My site has a certificate but it's not a wildcard certificate. So it's for example.com, not for *.example.com.
Not a problem I thought, I'll just redirect any visitor to the proper URL through mod_rewrite:
RewriteEngine On
RewriteBase /
# Following two lines to strip machine name
RewriteCond %{HTTP_HOST} !^example.com [NC]
RewriteRule ^(.*)$ https://example.com%{REQUEST_URI} [L,R=301]
# Following two lines make sure the https version is always served
RewriteCond %{HTTPS} off
RewriteRule (.*) https://example.com%{REQUEST_URI} [L,R=301]
Now, the redirect actually works. When someone types in https://www.example.com/page, he will eventually be redirected to https://example.com/page.
But...
The browser first displays a warning that https://www.example.com is insecure. Only when I add an exception, will it be redirected to https://example.com/page which does not give a certificate error...
What am I doing wrong here?
Nothing. SSL negotiation occurs at the transport (TCP) level, not HTTP (even when using SNI) but the point is that the certificate is not valid for the requested domain. When the connection is initiated to www. the browser will request the certificate and compare the url with the CN in the cert and since it isn't there, it'll raise the alert.
To resolve this issue you will need a certificate that includes both ServerName and ServerAlias names. You could maybe try some DNS provider that offers DNS HTTP redirection, but getting a certificate is quite easy this days.
Related
I have tried a zillion variations of .htaccess rewrites and cannot get this to work.
I have a previous HTTPS old-domain.com that I need to forward to new-domain.io. Both are HTTPS but only the new domain has SSL certs on the server. This makes the browser trying to load old-domain.com just spin in the browser.
I already have a DNS forward that works fine ONLY with http, not https. I am thinking that I need to use something like %{HTTP:X-Forwarded-Proto} but not exactly sure how. Nothing has worked so far.
https://old-domain.com
AND https://www.old-domain.com
both need to redirect to https://new-domain.io (along with any URI like/something/this.html)
Something like this looks like it should work, but redirects infinitely.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^old-domain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.old-domain\.com$
RewriteRule (.*)$ https://new-domain.io/$1 [R=301,L]
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*)$ https://new-domain.io/$1 [R=301,L]
SOLUTION --------
The new domain .htaccess file cannot fix a HTTPS redirected link by itself.
There are two ways to correctly fix it.
Remove DNS forwarding at the old domain DNS. Then make sure there are still valid SSL certs AND put a redirect on its .htaccess file to handle the redirects with something like this:
RewriteEngine On
RewriteCond %{HTTP_HOST} (w*)domain.com$ [NC]
RewriteRule ^ http://newdomain.com%{REQUEST_URI} [L,R=301]
Leave the DNS forwarding of the old domain and add a new multi-domain SSL cert at the new domain which includes BOTH domains. This is tricky because you will have to manually authenticate the old domain because the cert won't be living at the old domain host.
I choose and implemented #1 successfully.
WE have a whole bunch of subdomains from another domain that are pointing to our server. So I am trying to do a 301 redirect from any subdomain at that domain to point to ours
eg.
sub1.domain.com 301 redirect to ourdomain.com
sub2.domain.com 301 redirect to ourdomain.com
There could be any number of subdomains pointing to it.
What should the 301 redirect look like for this?
I have this:
RewriteCond %{HTTP_HOST} *\.domain\.net\.au$ [NC]
RewriteRule ^ https://ourdomain.com%{REQUEST_URI} [R=301,L,NE]
but this returns a internal error, if I replace the * with an actual domain it sort of works.
PArt two of this question is about https, our site is always https, when you click on a link in google that goes to one of these domains, its tries to take them to https://sub1.domain.com
Even when I put in the redirect , it still tries to go to https://sub1.domain.com, which causes the browser to give a "this is not safe" error, is there any way via the 301, to make it so it goes directly to our domain without it giving the https error on the other domain first?
Here is part one:
RewriteCond %{HTTP_HOST} [^.]+\.domain\.net\.au$
RewriteRule ^ https://ourdomain.com%{REQUEST_URI} [R=301,L]
As for part two, no, that can't be done. HTTPS certificate negotiation has to happen before the connection is established to issue the redirect. All you can do is get a wildcard SSL certificate or provide a valid certificate for the subdomains in some other way. It can't be done without a valid certificate unless you accept the "not safe" errors, which most visitors won't. But once the redirects are in place for a while, the listings will be dropped by Google anyway.
I've placed the following lines in my apache config and in the .htaccess, but neither approach redirects to the non-www url. I need the www url to go to the non-www url based on how the SSL cert is registered.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.mydomain\.com$ [NC]
RewriteRule ^(.*)$ https://mydomain/$1 [L,R=301]
This is not fixable, other than making sure that all links to your site use mydomain.com instead of the www-variant. With https, during the handshake, the browser will verify the certificate that is being used. When it detects that the certificate is invalid, it won't continue with the request, because from that point on, the certificate can be of anyone, and thus the connection is not secure.
Long story short: Because the browser will not go through with the request, the server will never have the chance to issue a redirect. Only if the user clicks through, the request will be finished and the browser will continue with the redirect.
I'm trying to do which might be not possible at all.
Let's say I own mydomain.com and have standard (no wildcard) RapidSSL certificate which works for www.mydomain.com and mydomain.com.
I'd like to redirect (.htaccess) subdomain.mydomain.com to mydomain.com/?param=subdomain.
I already managed to redirect it to subdomain.mydomain.com/?param=subdomain but the problem is that on every redirection I get browser warning concerning my certificate which doesn't cover any subdomain.
Is it possible to redirect it without the warning? I need subdomain only for pretty passing the parameter and I don't need it after redirection.
I think you want to capture the subdomain in the URL as shown in the 2nd RewriteCond and then use it as the parameter value:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !www.mydomain.com$ [NC]
RewriteCond %{HTTP_HOST} ^(www.)?([a-z0-9-]+).mydomain.com [NC]
RewriteRule (.*)?param=%2/$1 [L]
</IfModule>
This is a link to the above solution... http://www.mediacollege.com/internet/server/apache/mod-rewrite/subdomains.html
Hope this helps!
... (no wildcard) RapidSSL certificate which works for www.example.com and example.com .... like to redirect (.htaccess) subdomain.example.com to example.com/?param=subdomain
This is not possible, at least not without warnings about invalid certificates.
The redirection is done within HTTP. But with HTTPS the HTTP layer is embedded inside a SSL layer so that you first have to successfully establish the SSL connection before you can redirect. But to successfully establish the SSL connection you have to have a valid certificate for subdomain.example.com, which you don't have.
I've got a client who recently changed their name. They had an SSL certificate for their site, and I was using mod_rewrite to ensure all requests to domain1.com and www.domain1.com went to https://domain1.com.
Now that they are domain2.com, I'd like everything to go to https://domain2.com. Not so easy, it turns out. I have everything working right except for requests to https://domain1.com. That doesn't get rewritten and it trips the domain mismatch error for the SSL cert.
Here's my rewrite rules:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^domain2\.com$ [NC]
RewriteRule .? https://domain2.com%{REQUEST_URI} [R=301,L]
Any advice you could provide would be greatly appreciated!
Aaron.
You need a SSL certificate including domain1.com and domain2.com (costs more).