3

I am not much familiar with server configurations, please help me on this issue:

I have a Debian8 server and a SSL certificate, the SSL certificate only for My non-www domain so I would like to redirect all of www request into non-www, by below htaccess code its working for some browsers but not working for some other

On Chrome: Successfully redirecting http://www.example.com or http://example.com request into https://example.com this is what I want for all browsers.

On Mozilla: Redirecting http://www.example.com request into https://www.example.com and stopped working with INSECURE CONNECTION error. I think from here browser checking first for SSL certificate of www and stop before non-www redirect.

Following is my .htaccess to redirect www to non www with https, is anything I missed on .htaccess? or any other solution through DNS or with help of apache default ssl.conf.

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

My SSL certificate is Certbot and I followed this tutorial to install https://www.youtube.com/watch?v=-TPoGQ4IjDI&t=100s you could see there is only one domain prompting that is non-www, no option for setting SSL certificate for www. If I could get a SSL certificate for www then also I can solve the issue.

MrWhite
  • 13,315
Riyas Muhammed
  • 133

3 Answers3

4

its working for some browsers but not working for some other

It shouldn't be "working" for any browser, unless you have perhaps previously accepted the invalid certificate? You will get the invalid certificate browser warning before your site receives the request. The SSL handshake is the very first thing that occurs during the request to ensure the connection is secure, it's not possible to implement a redirect (or anything) before this occurs.

The only way to resolve your problem is to implement a SSL cert that covers the www subdomain.

MrWhite
  • 13,315
0

This should be a comment, but its a bit long.

I think from here browser checking first for SSL certificate of www and stop before non-www redirect.

Why do you think that?

Did you look at your logs to see what was actually being requested?

The most likely reason for this behaviour is that your Firefox browser is unable to verify the certificate - but you checked the specific error message and decided it wasn't relevant to the discussion here so you didn't tell us what it is. And you tried pointing firefox directly at https://example.com and did not get the same error.

Or did you?

symcbean
  • 23,767
  • 2
  • 38
  • 58
0

it Worked for me!
Basically in the term of SSL http://www.example.com and http://example.com are Different domains. you need to reissue certificate and add http://example.com as primary domain and add other domain http://www.example.com

https://www.namecheap.com/support/knowledgebase/article.aspx/811/70/how-do-i-reissue-my-ssl-certificate

Hamid
  • 1