SSL certicificates missing www subdomain

Problem Description

Recently a few of my hosted sites have reported an SSL certificate error, which has turned out to be a certificate listing only primary domain but not the www. subdomain. In at lease one case I spotted a certificate on the server which only listed the primary domain, and running sympl-ssl for the domain replaced the certificate with a correct one. It was a nuisance, though, as Firefox needed a lot of persuading to drop the old certificate and pick up the new one.

It has happened with a handful of domains the in last few months.

Ironically I got an expired certificate notice when visiting forum.sympl.io to post this, though after telling the browser to carry on regardless I am now seeing a current certificate.

It could be a browser problem, but a couple of people have mentioned a similar problem with sites on my server, so it’s not just me and it’s very intermittent.

Is there anything I can do about this?

Environment

• Sympl Version: 12
• Sympl Testing Version:
• Debian Version: 12
• Hardware Type: VPS
• Hosted With: Bitfolk

I had some odd issues with letsencrypt certificates not including all sub domains. In the end I found that forcing a refresh fixed it.

I added the command to force a refresh to the sympl wiki.
[SSL Configuration Reference - Sympl Wiki]

Gary

Thanks for that. I think I deleted the old certificate before running sympl-ssl because I didn’t know about the --force switch, so that will be handy if it happens again.

I haven’t had a repeat of the problem since first reporting it.

It looks like for less than a day or so certs being issued by LE didn’t include all the Subject Alternative Names they should, but this was fixed a few hours later, and we’ve not seen any other reports of this since.