Domains duplicated with www.-versions

All of my domains have been effectively duplicated on the Status page and SSL Cert page with their www.- counterparts.

How can I stop this because it just pollutes the status page and causes SSL issues for me (https://joshharmon.me vs https://www.joshharmon.me). There’s zero reason I should have both listed, as there are no mail accounts for www.- and no special configuration for www.- website serving. I want to be able to just rewrite www-requests to the non-www counterpart. Can I do this without MIAB overwriting the config?

Additionally, I shouldn’t have www.- domains listed on the SSL or status pages.

How can I accomplish these two things?

That’s exactly what this is for. The status checks and certificate are to make that work.

So I need to throw away all of my certs that have their SANs filled already, instead of having nginx just throw a 301 to the non-www counterpart?

Or are you saying that if I make the config changes, then MIAB will recognize the change and stop bugging me?

I’m just rather confused because, IIRC, everything worked as desired before I upgraded to release 11, and now everything’s a mess.

I don’t know what you mean by “instead”. You need a good SSL certificate for the www domain, and you need nginx to issue a redirect. Did you have a signed certificate for the www domain prior to upgrading? Can you paste the output of the SSL certificates page?

Ah, I was under the impression that it wasn’t necessary to have one for www.- due to sensitive data not being returned, but I guess the URI could be important, otherwise you’re just throwing back headers and re-establishing the connection :/.

Everything was green prior to the upgrade, and now it’s `box.joshharmon.net Signed & valid. The certificate expires in 185 days on 01/04/16.

joshharmon.netSigned & valid. Using multi/wildcard certificate of box.joshharmon.net.

clarityglasswsr.comSelf-signed. Get a signed certificate to stop warnings.

joshharmon.comSigned & valid. The certificate expires in 184 days on 01/03/16.

joshharmon.meSigned & valid. The certificate expires in 184 days on 01/03/16.

joshharmon.ninjaSigned & valid. The certificate expires in 184 days on 01/03/16.

www.clarityglasswsr.comSelf-signed. Get a signed certificate to stop warnings.

www.joshharmon.comSelf-signed. Get a signed certificate to stop warnings.

www.joshharmon.meSelf-signed. Get a signed certificate to stop warnings.

www.joshharmon.netSelf-signed. Get a signed certificate to stop warnings.

www.joshharmon.ninjaSelf-signed. Get a signed certificate to stop warnings. `

Disregard clarityglasswsr though, that’s one that I hadn’t bought a cert from StartSSL for yet. But as for the rest of the domains, I never saw the www- counterparts in this list until now.

It seems like this could have also happened after I changed the website root for the joshharmon.* domains, rather than the upgrade. That’s the only configuration change I can think of that I made recently.

I’m trying to regain access to my StartSSL account to check on that SANs of those certificates, but I can’t get any browser to send my auth certificate to their server, so I might be SOL. Can’t wait for the Let’s Encrypt launch.

By the way, sorry if I seem a little angry/pissy; I’m not at you or MIAB. I get uncomfortable though when I don’t have full control over my systems and have to adhere to another system, but I could never get postfix/dovecot working on my own). If it was my choice, www wouldn’t be VHosted at all. It’s one way to canonicalize URLs, after all.

That’s fine. But, yeah, the box requires HTTPS, and if it’s not working now I’m not sure how it ever was. There wasn’t an automatic redirect from www subdomains until this version.