Apache with Let's encrypt (non-www, https-only): The page isn’t redirecting properly

htaccess · October 5, 2017, 1:16pm

I installed a new Ubuntu 16.04, installed Apache and then used certbot. I got certificates for www.domain.tld and domain.tld. When certbot asked me about some redirection I choosed the “blank”-option, so it made the settings for www.domain.tld and domain.tld.

Problem: When I visit www.domain.tld it redirects correctly to non-www but then I only see “The page isn’t redirecting properly”.

My domain.tld.conf

<VirtualHost *:80>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html
Redirect permanent / https://domain.tld/

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.tld [OR]
RewriteCond %{SERVER_NAME} =domain.tld
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

My domain.tld-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html
Redirect permanent / https://domain.tld/

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

htaccess · October 5, 2017, 1:20pm

Nevermind. I just had to remove Redirect permanent / https://domain.tld/ inside the domain.tld-le-ssl.conf. Now it’s working. But just for the case this wasn’t correct or you have something else to add, feel free to do so.

MitchellK · October 5, 2017, 1:25pm

should be in your Virtualhost *:80 config

instead of using

MitchellK · October 5, 2017, 1:26pm

so your port 80 config should look more something like this

<VirtualHost *:80>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://domain.tld/
</VirtualHost>

htaccess · October 5, 2017, 1:41pm

Your solution works too and it more correct because now https://www.ssllabs.com/ssltest/ could read http (what ever it means). With my solution the check showed a warning about http.
I am using your solution now.

Thank you!

MitchellK · October 5, 2017, 1:55pm

No problem at all

htaccess · October 5, 2017, 3:02pm

I want to add that the redirection from https://www.domain.tld to https://domain.tld didn’t work for some reason in Chrome but in Firefox it worked (or it was just some cache-thing in FF). Anyway, I had to add this

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]

to /etc/apache2/sites-enabled/domain.tld-le-ssl.conf at the end (before </VirtualHost>).

Just in case someone else or even myself will end up here.

So, my final files (with some stuff added to get better results at https://www.ssllabs.com/ssltest):

/etc/apache2/sites-enabled/domain.tld.conf

<VirtualHost *:80>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html
Redirect permanent / https://domain.tld/

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

/etc/apache2/sites-enabled/domain.tld-le-ssl.conf*

<IfModule mod_ssl.c>
<VirtualHost *:443>

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
</VirtualHost>
</IfModule>

MitchellK · October 5, 2017, 3:07pm

So you are all sorted now ???

htaccess · October 5, 2017, 3:12pm

Yes, I am. If I have any more problems, I’ll come back.

MitchellK · October 5, 2017, 3:14pm

enjoy and hope it all works out OK. Make sure to test it all properly at the following sites.

http://www.redirect-checker.org/index.php

https://www.ssllabs.com/ssltest/

https://www.whynopadlock.com/

system · November 4, 2017, 3:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't get redirection to https working after setup with Certbot Server	9	11963	February 10, 2017
Redirection problem Help	19	7852	September 4, 2017
Redirect to https not working Server	11	1013	March 13, 2019
Letsencrypt successfully install in ubuntu but not redirection to https Help	47	1872	September 13, 2020
Configure nginx with certbot for www and non-www Server	3	8225	March 11, 2018

Apache with Let's encrypt (non-www, https-only): The page isn’t redirecting properly

/etc/apache2/sites-enabled/domain.tld.conf

/etc/apache2/sites-enabled/domain.tld-le-ssl.conf*

Related topics