0

I have a example that should always result in https://example.com, even when the user is entering www.example.com, https or not. Ideally, the automated letsencrypt config https config file should work.

  • I have tried to remove the A-record for www and use a CNAME instead to point to example.com or @. This does not seem to have any effect and users still end up on www. I have no idea why.

This is my current config:

<VirtualHost [IPV6]:80 IPV4:80> ServerAdmin [email protected] DocumentRoot /home/example/public_html ServerName example.com ServerAlias www.example.com ErrorLog logs/example.error.log CustomLog logs/example.acccess.log common <Directory /home/example/public_html> Options FollowSymLinks AllowOverride All </Directory> RewriteEngine on RewriteCond %{SERVER_NAME} =example.com [OR] RewriteCond %{SERVER_NAME} =www.example.com RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost [IPV6]:443 IPV4:443> ServerAdmin [email protected] DocumentRoot /home/example/public_html ServerName example.com ServerAlias www.example.com ErrorLog logs/example.error.log CustomLog logs/example.acccess.log common <Directory /home/example/public_html> Options FollowSymLinks AllowOverride All </Directory> Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem </VirtualHost>

Then however, https://www.example.com throws a bad certificate, even if I add this to the :443 config:

 RewriteCond %{SERVER_NAME} =www.example.com RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent]

How can I redirect http AND https requests to www.example.com to https://example.com?

Improve this question

1 Answer 1

Reset to default
1

Clients arrive to https://www.example.com so even if you make a redirect to https://example.com you need two SSL certificates (one for example.com and the other for www.example.com) or a single SSL certificate valid for both domains.

If you are using certbot to issue Let's Encrypt certificates you can use multiple -d parameters to specify multiple domains, so for example:

certbot certonly --webroot -w /var/www/example -d www.example.com -d example.com
Improve this answer
4
  • So you are saying that there is no way I can redirect people from https-www to example.com without having a certificate for www? Commented Aug 31, 2020 at 14:09
  • 1
    No, because to have people redirected they needs to complete the SSL handshake and for this reason you need a valid SSL certificate for that domain if you don't want them to receive a invalid domain warning. Without a valid SSL certificate for www.example.com you only can redirect from example.com, not https. Commented Aug 31, 2020 at 14:11
  • ...or a Wildcard certificate (very convenient, as that might easily (=immediately) cover another subdomain added later on (eg test.domain, mail.domain...) Commented Aug 31, 2020 at 15:05
  • Yes, but you can issue a wildcard certificate on Let's Encrypt only with the DNS challenge Commented Aug 31, 2020 at 15:08

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.