Apache2 Vhost HTTP to HTTPS Redirect not working in a strange way

Question

I set up HTTPS for my website for the first time today. I started with the following code:

<VirtualHost *:443>
    ServerName website.tld
    DocumentRoot /var/www/website.tld

    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/website.tld.crt
    SSLCertificateKeyFile /etc/apache2/ssl/website.tld.key

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/website.tld/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
</VirtualHost>

which totally worked fine. Now I wanted the website to redirect http to https and added the following at the top:

<VirtualHost *:80>
    ServerName website.tld
    ServerAlias www.website.tld
    Redirect 301 / https://website.tld
</VirtualHost>

<VirtualHost *:443>
     ServerName www.website.tld
     Redirect 301 / https://website.tld
</VirtualHost>

Now if I access the website from http it redirects to https, BUT once I'm on the https site I get an error from Chrome saying "ERR_SSL_PROTOCOL_ERROR". Can somebody help?

score 2 · Answer 1 · answered Apr 24 '19 at 12:14

The problem with this entry

<VirtualHost *:443>
     ServerName www.website.tld
     Redirect 301 / https://website.tld
</VirtualHost>

is that you have omitted the TLS certificate for that VirtualHost. That creates a plain HTTP virtualhost on the HTTPS port.

That config should look more like this

<VirtualHost *:443>
     ServerName www.website.tld
     Redirect 301 / https://website.tld

     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/www.website.tld.crt
     SSLCertificateKeyFile /etc/apache2/ssl/www.website.tld.key
</VirtualHost>

Or when the existing certificate website.tld.crt is also valid for the wwww domain, point to that file.

score 0 · Answer 2 · answered Apr 24 '19 at 11:59

Welcome to ServerFault! I believe Freddy is correct. Your #1 issue is that you have two separate VirtualHost definitions for port 443. Get rid of the 'www' redirect, and use an .htaccess rule instead to redirect 'www' to the domain without the www.

As a (possibly helpful) aside, this discussion on Stack Overflow seems relevant to what you're trying to do: Note in the stackoverflow.com conversation, the OS is Ubuntu: https://stackoverflow.com/questions/3286707/apache-ssl-configuration-error-ssl-connection-error/27568209

Apache2 Vhost HTTP to HTTPS Redirect not working in a strange way

2 Answers2

Linked