.
Are you sure this is needed? I have not experienced this problem till now.
@Mixermachine Yes, I'm sure.
There isn't anything magical about www, it's just a subdomain like another subdomains, you can check www.meet.jit.si.
Maybe your DNS server automatically creates a CNAME record with a www prefix to your newly created A record, or maybe your browser checks your url without www.
Although not all dns servers does that and not all browsers (I can say for Firefox) does that.
@aminvakil Yes you are right. www.meet.jit.si indeed does not work. I have looked it up and my server is automatically created with an asterix for all subdomains.
Does somebody know a way how we can execute a command on bash with a string parameter? I dont think the current way can be extended for 1...n amount of subdomains
if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
if ! certbot-auto \
certonly \
--no-self-upgrade \
--noninteractive \
--standalone \
--preferred-challenges http \
-d $LETSENCRYPT_DOMAIN \
--agree-tos \
--email $LETSENCRYPT_EMAIL ; then
echo "Failed to obtain a certificate from the Let's Encrypt CA."
# this tries to get the user's attention and to spare the
# authority's rate limit:
sleep 15
echo "Exiting."
exit 1
fi
fi
Hi, by setting
LETSENCRYPT_DOMAIN=example.com
the generated certificate will be only usable with the non-www domain. Browsers don't trust the certificate if you open www.example.com. Is there a way to provide multiple domains so that certbot would execute something like this?
certbot -d example.com -d www.example.com