Jump to content
Sign in to follow this  
imgrooot

Redirecting a www or non-www to https not working? Here's what i have.

Recommended Posts

I have a domain where I installed a SSL certificate. It works if I type in the domain like this "https://mysite.com". But if i go to the domain with www or without www, the SSL secure certificate won't show in the top bar. The site loads up fine. 

 

Here is my .htaccess code. Am I doing something wrong?

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com
RewriteRule ^(.*)$ https://mysite.com/$1 [R=301,L]

Share this post


Link to post
Share on other sites

Are you sure the .htaccess is even being read by Apache? What happens if you put random garbage in the file?

Share this post


Link to post
Share on other sites

Are you sure the .htaccess is even being read by Apache? What happens if you put random garbage in the file?

 

Yes it is being read. Here's my full .htaccess file.

#AuthName "Secure Area"

#AuthType Basic

#AuthUserFile  /home/mysite/public_html/protected/.htpasswd

#require valid-user



RewriteEngine On

RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com
RewriteRule ^(.*)$ https://mysite.com/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME}.php -f

RewriteRule ^(.*)$ $1.php [L]



# 480 weeks

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">

Header set Cache-Control "max-age=290304000, public"

</FilesMatch>



# 2 DAYS

<FilesMatch "\.(xml|txt)$">

Header set Cache-Control "max-age=172800, public, must-revalidate"

</FilesMatch>



# 2 HOURS

<FilesMatch "\.(html|htm)$">

Header set Cache-Control "max-age=7200, must-revalidate"

</FilesMatch>



<ifModule mod_gzip.c>

  mod_gzip_on Yes

  mod_gzip_dechunk Yes

  mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$

  mod_gzip_item_include handler ^cgi-script$

  mod_gzip_item_include mime ^text/.*

  mod_gzip_item_include mime ^application/x-javascript.*

  mod_gzip_item_exclude mime ^image/.*

  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

</ifModule>



<IfModule mod_deflate.c>

  # Compress HTML, CSS, JavaScript, Text, XML and fonts

  AddOutputFilterByType DEFLATE application/javascript

  AddOutputFilterByType DEFLATE application/rss+xml

  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject

  AddOutputFilterByType DEFLATE application/x-font

  AddOutputFilterByType DEFLATE application/x-font-opentype

  AddOutputFilterByType DEFLATE application/x-font-otf

  AddOutputFilterByType DEFLATE application/x-font-truetype

  AddOutputFilterByType DEFLATE application/x-font-ttf

  AddOutputFilterByType DEFLATE application/x-javascript

  AddOutputFilterByType DEFLATE application/xhtml+xml

  AddOutputFilterByType DEFLATE application/xml

  AddOutputFilterByType DEFLATE font/opentype

  AddOutputFilterByType DEFLATE font/otf

  AddOutputFilterByType DEFLATE font/ttf

  AddOutputFilterByType DEFLATE image/svg+xml

  AddOutputFilterByType DEFLATE image/x-icon

  AddOutputFilterByType DEFLATE text/css

  AddOutputFilterByType DEFLATE text/html

  AddOutputFilterByType DEFLATE text/javascript

  AddOutputFilterByType DEFLATE text/plain

  AddOutputFilterByType DEFLATE text/xml



  # Remove browser bugs (only needed for really old browsers)

  BrowserMatch ^Mozilla/4 gzip-only-text/html

  BrowserMatch ^Mozilla/4\.0[678] no-gzip

  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

  Header append Vary User-Agent

</IfModule>

Share this post


Link to post
Share on other sites

To be clear,

I have a domain where I installed a SSL certificate. It works if I type in the domain like this "https://mysite.com". But if i go to the domain with www or without www, the SSL secure certificate won't show in the top bar.

The HTTPS URL shows "https://" and has the secure thing, while the HTTP URL shows "https://" but no secure thing? It should show something there, good or bad.

Share this post


Link to post
Share on other sites

To be clear,

The HTTPS URL shows "https://" and has the secure thing, while the HTTP URL shows "https://" but no secure thing? It should show something there, good or bad.

 

Correct. If i type in my domain like this "mysite.com", "www.mysite.com", or "http://mysite.com"; it won't show the secure thing. But If i type it like this "https://mysite.com", it will show the secure thing.

Share this post


Link to post
Share on other sites

Forget about the secure thing for a minute.

So you go to "http://mysite.com" and the address bar says "http://mysite.com"? No www and no https?

 

Then unless there was something lost when you changed the .htaccess to use "mysite.com", I'm not seeing it.

Share this post


Link to post
Share on other sites

Forget about the secure thing for a minute.

So you go to "http://mysite.com" and the address bar says "http://mysite.com"? No www and no https?

 

Then unless there was something lost when you changed the .htaccess to use "mysite.com", I'm not seeing it.

 

If I go to "http://mysite.com", it'll redirect me to ""mysite.com"". And if I go to "www.mysite.com", it'll show me  "www.mysite.com".

Share this post


Link to post
Share on other sites

So no redirect at all.

 

You're probably on port 80 or else it would be obvious to you (you would have had to type out the colon and port number). Are you sure the

RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com
is correct?

 

And I know you said the .htaccess was working, but if it isn't there's still a very reasonable explanation for how it seems to be. So back to the basic test: if you put random garbage in the file does the site still work? Please try it for real.

Share this post


Link to post
Share on other sites

So no redirect at all.

 

You're probably on port 80 or else it would be obvious to you (you would have had to type out the colon and port number). Are you sure the

RewriteCond %{HTTP_HOST} ^(www\.)?mysite\.com
is correct?

 

And I know you said the .htaccess was working, but if it isn't there's still a very reasonable explanation for how it seems to be. So back to the basic test: if you put random garbage in the file does the site still work? Please try it for real.

 

 

I am using the same Rewrite on another site and it works fine. But not on this new site.

 

I did do a basic test by following their example @ https://docs.bolt.cm/3.3/howto/making-sure-htaccess-works

I do get an internal error when I input "Test." on the first line of .htaccess. So it is working.

Share this post


Link to post
Share on other sites

Then all I've got is some mistake with that one RewriteCond line. Otherwise I don't know.

Share this post


Link to post
Share on other sites

Then all I've got is some mistake with that one RewriteCond line. Otherwise I don't know.

 

I talked to my web hosting provider and it was the mistake with the SSL certificate itself. When I bought the certificate, I apparently put mysite.com domain when i should have done www.mysite.com. I am currently waiting for them to issue a new certificate with new domain. 

Share this post


Link to post
Share on other sites

So I have FINALLY solved this problem. Someone helped me out.  Instead of the original code I posted, this is the correct code to redirecting to https succesfully.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yoursite.com [R,L]

Share this post


Link to post
Share on other sites

Actually no. You're using a 302 redirect, which is temporary. Using R=301 (a permanent redirect) is more appropriate.

 

The HTTP_HOST you had earlier is fine, but will limit the redirects to requests for your site. If someone got to your site with a different domain name, perhaps the IP address itself, then the redirect wouldn't happen, but that isn't really a case you need to worry about.

 

So in fact the original version and this new version are more or less the same.

Share this post


Link to post
Share on other sites

Actually no. You're using a 302 redirect, which is temporary. Using R=301 (a permanent redirect) is more appropriate.

 

The HTTP_HOST you had earlier is fine, but will limit the redirects to requests for your site. If someone got to your site with a different domain name, perhaps the IP address itself, then the redirect wouldn't happen, but that isn't really a case you need to worry about.

 

So in fact the original version and this new version are more or less the same.

 

I see. I have updated it to "[R=301,L]" and it still works. So that's good.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.