Auto-renew with htaccess redirect on multidomain site


Background: I’ve got a multidomain Drupal site - the same folder serves, and, serving somewhat different content for each.
I can install a LE SAN cert from my host’s control panel - Cloudways/DigitalOcean - without issue, and it auto-renews without issue.
I use .htaccess to force http to https, again, without issue.

Problem: I now have an additional domain, which I’d like to redirect to If I set up 301 redirect in htaccess it mostly works:
RewriteCond %{HTTP_HOST}$
RewriteRule ^ http%{ENV:protossl}:// [R=301,L]

  • if I try to add to the LE SAN cert alongside domain1, domain2 and domain3, I can’t get my host’s control panel to create the cert; it fails because of the redirect and tells me to make sure my domains are properly pointed.
  • if I do NOT add to the SAN cert, redirects successfully to but if a user goes to, Chrome throws a certificate/security warning.

My host’s tech support tells me that it’s a known issue and that I can temporarily remove the redirect rule (temporarily serving content at, install the SAN cert through their control panel, then re-introduce the redirect rule.
BUT then the cert won’t auto-renew in 90 days, I need to manually repeat the process.

Question: Does anyone have an idea for a setup that allows to redirect to Either on its own cert or as part of the SAN cert beside the other domains?
One idea: is there a rule I could add to htaccess to force requests to, then redirect via 301 to, so I wouldn’t need a certificate for What would that look like?

Thanks! I’m a capable intermediate re: hosting/server/command line issues but a bit of a novice with certs.


I would expect that trying to exclude /.well-known/acme-challenge from the redirect would work. That is, redirect everything except requests to that resource.