0

I want to redirect http://domain.com to https://www.domain.com. I succeeded in redirecting http to https like this (in default-ssl.conf file):

<VirtualHost domain.com:80>
  RewriteEngine on 
  ReWriteCond %{SERVER_PORT} !^443$ 
  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost _default_:443>
  RewriteEngine on 
  ServerAdmin webmaster@localhost 
  ServerName domain.com:443 
  ServerAlias www.domain.com 
  DocumentRoot /var/www/html
</VirtualHost>

But when I type my domain without www, I get the error message This site is untrusted, the certificate is only valid to <www.domain.com>

I tried many proposed solutions on the web but it did not work. My environment:

  • Ubuntu 14.04
  • Apache2
  • SSL issued for <"www.domain.com"> (common name)
Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
Engineeroholic
  • 607
  • 6
  • 21
  • am not sure why I got down vote, but thanks anyway :) – Engineeroholic Jun 08 '14 at 22:48
  • I didn't downvote, but I guess this was downvoted because you probably didn't look hard enough for an existing answer to this. If you search this site (top right of the page) for "www non-www certificate redirect" (or even Google), you find a number of very similar question (if not exact duplicates), in particular [this one, as the first result](http://stackoverflow.com/a/10726167/372643), which, although not strictly an exact duplicate, has an answer that tells you exactly why you're getting this certificate error message. – Bruno Jun 08 '14 at 23:49
  • It is totally fine mate :) but believe me I searched for an answer the last 3 days, the answer I found here was the only one that worked. It might help some one else in the future, who knows! – Engineeroholic Jun 09 '14 at 01:43

1 Answers1

1

Change the http (pot 80) config:

<VirtualHost domain.com:80>
  RewriteEngine on 
  ReWriteCond %{SERVER_PORT} !^443$ 
  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

To this which would do a combined check for https and www:

<VirtualHost domain.com:80>
  RewriteEngine on 
  RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
  RewriteCond %{HTTPS} off
  RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
  RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
</VirtualHost>

That said, you still might get the This site is untrusted, the certificate is only valid to <www.domain.com> since the initial connection will be to the incorrect certificate hostname. So it might be better to do this with both configs—http and https—adjusted like this:

<VirtualHost domain.com:80>
  RewriteEngine on 
  ReWriteCond %{SERVER_PORT} !^443$ 
  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost _default_:443>
  ServerAdmin webmaster@localhost 
  ServerName domain.com:443 
  ServerAlias www.domain.com 
  DocumentRoot /var/www/html
  RewriteEngine on 
  RewriteCond %{HTTP_HOST} !^(www\.)?(.+)
  RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
</VirtualHost>

The idea being that on the http connection you simply redirect to https. Then on the https connection, you check if www is set & adjust accordingly.

Giacomo1968
  • 25,759
  • 11
  • 71
  • 103
  • thanks for the reply mate. unfortunately it did not work. now it redirects www to non-www, even when I put it redirects to (https://domain.com). Maybe if you inverse the rule it will work (sorry I have no clue how to inverse the condition rule, I am not used to this type of coding XD) thanks – Engineeroholic Jun 08 '14 at 22:43
  • now It works! I just added '!' before ^www... Thank you very much my friend! Only one thing remained buggy is: when I type https:// domain .com without "www" = it gives untrusted link warning. any solutions for that case? thanks – Engineeroholic Jun 08 '14 at 22:58
  • 1
    @Engineeroholic “when I type ; it gives untrusted link warning. any solutions for that case?” I don’t think so because any connection made to `https://domain.com` will always load the certificate which will just not match `https://www.domain.com`. Even if it is for a fraction of a second, that connection needs to be made so that warning would show up. I mention that in my answer when I say, “That said, you still might get the…” – Giacomo1968 Jun 08 '14 at 23:04
  • 1
    Make sense, Appreciate your explanation. maybe I will buy different certificate in future that support both www and non-www. – Engineeroholic Jun 08 '14 at 23:04