[SOLVED] Lets Encrypt subdomain not secure

Lets Encrypt subdomain not secure

I had an LetsEncrypt SSL certificate for my domain (both domain.com and www.domain.com). Now, I wanted to add workflow.domain.com to the certificate. I tried using the expand option of the certbot with the command below:

certbot -d domain.com -d www.domain.com -d workflow.domain.com --expand

Certbot returned a success response. However, the browser was still showing insecure...

So, I have revoked my certificates to start clean.

I ran the certbot with certbot --apache. It showed my 3 options correctly, so I choose all 3 to be included in the certificate.

The certbot returns without errors, though the browser keeps showing me insecure on workflow.domain.com?

The output of certbot certificates is as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: domain.com
    Domains: domain.com workflow.domain.com www.domain.com
    Expiry Date: 2019-12-20 15:05:24+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem
-------------------------------------------------------------------------------

Note, the other 2 domains (domain.com and www.domain.com) show as secure

The virtual host config for the subdomain is shown below:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName workflow.domain.com

        serverAdmin info@domain.com
        DocumentRoot /var/www/Domain/Workflow

        <Directory /var/www/Domain/Workflow>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

AddType application/x-font-ttf                  ttc ttf
AddType application/x-font-otf                  otf
AddType application/font-woff                   woff
AddType application/font-woff2                  woff2
AddType application/vnd.ms-fontobject           eot
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =domain.com [OR]
# RewriteCond %{SERVER_NAME} =www.domain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
</IfModule>

Solution

The problem turned out to be missing redirect to https. The rewrite code is commented on the subdomain. You can add these lines to you vhost configuration:

RewriteCond %{SERVER_NAME} = workflow.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Please consider editing the question, so that it reflects the actual problem.