Force HTTPS and WWW for domain and only HTTPS for subdomains HTACESS

Question

I've been trying to configure this for my website, but not being able to.

I use to have a cond on my .htaccess to force www for the main domain and nothing for subdomains, but since I got a SSL, I'm having some problems.

It's a wildcard SSL.

What I need is force HTTPS:// WWW on the main domain, and HTTPS:// on subdomains.

I.E: http://www.domain.com -> https://subdomain.domain.com

Is there any rule for that? Thanks!

EDITED

Now I'm using like Jon posted

RewriteEngine On
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} ^domain\.com\.br$ [NC]
RewriteRule ^.*$ https://www.domain.com.br%{REQUEST_URI} [R,L]
# ---------- #
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(www\.)?domain\.com\.br$ [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.|)(.*)$ [NC]
RewriteRule ^.*$ https://%1%{REQUEST_URI} [R,L]

The thing is, when on main domain if I type HTTP:// with or without WWW, ir forces HTTPS:// and WWW, that's ok...

But on subdomain, when I type HTTP it doesn't force HTTPS, it redirects to the main domain only... that does not happen if I put a .htaccess inside the dir of the subdomain. With a .htaccess inside my subdomain dir, if I type HTTP, it forces HTTPS normally...

Any suggestions?

Now it looks like: `RewriteEngine On` `RewriteCond %{HTTPS} !=on` `RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]` It's not forcing the WWW, but at least, for now, is forcing HTTPS. — kold-kreator, Jan 03 '14 at 01:45
Main domain must force HTTPS and WWW... subdomains must force HTTPS and NON-WWW — kold-kreator, Jan 03 '14 at 01:48

score 7 · Accepted Answer · answered Jan 03 '14 at 02:04

7

Try:

RewriteEngine On 

# for subdomains
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(www\.)?domain\.com$ [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.|)(.*)$ [NC]
RewriteRule ^.*$ https://%1%{REQUEST_URI} [R,L]

# for main domains
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^.*$ https://www.domain.com%{REQUEST_URI} [R,L]

answered Jan 03 '14 at 02:04

Jon Lin

142,182
29
220
220

Almost there! 50% of what I need XD! It's forcing HTTPS and WWW for main domain correctly. For subdomains, if I type: www.subdomain.domain.com I get a SSL warning, that's what I'm trying to avoid. – kold-kreator Jan 03 '14 at 02:36
@KauêPorte no way to avoid that, since your cert is `*.domain.com` and **not** `*.subdomain.domain.com`. – Jon Lin Jan 03 '14 at 03:00
I see. Not even setting a .htacces inside the subdomain forcing non-WWW? – kold-kreator Jan 03 '14 at 04:44
@KauêPorte It's because a request has to first be made to `www.subdomain.domain.com` before any redirect can happen. The SSL handshake happens **before** the request is sent, so before htaccess is even being read, the SSL handshake happens and you get the SSL warning. – Jon Lin Jan 03 '14 at 04:58
I understand. Thank you very much for you help and your explanation. You really helped me! Have a great new year! – kold-kreator Jan 03 '14 at 05:03
@KauêPorte I have solved this by issuing certificate also for subdomains with www. Note: For certs I use [LE](https://letsencrypt.org/) – Jasom Dotnet May 05 '16 at 07:39

Force HTTPS and WWW for domain and only HTTPS for subdomains HTACESS

1 Answers1

Linked