Jump to content
horst

.htaccess rewrite for https://www.subdomain.example.com

Recommended Posts

Hi,

I encountered a problem with my default .htacces rewrite conditions and rules when having multiple domains to rewrite them to one final domain.

Usually I use something like this:

<IfModule mod_rewrite.c>
    RewriteEngine On
    AddDefaultCharset UTF-8

    RewriteCond %{HTTP_HOST} ^www\.example\.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www\.example\.de$  [OR]
    RewriteCond %{HTTP_HOST} ^example\.de$
    RewriteRule ^(.*)$        https://example.com/$1  [L,R=301]

    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

 

Now I'm faced with the situation that I have a  subdomain.example.com and www.subdomain.example.com with a wildcard SSL certificate for example.com  (*.example.com).

With my below htaccess directives every input of

get redirected correctly to https://subdomain.example.com

But when I enter explicitly the www. url with a https://  (https://www.subdomain.example.com), my rewrite conditions are ignored, resulting in a warning about insecure SSL certificate.

RewriteCond %{HTTP_HOST} ^www\.subdomain\.example\.com$
RewriteRule ^(.*)$        https://subdomain.example.com/$1  [L,R=301]

Does someone know why it does not work?

I also tried combined conditions like this:

RewriteCond %{REQUEST_SCHEME} https
RewriteCond %{HTTP_HOST} ^www\.subdomain\.example\.com$
RewriteRule ^(.*)$        https://subdomain.example.com/$1  [L,R=301]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.subdomain\.example\.com$
RewriteRule ^(.*)$        https://subdomain.example.com/$1  [L,R=301]

Any hint?

 

UPDATE:

In a call with the hosters support team, they told me that it is not possible to catch these explicitly entered https://www.subomain.example.com from within the .htaccess file. As a workaround we now have taken a standard SSL certificate for the explicit domain "www.subdomain.example.com". There was an inclusive cert without extra costs available.

Edited by horst
update infos

Share this post


Link to post
Share on other sites

It doesn't work because your wildcard SSL certificate in the format "*.example.com" only matches one "level" of subdomain, so it's not valid for www.subdomain.example.com, see https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain

The redirect directives look good to me, Apache doesn't care about how many subdomains you're matching in the RewriteCond. But the browser cares about the invalid SSL certificate. The redirection won't work in this case, because the browser won't accept the SSL certificate, as it's not valid for www.subdomain.example.com. Since the SSL handshake and certificate validation takes places before the redirect headers are followed, the browser will show the security warning before doing anything else. I'd wager that if you manually add a security exception, the redirection will work.

If you want to redirect https traffic to another https URL, you need a valid certificate for both the domain originally requested by the client and the target of the redirection, or the browser will show the security warning before or after the redirect, so your solution with the additional SSL certificate is the only one that can work.

Why do you even need to support the second www subdomain? Sounds like one of "those" client requests 😅

  • Like 3

Share this post


Link to post
Share on other sites
17 hours ago, MoritzLost said:

Why do you even need to support the second www subdomain? Sounds like one of "those" client requests 😅

I have developed a site as freelancer for an agency and set it up without the additional www.  (And nobody told me that it is needed)

when going online, it comes out that they have sent out invitations per email and post with the additional www. in front. So I need to fix it ASAP. 😀

  • Haha 1

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...