Question

"www" is not secured...what can I do to secure it?

Posted October 30, 2020 146 views
Security

I ran a SSL Server test here: https://www.ssllabs.com/ssltest/analyze.html?d=www.avdisco.com. The result showed “Not secure” with a ’T’ rating. I am using cloudflare DNS manager to manage the records.

I have added one ‘A’ record with a name “www” and pointed towards my Ocean Digital Discourse domain: 104.248.156.191 and another 'A’ record with a name, “avdisco.com”. For the latter, it has a A+ plus rating but the former with “www” isn’t. How can I get this “www” to work securely and users will not get a warning page stating that the site is unsafe to proceed?

I saw the certbot command but it did not help. Sorry for the amateur question as I’m but a normal user and have little to no background of SSL and stuff.

Pls advice on what I should do in a simple step-by-step guide :)

Thanks!

Raymond
Customer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

Hello @desray2k

It appears you have obtained an SSL certificate for only the root domain so SSL certificate at https://avdisco.com/ is working fine. You might have to obtain the new certificate and make sure that you generate it for “avdisco.com” and “www.avdisco.com” using certbot.

You can refer to the tutorial link below and make sure to follow Step 4 specifically:

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04#step-4-%E2%80%94-obtaining-an-ssl-certificate

Cheers,

Dikshith

by Hazel Virdó
by Kathleen Juell
In this tutorial, we will show you how to use Let's Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 18.04. We will also show you how to automatically renew your SSL certificate. If you're running a different web server, simply follow your web server's documentation to learn how to use the certificate with your setup.

Hi @desray2k,

It seems since you didn’t have an A record for your WWW version of the website a certificate was not actually generated for it. Don’t worry, you’ll just need to reissue the certificate using the certbot service.

In order re-issue it, just SSH to your droplet and type

certbot

Then follow the steps to install it for both www and your root domain name.

That’s it!

Regards,
KFSys

Submit an Answer