0

My app is served on https://beta.myapp.com (I'm forcing https everywhere) and I now want to change to https://www.myapp.com.

I'm wondering how to properly redirect every beta. request to www..

At the moment www is pointing to the same app and the app is then redirecting to beta (you get a SSL error if you try to access https://www though).

What I think is doable:

  • Using the www certificate on the main app and creating another app (with the beta certificate) charged of redirecting every request to the other app. (e.g. https://beta.myapp.com/about to https://www.myapp.com/about). But my app is hosted on Heroku and I have to pay $20/mo/certificate so one more app means more expenses.
  • Get a wildcard/multidomain certificate covering both www and beta. But I already have 2 certificates so I don't really want to buy another one.

Is there any other/better way to di it?

Simone Carletti
  • 1,494
  • 3
  • 15
  • 30
TimPetricola
  • 103
  • 2

2 Answers2

2

That's a little bit tricky and you don't have a lot of choices.

You could handle the redirect inside the app by pointing both beta/www (and root domain) to the main Heroku application. However, in order to avoid SSL errors, you need to install a certificate that covers both the www and the beta hostnames.

Because Heroku doesn't offer you the ability to associate two certificates on the same app, in that case you would need to purchase a wildcard certificate.

The other solution is to point beta to another server. Install the certificate on that server and redirect the traffic to the main application. Unfortunately, you are still required to install the certificate here because the SSL negotiation happens before the HTTP redirect header is sent, thus if you don't install it your visitors will see a certificate error (or warning) before being redirected. Depending on the browser, the redirect may or may not happen in that case.

Both solutions probably require an additional economical effort on your side, mostly because of limited Heroku flexibility in this case. One requires the purchase of a wildcard certificate, the other the purchase of a new SSL endpoint for the other app (unless you find a way to host it on a cheap server somewhere).

I can understand you may have recently purchased the certificate for the main site. Keep in mind that most SSL certificate providers offer a 30 days refund, you may want to see if you are able to get a refund and purchase the wildcard.

If I have to make a choice, I would probably go with a wildcard.

Simone Carletti
  • 1,494
  • 3
  • 15
  • 30
-1

I have done this before using CNAMEs as Nick has suggested. Another way probably (may not be practical for you) is to use wildcard certificates.

Last option, if you know your alternate names is to give the SAN (Subject Alternate Names) on your certificate that contain all your host names.

http://en.wikipedia.org/wiki/Subject_Alternative_Name

Mukul
  • 42
  • 3
  • 1
    A CNAME is not a redirect, it is simply a DNS alias, it does nothing more than return the IP Address of the canonical domain specified in the CNAME record. Your browser will still attempt to access the site using whichever URL you specified in your browser, and if that name is not on the SSL cert, then you'll get an SSL error. How were you able to do this? – blacklight Jan 14 '14 at 00:44