How does it redirect to https (apache)


#1

I asked letsencrypt (certbot) to redirect everything to https, and I’m happy to see it achieved that. I’m just trying to understand how it did, but all I can find is a /etc/apache2/sites-available/le-redirect-mydomain.conf file containing a rewrite rule. But there is no symlink to it in sites-enabled, nor any other obvious reference to that file. Can someone help me understand how it works ?


#2

Hello @Gnur,

There is an open issue regarding this redirect bug https://github.com/certbot/certbot/issues/3137

Regarding how your site is being redirected right now, it is possible that you have a RewriteRule on default conf file 000-default.conf or that you had previously activated the header HTTP Strict Transport Security and your browser is trying to get your https site directly instead of http.

You could check which conf files have a RewriteRule or Redirect directive using this command:

grep -Ei "(rewrite|redirect)" /etc/apache2/sites-enabled/*

If you can’t see any RewriteRule nor Redirect, double check whether your site is being redirected or not.

curl -I http://yourdomain

And if it is being redirected you should see something like see:

HTTP/1.1 301 Moved Permanently   <--- this is the redirect rule
Date: Thu, 21 Jul 2016 10:55:05 GMT
Server: Apache/2.4.10 (Debian)
Location: https://yourdomain/     <--- here the domain is being redirected to https location
Content-Type: text/html; charset=iso-8859-1

If it is not being redirected you should see something like this:

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2016 10:59:45 GMT
Server: Apache/2.4.10 (Debian)
Last-Modified: Thu, 21 Jul 2016 10:27:04 GMT
ETag: "2b60-53822c2585874"
Accept-Ranges: bytes
Content-Length: 11104
Vary: Accept-Encoding
Content-Type: text/html

Cheers,
sahsanu


#3

Thanks for the detailed reply. Indeed it seems I am actually not redirected (when testing with curl for example). My browser must have remembered something.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.