Auto-renew with htaccess redirect on multidomain site

Background: I’ve got a multidomain Drupal site - the same folder serves domain1.com, domain2.com and domain3.com, serving somewhat different content for each.
I can install a LE SAN cert from my host’s control panel - Cloudways/DigitalOcean - without issue, and it auto-renews without issue.
I use .htaccess to force http to https, again, without issue.

Problem: I now have an additional domain, redirect.com which I’d like to redirect to domain3.com. If I set up 301 redirect in htaccess it mostly works:
RewriteCond %{HTTP_HOST} redirect.com$
RewriteRule ^ http%{ENV:protossl}://domain3.com/ [R=301,L]
However:

  • if I try to add redirect.com to the LE SAN cert alongside domain1, domain2 and domain3, I can’t get my host’s control panel to create the cert; it fails because of the redirect and tells me to make sure my domains are properly pointed.
  • if I do NOT add redirect.com to the SAN cert, http://redirect.com redirects successfully to https://domain3.com but if a user goes to https://redirect.com, Chrome throws a certificate/security warning.

My host’s tech support tells me that it’s a known issue and that I can temporarily remove the redirect rule (temporarily serving content at redirect.com?), install the SAN cert through their control panel, then re-introduce the redirect rule.
BUT then the cert won’t auto-renew in 90 days, I need to manually repeat the process.

Question: Does anyone have an idea for a setup that allows https://redirect.com to redirect to https://domain3.com? Either on its own cert or as part of the SAN cert beside the other domains?
One idea: is there a rule I could add to htaccess to force https://redirect.com requests to http://redirect.com, then redirect via 301 to https://domain3.com, so I wouldn’t need a certificate for redirect.com? What would that look like?

Thanks! I’m a capable intermediate re: hosting/server/command line issues but a bit of a novice with certs.

I would expect that trying to exclude /.well-known/acme-challenge from the redirect would work. That is, redirect everything except requests to that resource.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.