I have five hosted domains with a multi-domain SSL certificate. I cannot write an .htaccess condition that captures both http and https conditions for CNAME www.altdomain.com (a secondary domain). When a user types "https://altdomain.com" in the browser location bar, it shows "connection untrusted" and the URL remains as is. Typing the same with http correctly redirects to https://www.altdomain.com and when the https is omitted, "altdomain.com" is correctly redirected as well.
I am using joomla with a configuration that hides a subdirectory from the URL. The doc root .htaccess file contains this in the custom redirect section:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^altdomain\.com
RewriteRule ^(.*)$ https://www.altdomain.com$1 [R=301,L]
Activating a joomla SSL plugin while omitting custom redirect rules in .htaccess also works, but "https://" with "altdomain.com" fails to redirect in all cases. Perhaps I should have omitted www from the CNAME but there would be a redirect issue there as well if anyone types www in the URL, and I can't change the CNAME without purchasing a new SSL certificate. If there is no .htaccess solution to this problem as I suspect, please explain why.
The standard redirect between www and non-www URLs works only on the primary domain or for http connections. For secure / https connections on secondary domains, there must be an exact CNAME match on the SSL certificate - redirection to a host name that is not listed as a CNAME on the certificate will not work even if the domain name is the same.
If I want https connections to redirect from altdomain.com to www.altdomain.com and vice-versa on a multi-domain SSL certificate, I have to include both CNAMES in the certificate. A five-domain SSL certificate is therefore limited to three domains.
Related
I am working on a GoDaddy VPS (Apache, CentOS, cPanel). I have an SSL certificate valid for example.com but NOT www.example.com.
I want to use a .htaccess file to forward any requests to https://example.com/<pages>.
My code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule ^(.*) https://example.com/$1 [L,R=301]
The problem:
All tested browsers (Chrome, Edge, Opera) work fine for all combinations of http, https, www, and specific pages. However, Firefox does NOT forward https://www.example.com (with or w/out pages).
I get a security warning stating that www.example.com is not on the cert.
I have tried numerous other code snippets but none seem to work.
Firefox may seem like the oddball, but actually it's the other browsers doing it "wrong" - to be forgiving with other peoples' server misconfiguration in favor of the user's convenience. (Also, it will look less odd once you realize that all three browsers you mentioned - Chrome, Edge, Opera - are forks of Chromium.)
If you look in the Chrome devtools, you'll see this:
Redirecting navigation www.example.com -> example.com because the server presented a certificate valid for example.com but not for www.example.com. To disable such redirects launch Chrome with the following flag: --disable-features=SSLCommonNameMismatchHandling
So, even though you didn't present a valid certificate for https://www.example.com, Chrome was nice enough to execute the redirect anyway, because you did present a certificate that was valid for the target domain of the redirect (example.com), even though technically the redirect response was returned over a connection that wasn't properly secured (with a certificate not matching the requested domain).
The solution would be to have a proper SSL certificate in the first place, including all the domains that you want your site to be reachable under, in that case probably just example.com and www.example.com. (Some certificate issuers will even include the www subdomain for free if you purchase a certificate for the naked domain.)
I am trying to redirect my domain and sub domain to https. I have subscribed to Wildcard SSL and made below modifications to htaccess file, as per this guide.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I am now seeing HTTPS 'Secure Connection' on my main domain. But on sub-domain, it is still showing 'Not Secure' although HTTPS is in the domain.
What changes do I do here to redirect my subdomain as well to https 'Secure Connection'.
Looks like there is a problem with your cert installation or signing, that is why it shows "Not Secure".
You may want to try to check if the cert is correctly installed using some checker tool:
Example. https://cryptoreport.websecurity.symantec.com/checker/
Or check with your cert and hosting provider for assistance to see if it is your cert installation or signing problem.
You need to apply/check other .htaccess file(s) in your sub-domain(s) root directories. Example subdomain.yourmaindomain may be located at root/subdomain folder (need be checked - it's depended to your subdomain setting).
