Redirecting http=>https (non-www) + www https=> non-www https (no certificate for www)

Question

I have seen many articles on rewrites. All good. But none covering this exact situation. So here is my question: hope you can help. Because I cannot get it to work.

we run website on domain.com (non-www)
we have ssl set up (so https only)
we have 1 certificate for the non-www version (not www version)

When we execute all four test cases, 3 are OK, 1 not

http://domain.com => https://domain.com =>
http://www.domain.com => https://domain.com => oK
https://domain.com => OK
https://www.domain.com => ERROR. Certificate warning not safe

Question: Now why is number 4 https://www giving me this error. I would expect the first rule to pick-up and send us to the non-www version. And how do I fix this?

Appreciate any help ;P Sean

This is my currect htaccess

<IfModule mod_rewrite.c>
  RewriteEngine on
  # Redirect www to non-www first 
  # Added based on article http://stackoverflow.com/questions/234723/generic-htaccess-redirect-www-to-non-www
  RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
  RewriteRule ^(.*) https://%1/$1 [R=301,NE,L]

  # Then redirect http to https (if necessary)
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</IfModule>

You need a wildcard certificate, but I will help you out here. Try to remove the `` and `` and tell me if you get any error 500. — Ismael Miguel, Feb 06 '15 at 09:44
Problem is this is already a multi domain certificate, so this means I would have to add every www. version of ALL the domains separately? I don't know any wildcard multidomain certificates — snh_nl, Feb 06 '15 at 09:47
Wildcard certificates are a special type where the name of the host is `*.example.com` instead of `example.com`. This allows you to use the certificate for **ALL** your subdomains. (It **WON'T** work for subdomains like `another.cool.example.com`. For that, you need a wildcard certificate *per* sub-domain.) `www` may be seen as a subdomain (it usually is mapped to the folder `www`, which might have/be a link to `public_html`). — Ismael Miguel, Feb 06 '15 at 09:49
Try this instead of the last part: `RewriteCond %{HTTPS} =off RewriteCond %{HTTP_HOST} ^(.*) RewriteRule ^/?(.*) https://%1/$1 [R=301,L]` (split it by lines, I can't do it in a comment). — Ismael Miguel, Feb 06 '15 at 09:55
Actually, the first check should be `RewriteCond %{HTTPS} ^off$`. I've tested it on http://htaccess.madewithlove.be/ and it seems to work. — Ismael Miguel, Feb 06 '15 at 10:01
>> Actually, the first check should be RewriteCond %{HTTPS} ^off$ - no this is not correct. Because when then opening www.domain.com it goes to https://www.domain.com (it is not splitting of the www). This should be done first — snh_nl, Feb 06 '15 at 10:07
And i conclusion (reading the other links) the https://www to https://non-www is just not possible without an extended certificate — snh_nl, Feb 06 '15 at 10:08
When I said "`Actually, the first check should be RewriteCond %{HTTPS} ^off$`", I was refering to my previous comment. I couldn't edit because the comments gets 'locked' after 5 minutes. — Ismael Miguel, Feb 06 '15 at 10:11
Maybe a solution? The problem is that https://www is serving a certificate and this make the handshake occur BEFORE the htacces redirect. Suppose we would have a way to DISABLE the SSL on the www version of the website? This way there is NO handshake and the directe is executed — snh_nl, Feb 06 '15 at 10:48
I don't think it will work as you expect. You can try to ask about it on http://serverfault.com/ (you only have to login, loke how you do here). They will be a much better help. Also, try Croises' answer. — Ismael Miguel, Feb 06 '15 at 10:51

score 2 · Answer 1 · edited May 23 '17 at 10:34

You can use this in your .htaccess:

<IfModule mod_rewrite.c>
  RewriteEngine on
  # Redirect www to non-www first 
  RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
  RewriteRule ^(.*) https://%1/$1 [R=301,NE,L]

  # Then redirect http to https (if necessary)
  RewriteCond %{HTTPS} off
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
</IfModule>

But there's nothing you can do for certificate error.
Read: Redirecting https://www to https://non-www - without seeing certificate error, possible?

score 0 · Accepted Answer · answered May 07 '16 at 18:36

This is not possible to solve only by htaccess or nginx conf.

One needs a certificate to cover both the www and non www version of the domain

So a wildcard cert or a multidomain cert where both www and non www are included as a separate domain

Hope it helps

Redirecting http=>https (non-www) + www https=> non-www https (no certificate for www)

2 Answers2