Redirecting a www or non-www to https not working? Here's what i have.

[imgrooot]

I have a domain where I installed a SSL certificate. It works if I type in the domain like this "https://mysite.com". But if i go to the domain with www or without www, the SSL secure certificate won't show in the top bar. The site loads up fine. 

 

Here is my .htaccess code. Am I doing something wrong?

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com
RewriteRule ^(.*)$ https://mysite.com/$1 [R=301,L]

[requinix]

Are you sure the .htaccess is even being read by Apache? What happens if you put random garbage in the file?

[imgrooot]

Are you sure the .htaccess is even being read by Apache? What happens if you put random garbage in the file?

 

Yes it is being read. Here's my full .htaccess file.

#AuthName "Secure Area"

#AuthType Basic

#AuthUserFile  /home/mysite/public_html/protected/.htpasswd

#require valid-user



RewriteEngine On

RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com
RewriteRule ^(.*)$ https://mysite.com/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME}.php -f

RewriteRule ^(.*)$ $1.php [L]



# 480 weeks

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">

Header set Cache-Control "max-age=290304000, public"

</FilesMatch>



# 2 DAYS

<FilesMatch "\.(xml|txt)$">

Header set Cache-Control "max-age=172800, public, must-revalidate"

</FilesMatch>



# 2 HOURS

<FilesMatch "\.(html|htm)$">

Header set Cache-Control "max-age=7200, must-revalidate"

</FilesMatch>



<ifModule mod_gzip.c>

  mod_gzip_on Yes

  mod_gzip_dechunk Yes

  mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$

  mod_gzip_item_include handler ^cgi-script$

  mod_gzip_item_include mime ^text/.*

  mod_gzip_item_include mime ^application/x-javascript.*

  mod_gzip_item_exclude mime ^image/.*

  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

</ifModule>



<IfModule mod_deflate.c>

  # Compress HTML, CSS, JavaScript, Text, XML and fonts

  AddOutputFilterByType DEFLATE application/javascript

  AddOutputFilterByType DEFLATE application/rss+xml

  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject

  AddOutputFilterByType DEFLATE application/x-font

  AddOutputFilterByType DEFLATE application/x-font-opentype

  AddOutputFilterByType DEFLATE application/x-font-otf

  AddOutputFilterByType DEFLATE application/x-font-truetype

  AddOutputFilterByType DEFLATE application/x-font-ttf

  AddOutputFilterByType DEFLATE application/x-javascript

  AddOutputFilterByType DEFLATE application/xhtml+xml

  AddOutputFilterByType DEFLATE application/xml

  AddOutputFilterByType DEFLATE font/opentype

  AddOutputFilterByType DEFLATE font/otf

  AddOutputFilterByType DEFLATE font/ttf

  AddOutputFilterByType DEFLATE image/svg+xml

  AddOutputFilterByType DEFLATE image/x-icon

  AddOutputFilterByType DEFLATE text/css

  AddOutputFilterByType DEFLATE text/html

  AddOutputFilterByType DEFLATE text/javascript

  AddOutputFilterByType DEFLATE text/plain

  AddOutputFilterByType DEFLATE text/xml



  # Remove browser bugs (only needed for really old browsers)

  BrowserMatch ^Mozilla/4 gzip-only-text/html

  BrowserMatch ^Mozilla/4\.0[678] no-gzip

  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

  Header append Vary User-Agent

</IfModule>

[requinix]

To be clear,

I have a domain where I installed a SSL certificate. It works if I type in the domain like this "https://mysite.com". But if i go to the domain with www or without www, the SSL secure certificate won't show in the top bar.

The HTTPS URL shows "https://" and has the secure thing, while the HTTP URL shows "https://" but no secure thing? It should show something there, good or bad.

[imgrooot]

To be clear,

The HTTPS URL shows "https://" and has the secure thing, while the HTTP URL shows "https://" but no secure thing? It should show something there, good or bad.

 

Correct. If i type in my domain like this "mysite.com", "www.mysite.com", or "http://mysite.com"; it won't show the secure thing. But If i type it like this "https://mysite.com", it will show the secure thing.

[requinix]

Forget about the secure thing for a minute.

So you go to "http://mysite.com" and the address bar says "http://mysite.com"? No www and no https?

 

Then unless there was something lost when you changed the .htaccess to use "mysite.com", I'm not seeing it.

[imgrooot]

Forget about the secure thing for a minute.

So you go to "http://mysite.com" and the address bar says "http://mysite.com"? No www and no https?

 

Then unless there was something lost when you changed the .htaccess to use "mysite.com", I'm not seeing it.

 

If I go to "http://mysite.com", it'll redirect me to ""mysite.com"". And if I go to "www.mysite.com", it'll show me  "www.mysite.com".

[requinix]

So no redirect at all.

 

You're probably on port 80 or else it would be obvious to you (you would have had to type out the colon and port number). Are you sure the

RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com

is correct?

 

And I know you said the .htaccess was working, but if it isn't there's still a very reasonable explanation for how it seems to be. So back to the basic test: if you put random garbage in the file does the site still work? Please try it for real.

[imgrooot]

So no redirect at all.

 

You're probably on port 80 or else it would be obvious to you (you would have had to type out the colon and port number). Are you sure the

RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com

is correct?

 

And I know you said the .htaccess was working, but if it isn't there's still a very reasonable explanation for how it seems to be. So back to the basic test: if you put random garbage in the file does the site still work? Please try it for real.

 

 

I am using the same Rewrite on another site and it works fine. But not on this new site.

 

I did do a basic test by following their example @ https://docs.bolt.cm/3.3/howto/making-sure-htaccess-works

I do get an internal error when I input "Test." on the first line of .htaccess. So it is working.

[requinix]

Then all I've got is some mistake with that one RewriteCond line. Otherwise I don't know.

[imgrooot]

Then all I've got is some mistake with that one RewriteCond line. Otherwise I don't know.

 

I talked to my web hosting provider and it was the mistake with the SSL certificate itself. When I bought the certificate, I apparently put mysite.com domain when i should have done www.mysite.com. I am currently waiting for them to issue a new certificate with new domain. 

[imgrooot]

So I have FINALLY solved this problem. Someone helped me out.  Instead of the original code I posted, this is the correct code to redirecting to https succesfully.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yoursite.com [R,L]

[requinix]

Actually no. You're using a 302 redirect, which is temporary. Using R=301 (a permanent redirect) is more appropriate.

 

The HTTP_HOST you had earlier is fine, but will limit the redirects to requests for your site. If someone got to your site with a different domain name, perhaps the IP address itself, then the redirect wouldn't happen, but that isn't really a case you need to worry about.

 

So in fact the original version and this new version are more or less the same.

[imgrooot]

Actually no. You're using a 302 redirect, which is temporary. Using R=301 (a permanent redirect) is more appropriate.

 

The HTTP_HOST you had earlier is fine, but will limit the redirects to requests for your site. If someone got to your site with a different domain name, perhaps the IP address itself, then the redirect wouldn't happen, but that isn't really a case you need to worry about.

 

So in fact the original version and this new version are more or less the same.

 

I see. I have updated it to "[R=301,L]" and it still works. So that's good.