I have domain registered in ovh. My site files are stored in folder called "www" in root directory. It was original ovh setup. A few days ago I discovered that i can use let's encrypt ssl certyficate. Now I have these addresses:
example.com,
www.example.com,
https://example.com,
https://www.example.com
I want to redirect:
example.com
www.example.com
https://www.example.com
to:
https://example.com
via .htaccess 301 redirection
I tried a lot of sample htaccess redirections from this and other sites. Non of them work perfectly for me.
For example redirection from example.com to https://example.com was ok, but from www.example.comtake me tohttps://www.example.com/wwworhttps://www.example.com with browser warning "unsafe content".
It is harder than i thought.
If you're using wordpress, you could install a simple pulgin called Really Simple SSl which will automatically do this redirection.
I have a shared hosting on Apache web server with cpanel access to my hosting account
the primary domain abc.in is used to access the public_html folder on which the site files are stored.
I have added a few domains that are not related to abc.com through cpanel add on domains.
They are namely
def.com
ghi.com
jkl.com
so my file system for the domains on shared hosting will be like this
/public_html/ files or directories for abc.in
add on domains are also on
/public_html/def.com/
/public_html/ghi.com/
/public_html/jkl.com/
so you might have understood the working system..
def.com website files are stored in sub directory in public_html folder as shown above
similarly
ghi.com website files are stored in sub directory in public_html folder as shown above
jkl.com website files are stored in sub directory in public_html folder as shown above
now the issue is i need to force https /ssl on primary domain abc.com
the ssl is issued only for abc.in and support.abc.in only
not valid for www version of abc.in and support.abc.in
more over as per my seo knowledge a website should redirect to only one version of website.
that is either www version or non www version
so i have redirection enabled for abc.in in cpanel
so whether it is www.abc.in or abc.in it will go to abc.in only
as discussed earlier ssl is only issued for abc.in and support.abc.in only
now i want to force ssl to entire domain of abc.in and support.abc.in
i have tried cpanel redirection for this,but multiple redirection made a loop and website un accessible.
i have found a .htaccess rewrite here Force HTTPS and strip WWW without receiving Cert error
but enabling it made all the add on domain hosted in sub directories redirecting to abc.in in ssl version.
So i need only ssl access to abc.in and support.abc.in
and i will need separate rules (http) for add on domains and i will be adding more add on domains later.
So i need a htaccess configuration that is generalized for this scenario,so that i can configure the add on domains to use their ssl if needed in future and rules for add on domain that i add in future.
I request the super webmasters and programmers to give some generic/custom generic configuration of htaccess for my situation.
As i am web designer i have no knowledge on htacess rewriting and i am fairly new to this.
Any one who understand the issue,please provide your valuable input.Your response is very important for me.Thank you.
please do explain the code that solves my problem,so that i can customize it later if needed.
Put this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(support\.)?abc\.com$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R=301,L]
I have a site www.example.com for which i purchased SSL cert and installed.
And it was working fine, I also have a subdomain with app.example.com which was not on SSL.
Both www.example.com and app.example.com are on same IP address.
At later we decided to put SSL only on app.frostbox.com and then i configured SSL with app.frostbox.com and it worked fine,
Now the issue is that Google is indexing my site as https://www.example.com/ and when users hits the web , Invalid security warning is issued and when user allow security issue they are shown my app.example.com contents.
Note: I have my SSL configuration files in /etc/httpd/conf.d/ssl.conf
The contents of the ssl.conf are below.
http://pastebin.com/GCWhpQJq
NOTE: I tried solutions in .httaccess but none of those worked. Like redirecting 301 redirects etc
Purchase a SAN-multi domain certificate. Issue the certificate to www.abc.com and add the additional SAN www.app.abc.com in and it will work.
Hopefully you are within the 30 day cancellation policy.
you need to edit your httpd.conf file or the file where your virtual host is specified and add these lines to redirect http to https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}