Apache mod_rewrite to redirect retro-fitted host names

Using certbot 0.31.0 on Ubuntu 18.04.3

I’ve noticed that when I create a new certificate with the Apache plugin, certbot puts the following stanza in the port 80 config if I choose to automatically re-direct to port 443:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

However, if I later add another host to the certificate using the following command:

certbot certonly --cert-name mydomain.com -d www.mydomain.com,www.differentname.com

the Apache redirect for www.differentname.com doesn’t work because the original host name(s) are explicitly given in the RewriteCond.

What would happen if certbot instead wrote it out as this line?

RewriteCond %{SERVER_PORT} !^443$

That way, any and all subsequent host added to the cert would redirect. Or is there some problem with that?

You’re using certonly in the second command. Perhaps certbot will rewrite the redirect when using the apache installer plugin?

1 Like

Oh, I didn’t know there was a way of adding host names to certs using the Apache installer plugin. Do you know the command for that?

1 Like

I’m not entirely sure, but I’d say you could just loose the certonly and try again? If that doesn’t work, you could always add -i apache.

1 Like

Ah! It does modify the Apache redirect :blush:

Apologies for polluting the board.

1 Like

No apologies necessary, I wasn’t even sure if the redirect was rewritten :grin: Now we know!

1 Like