horst Posted February 19, 2019 Share Posted February 19, 2019 (edited) Hi, I encountered a problem with my default .htacces rewrite conditions and rules when having multiple domains to rewrite them to one final domain. Usually I use something like this: <IfModule mod_rewrite.c> RewriteEngine On AddDefaultCharset UTF-8 RewriteCond %{HTTP_HOST} ^www\.example\.com$ [OR] RewriteCond %{HTTP_HOST} ^www\.example\.de$ [OR] RewriteCond %{HTTP_HOST} ^example\.de$ RewriteRule ^(.*)$ https://example.com/$1 [L,R=301] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule> Now I'm faced with the situation that I have a subdomain.example.com and www.subdomain.example.com with a wildcard SSL certificate for example.com (*.example.com). With my below htaccess directives every input of subdomain.example.com www.subdomain.example.com http://subdomain.example.com http://www.subdomain.example.com get redirected correctly to https://subdomain.example.com But when I enter explicitly the www. url with a https:// (https://www.subdomain.example.com), my rewrite conditions are ignored, resulting in a warning about insecure SSL certificate. RewriteCond %{HTTP_HOST} ^www\.subdomain\.example\.com$ RewriteRule ^(.*)$ https://subdomain.example.com/$1 [L,R=301] Does someone know why it does not work? I also tried combined conditions like this: RewriteCond %{REQUEST_SCHEME} https RewriteCond %{HTTP_HOST} ^www\.subdomain\.example\.com$ RewriteRule ^(.*)$ https://subdomain.example.com/$1 [L,R=301] RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} ^www\.subdomain\.example\.com$ RewriteRule ^(.*)$ https://subdomain.example.com/$1 [L,R=301] Any hint? UPDATE: In a call with the hosters support team, they told me that it is not possible to catch these explicitly entered https://www.subomain.example.com from within the .htaccess file. As a workaround we now have taken a standard SSL certificate for the explicit domain "www.subdomain.example.com". There was an inclusive cert without extra costs available. Edited February 19, 2019 by horst update infos Link to comment Share on other sites More sharing options...
MoritzLost Posted February 19, 2019 Share Posted February 19, 2019 It doesn't work because your wildcard SSL certificate in the format "*.example.com" only matches one "level" of subdomain, so it's not valid for www.subdomain.example.com, see https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain The redirect directives look good to me, Apache doesn't care about how many subdomains you're matching in the RewriteCond. But the browser cares about the invalid SSL certificate. The redirection won't work in this case, because the browser won't accept the SSL certificate, as it's not valid for www.subdomain.example.com. Since the SSL handshake and certificate validation takes places before the redirect headers are followed, the browser will show the security warning before doing anything else. I'd wager that if you manually add a security exception, the redirection will work. If you want to redirect https traffic to another https URL, you need a valid certificate for both the domain originally requested by the client and the target of the redirection, or the browser will show the security warning before or after the redirect, so your solution with the additional SSL certificate is the only one that can work. Why do you even need to support the second www subdomain? Sounds like one of "those" client requests ? 3 Link to comment Share on other sites More sharing options...
horst Posted February 20, 2019 Author Share Posted February 20, 2019 17 hours ago, MoritzLost said: Why do you even need to support the second www subdomain? Sounds like one of "those" client requests ? I have developed a site as freelancer for an agency and set it up without the additional www. (And nobody told me that it is needed) when going online, it comes out that they have sent out invitations per email and post with the additional www. in front. So I need to fix it ASAP. ? 1 Link to comment Share on other sites More sharing options...
flydev Posted February 20, 2019 Share Posted February 20, 2019 Hey @horst It is solved ? If not, you might could try what is suggested in this answer on StackExchange : https://webmasters.stackexchange.com/questions/116301/how-to-force-ssl-and-www-for-a-subdomain-as-an-independent-domain Edit: ok, didn't read the post's update. 1 Link to comment Share on other sites More sharing options...
Recommended Posts