Apache with Let's encrypt (non-www, https-only): The page isn’t redirecting properly

I installed a new Ubuntu 16.04, installed Apache and then used certbot. I got certificates for www.domain.tld and domain.tld. When certbot asked me about some redirection I choosed the “blank”-option, so it made the settings for www.domain.tld and domain.tld.

Problem: When I visit www.domain.tld it redirects correctly to non-www but then I only see “The page isn’t redirecting properly”.

My domain.tld.conf

<VirtualHost *:80>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html
Redirect permanent / https://domain.tld/

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.tld [OR]
RewriteCond %{SERVER_NAME} =domain.tld
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

My domain.tld-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html
Redirect permanent / https://domain.tld/

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Nevermind. I just had to remove Redirect permanent / https://domain.tld/ inside the domain.tld-le-ssl.conf. Now it’s working. But just for the case this wasn’t correct or you have something else to add, feel free to do so. :slight_smile:

should be in your Virtualhost *:80 config

instead of using

2 Likes

so your port 80 config should look more something like this

<VirtualHost *:80>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://domain.tld/
</VirtualHost>
3 Likes

Your solution works too and it more correct because now https://www.ssllabs.com/ssltest/ could read http (what ever it means). With my solution the check showed a warning about http.
I am using your solution now.

Thank you!

1 Like

No problem at all :+1:

1 Like

I want to add that the redirection from https://www.domain.tld to https://domain.tld didn’t work for some reason in Chrome but in Firefox it worked (or it was just some cache-thing in FF). Anyway, I had to add this

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]

to /etc/apache2/sites-enabled/domain.tld-le-ssl.conf at the end (before </VirtualHost>).

Just in case someone else or even myself will end up here.

So, my final files (with some stuff added to get better results at https://www.ssllabs.com/ssltest):

/etc/apache2/sites-enabled/domain.tld.conf

<VirtualHost *:80>

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html
Redirect permanent / https://domain.tld/

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

/etc/apache2/sites-enabled/domain.tld-le-ssl.conf*

<IfModule mod_ssl.c>
<VirtualHost *:443>

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff

ServerName domain.tld
ServerAlias www.domain.tld
ServerAdmin contact@domain.tld
DocumentRoot /var/www/html

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
</VirtualHost>
</IfModule>
1 Like

So you are all sorted now ??? :+1:

Yes, I am. If I have any more problems, I’ll come back. :wink:

1 Like

:+1: enjoy and hope it all works out OK. Make sure to test it all properly at the following sites.

http://www.redirect-checker.org/index.php

https://www.ssllabs.com/ssltest/

https://www.whynopadlock.com/

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.