0

I set up HTTPS for my website for the first time today. I started with the following code:

<VirtualHost *:443>
    ServerName website.tld
    DocumentRoot /var/www/website.tld

    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/website.tld.crt
    SSLCertificateKeyFile /etc/apache2/ssl/website.tld.key

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/website.tld/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
</VirtualHost>

which totally worked fine. Now I wanted the website to redirect http to https and added the following at the top:

<VirtualHost *:80>
    ServerName website.tld
    ServerAlias www.website.tld
    Redirect 301 / https://website.tld
</VirtualHost>

<VirtualHost *:443>
     ServerName www.website.tld
     Redirect 301 / https://website.tld
</VirtualHost>

Now if I access the website from http it redirects to https, BUT once I'm on the https site I get an error from Chrome saying "ERR_SSL_PROTOCOL_ERROR". Can somebody help?

OfficialCRUGG
  • 55
  • 4
  • 1
    Why do you have added a second `` with redirect? You only need the redirect in the non-SSL VHost. Remove the last 4 lines. And `ServerName`, `ServerAlias` should have the same values in both VHosts. – Freddy Apr 24 '19 at 11:11
  • Ah, now i get it. One 443 VHost for `www` and one for `non-www`. Yes, that's of course a valid solution if configured correctly (missing certificate). I would have used a `RewriteRule` instead. Sorry for the confusion. – Freddy Apr 24 '19 at 12:13

2 Answers2

2

The problem with this entry 

<VirtualHost *:443>
     ServerName www.website.tld
     Redirect 301 / https://website.tld
</VirtualHost>

is that you have omitted the TLS certificate for that VirtualHost. That creates a plain HTTP virtualhost on the HTTPS port.

That config should look more like this 

<VirtualHost *:443>
     ServerName www.website.tld
     Redirect 301 / https://website.tld

     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/www.website.tld.crt
     SSLCertificateKeyFile /etc/apache2/ssl/www.website.tld.key
</VirtualHost>

Or when the existing certificate website.tld.crt is also valid for the wwww domain, point to that file.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
0

Welcome to ServerFault! I believe Freddy is correct. Your #1 issue is that you have two separate VirtualHost definitions for port 443. Get rid of the 'www' redirect, and use an .htaccess rule instead to redirect 'www' to the domain without the www.

As a (possibly helpful) aside, this discussion on Stack Overflow seems relevant to what you're trying to do: Note in the stackoverflow.com conversation, the OS is Ubuntu: https://stackoverflow.com/questions/3286707/apache-ssl-configuration-error-ssl-connection-error/27568209

David W
  • 3,405
  • 5
  • 34
  • 61
  • Please don't recommend the use of .htaccess files to administrators. They are [a menace](https://serverfault.com/a/780517/37681) designed for end-users that don't have admin privileges as an admin can place every mod_rewrite rule in the main httpd.conf instead. https://httpd.apache.org/docs/2.4/howto/htaccess.html#when - placing a redirect in a separate VirtualHost to redirect one domain to another is perfectly fine. – HBruijn Apr 24 '19 at 12:10
  • 1
    Fair enough. Good point, re: setup the redirect in the rather than an .htaccess rule. – David W Apr 24 '19 at 12:18