0

I have a example that should always result in https://example.com, even when the user is entering www.example.com, https or not. Ideally, the automated letsencrypt config https config file should work.

  • I have tried to remove the A-record for www and use a CNAME instead to point to example.com or @. This does not seem to have any effect and users still end up on www. I have no idea why.

This is my current config:

<VirtualHost [IPV6]:80 IPV4:80>
    ServerAdmin webmaster@example.com
    DocumentRoot /home/example/public_html
    ServerName example.com
    ServerAlias www.example.com
    ErrorLog logs/example.error.log
    CustomLog logs/example.acccess.log common
    <Directory /home/example/public_html>
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    RewriteEngine on 
    RewriteCond %{SERVER_NAME} =example.com [OR] 
    RewriteCond %{SERVER_NAME} =www.example.com 
    RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent] 
</VirtualHost>

<VirtualHost [IPV6]:443 IPV4:443>
    ServerAdmin webmaster@example.com
    DocumentRoot /home/example/public_html
    ServerName example.com
    ServerAlias www.example.com
    ErrorLog logs/example.error.log
    CustomLog logs/example.acccess.log common
    <Directory /home/example/public_html>
        Options FollowSymLinks
        AllowOverride All
    </Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>

Then however, https://www.example.com throws a bad certificate, even if I add this to the :443 config:

    RewriteCond %{SERVER_NAME} =www.example.com 
    RewriteRule ^ https://example.com%{REQUEST_URI} [END,NE,R=permanent]

How can I redirect http AND https requests to www.example.com to https://example.com?

uncovery
  • 295
  • 2
  • 12

1 Answers1

1

Clients arrive to https://www.example.com so even if you make a redirect to https://example.com you need two SSL certificates (one for example.com and the other for www.example.com) or a single SSL certificate valid for both domains.

If you are using certbot to issue Let's Encrypt certificates you can use multiple -d parameters to specify multiple domains, so for example:

certbot certonly --webroot -w /var/www/example -d www.example.com -d example.com
Mat
  • 1,783
  • 4
  • 22
  • 39
  • So you are saying that there is no way I can redirect people from https-www to http://example.com without having a certificate for www? – uncovery Aug 31 '20 at 14:09
  • 1
    No, because to have people redirected they needs to complete the SSL handshake and for this reason you need a valid SSL certificate for that domain if you don't want them to receive a invalid domain warning. Without a valid SSL certificate for www.example.com you only can redirect from http://www.example.com, not https. – Mat Aug 31 '20 at 14:11
  • ...or a Wildcard certificate (very convenient, as that might easily (=immediately) cover another subdomain added later on (eg test.domain, mail.domain...) – Déjà vu Aug 31 '20 at 15:05
  • Yes, but you can issue a wildcard certificate on Let's Encrypt only with the DNS challenge – Mat Aug 31 '20 at 15:08