I am working on a site that only owns an SSL cert for domain.com. I am trying to remove the www. and redirect to domain.com. This I have working fine.
I also want to force HTTPS on all pages, this works fine if www. is not typed.
There error occurs when https://www.domain.com us the URL.
I can see it rewrite to https://domain.com but I get a cert error that I have to accept or reject.
Is there a way around this without buying another certificate?
Here are two of the many combinations of rules I have tried (many of them were from other SO answers).
1.
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]
2.
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{SERVER_PORT} !^443
RewriteRule ^ https://domain.com%{REQUEST_URI} [R=301,L]
I don't think there's a way around this. The cert error is coming from the SSL (TLS) connection, which happens before any HTTP requests are made.
If the user went to http://www.domain.com/ or just http://domain.com/ you could redirect to https://domain.com/ just fine.
If the user went to https://www.domain.com/, they would get a cert error before receiving a redirect.
I think your options are:
Point www.domain.com to a server that has HTTPS disabled. Users would get a connection error when hitting https://www.domain.com/, which may be preferrable to a cert error
Buy a cert for www.domain.com or *.domain.com
Related
I have an apache server with multiple websites hosted:
main-website.com
subdomain1.main-website.com
subdomain2.main-website.com
another-website1.com
another-website2.com
another-website3.com
I need to redirect only https://www.main-website.com to https://www.main-website.com
The subdomains and all the other websites don't need a ssl certificate; therefore I want to exclude them from redirection by specifying that only main-website needs to be redirected.
This is my .htaccess syntax (it seems correct having researched a lot on this topoic)
#NON-WWW to WWW (whis applies to all domains and subdomains)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#redirect HTTP to HTTPS only for main-website.com:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} main-website.com [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
The condition of redirecting main-website.com has been specified, but it does not work! In fact every other domain and subdomain is redirected to HTTPS!!
Do you know where the error could be?
Thank you :)
There must be a typo in your question, you want to redirect from https://www.main-website.com to https://www.main-website.com I will take for granted you wanted to say http://www.main-website.com to https://www.main-website.com
So, your first RewriteCond-RewriteRule set rewrites:
somesite.com ---> https://www.somesite.com
But notice that you also force https in that rediction. Therefore any attempt to reach http://somesite.com will go to https://www.somesite.com
It is probably this rule set that is triggered by your other domains. That first rule should be to rewrite: non www to www, without forcing https at that point.
Then the next rule set will apply only to your main-website and send it to https.
#NON-WWW to WWW (whis applies to all domains and subdomains)
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#redirect HTTP to HTTPS only for main-website.com:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} main-website.com [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have updated the first set of instructions. Still, it does not work :(
I am doing a redirect from all domains to a single domain and then forcing it to HTTPS. All works for domains not entered with https: but when someone enters in the full url like https://www. the browser gives a certificate error. Below is my htaccess.
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Why is this not working for https requests? I am also using Parallels could there be a setting in that I am missing?
I'm looking to force HTTPS on my entire site except for a subdomain which I am using for a forum. I have an SSL certificate installed on the root domain, but not this forum subdomain. (http://forum.domain.com)
Here is the code for forcing HTTPS:
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However, this also forces HTTPS on subdomains, which effectively makes the forum inaccessible.
How can I create an exception rule for this subdomain?
To exclude subdomain, you can use a negitive RewriteCond
RewriteCond %{HTTP_HOST} !^sub\.domain\.com$
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
basically what i want is redirect al request to use HTTPS instead of http
I have this in my htaccess so far and it worked great:
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</ifModule>
today someone noticed that when going to:
http://www.example.com it redirects to and shows an unsecure connection thingie.
My ssl is setup for non www domain: mydomain.com
So i need to make sure all site requests are sent to non www and https:
It works fine if i put example.com it redirects to https://example.com
but with www.example.com it goes to htts://www.example.com and shows the error
what do i need to add to my code to redirect www to non www and then to ssl
?
You will have to re-issue your certificate for both www and without www.
If someone connects to your site via a domain name that is not included in your common name, they will receive a warning.
The ssl negociation process happens before any response from the server (in your case, a redirection), so in all cases, your visitors will receive a warning when using a domain that is not in your common name.
You can get what you need from the HTTP_HOST
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://%1%{REQUEST_URI} [L,R=301]
This way it will get the host always without the subdomain.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule (.*) https://domain.com%{REQUEST_URI} [L,R=301,NC]
If you are using CloudFlare's free account then that's the problem. CloudFlare's free account does NOT support SSL Certificates. To continue using CloudFlare's free account with an SSL Certificate just go to the DNS settings in CloudFlare and take the orange cloud off of your domain and off of the cname WWW. That will fix your problem and cause both www and non-www to be redirected to https.
Also be sure to add this code to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Then, everything should work!
This will redirect all of your www websites to non-www and secure them if you have completed the CERTBOT for each domain conf file. Put this in /etc/apache2/apache2.conf inside the Directory /www section:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
There is no need to CERTBOT a www domain after this code is inserted. Just do the domain.com choice. You do not need htaccess files. They can be restricted by the AllowOverride None selection.
Remember to restart apache.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule (.*) https://www.%1%{REQUEST_URI} [L,R=301]
Check out this:
RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
I have a SSL certificate that is registered to my www domain, but all my urls point to my domain without www.
i tried this sentence:
RewriteRule ^[https://mydomain.org](.*)$ https://www.mydomain.org$1 [R=301,nc]
but for some unknown reason, it also redirects all the calls made to http://mydomain.org as well. i realy cant think of a reason for this
Try this rule:
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^ https://www.example.com%{REQUEST_URI} [R=301,L]
But the invalid certificate message won’t go away since the SSL connection is accomplished before HTTP is taking part (since HTTPS is HTTP over SSL/TSL).
Someone should correct me if i'm wrong but i don't think the RewriteRule directive has access to the protocol part of the requested uri. Try this instead:
RewriteCond %{HTTP_HOST} ^https://domain\.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]
How about detecting the server port?
RewriteEngine On
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R]
so litterally, if you are connecting to https (since you are using port 443) the url will have WWW.