I have used certbot LetsEncrypt for hundreds of sites and usually I go ahead and set up the certifications without a problem and everything works well.
Well this was the case until we came to a launch of a pretty big client, it was late at night and I set up the certificate and everything worked well on domain.com but next day the client was on my case as to why when he went to his site it was showing as insecure. I was a bit puzzled and he sent me a screenshot and I see that he is writing his web url with the classic https://www.domain.com.
I went and checked this on my browser and guess what – certificate is broken. I did not realise my error from the night before and did some investigation to the errors and finally after seeing the error that the domains did not match it fell on me that there was no certificate for www.
Using certbot there is a nice way to extend a certificate, here is the command:
sudo certbot –expand -d domain.com,www.domain.com
That fixed the problem!