apache redirect http to https and www to non www

Question

basically what i want is redirect al request to use HTTPS instead of http

I have this in my htaccess so far and it worked great: Code:

<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
</ifModule>

today someone noticed that when going to: http://www.example.com it redirects to and shows an unsecure connection thingie.

My ssl is setup for non www domain: mydomain.com

So i need to make sure all site requests are sent to non www and https: It works fine if i put example.com it redirects to https://example.com

but with www.example.com it goes to htts://www.example.com and shows the error

what do i need to add to my code to redirect www to non www and then to ssl ?

What common names are in your certificate ? Most CAs put www and non-www in the common name when they issue a certificate for avoiding this kind of issue. — Pierre-Olivier, Mar 30 '12 at 15:11
certificat is made for domain.com (non www) basically i want all trafic to go to NON www and https — misulicus, Mar 30 '12 at 15:12

Pierre-Olivier · Answer 1 · 2012-03-30T15:28:35.657

25

You will have to re-issue your certificate for both www and without www.

If someone connects to your site via a domain name that is not included in your common name, they will receive a warning.

The ssl negociation process happens before any response from the server (in your case, a redirection), so in all cases, your visitors will receive a warning when using a domain that is not in your common name.

edited Mar 30 '12 at 15:28

answered Mar 30 '12 at 15:19

Pierre-Olivier

3,104
19
37

Your answer should be marked as the correct one, but I also must note that currently, Chrome does handle 301 redirects before the certificate is validated with no warning to the user, while Safari does not. The universal way is to do it as you explain. – ezwrighter Feb 22 '19 at 18:43

baynezy · Accepted Answer · 2012-03-30T15:23:29.430

19

You can get what you need from the HTTP_HOST

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]

This way it will get the host always without the subdomain.

edited Mar 30 '12 at 15:23

answered Mar 30 '12 at 15:17

baynezy

6,493
10
48
73

1

+1 but you should really change RewriteRule line to: `RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]` – anubhava Mar 30 '12 at 15:20
2

I don't think this answer will solve OP's issue concerning visitors receiving a warning, though. – Pierre-Olivier Mar 30 '12 at 15:30
13

@baynezy code will only redirect non-ssl connections. This does not solve your issue about redirecting `https://www.mysite.com` to `https://mysite.com` or visitors receiving a warning when visiting `https://www.mysite.com` – Pierre-Olivier Mar 30 '12 at 15:44
1

@Pierre-OlivierBourgeois truee but no one will type https:// www. most will put just www.domain.com and that now redirects to https:// – misulicus Mar 30 '12 at 15:48
7

does not solve the `https://www.mysite.com` redirection to `https://mysite.com` issue – Francis P Mar 30 '12 at 17:23
2

I've searched for hours and this is the only answer that has worked. Keep in mind that the above comments are right though. This will work for almost every instance except if they start with `https://www.` and not `http://www` – bryan Sep 04 '14 at 02:26

score 5 · Answer 3 · answered Jan 20 '17 at 15:44

5

RewriteEngine On 
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]

answered Jan 20 '17 at 15:44

Amir Akef

331
4
3

2

While this code may answer the question, providing additional context regarding why and/or how this code answers the question improves its long-term value. – Donald Duck Jan 20 '17 at 16:06

score 2 · Answer 4 · answered May 21 '13 at 20:52

If you are using CloudFlare's free account then that's the problem. CloudFlare's free account does NOT support SSL Certificates. To continue using CloudFlare's free account with an SSL Certificate just go to the DNS settings in CloudFlare and take the orange cloud off of your domain and off of the cname WWW. That will fix your problem and cause both www and non-www to be redirected to https.

Also be sure to add this code to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Then, everything should work!

score 1 · Answer 5 · 2021-12-11T23:53:55.077

This will redirect all of your www websites to non-www and secure them if you have completed the CERTBOT for each domain conf file. Put this in /etc/apache2/apache2.conf inside the Directory /www section:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

There is no need to CERTBOT a www domain after this code is inserted. Just do the domain.com choice. You do not need htaccess files. They can be restricted by the AllowOverride None selection.

Remember to restart apache.

score 0 · Answer 6 · edited Jun 23 '15 at 14:04

0

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://www.%1%{REQUEST_URI} [L,R=301]

edited Jun 23 '15 at 14:04

chiwangc

3,566
16
26
32

answered Jun 23 '15 at 13:44

guest

1

score 0 · Answer 7 · answered Aug 29 '18 at 08:41

0

Check out this:

RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

answered Aug 29 '18 at 08:41

NightOwl

329
2
20

apache redirect http to https and www to non www

7 Answers7

Linked