How to setup HTTP to HTTPS redirection?


#1

my domain name:extremesportsindia.com

My website is fully based on angularjs and i have a ssl of let’s encrypt but the problem is that when i am typing ‘https’ on url only then it is showing that my site is secure but when i am simply typing ‘http’ or site name then it is showing that my site is not secure by and large it is not redirecting on ‘https’ so please help me out what should i do now?


Cannot create SSL certificate - unauthorized
Unable to install SSL after many trials
#2

You should send a redirect from HTTP to HTTPS.

Since you seem to be using Express.js, perhaps you can use this middleware: https://stackoverflow.com/a/24015460


#3

so how it will redirect from ‘http’ to ‘https’ .and yes i am using express.js so tell me the way and procedure too that how i can rectify it.


#4

where should i use that https://stackoverflow.com/a/24015460 instruction.
means that should i use it within express.js file or where?


#5

Hi @manisha97

your site uses the wrong certificate (checked with https://check-your-website.server-daten.de/?q=extremesportsindia.com ):

CN=extremesportsindia.com
	10.01.2019
	10.04.2019
expires in 22 days	extremesportsindia.com - 1 entry

The certificate has only one domain name.

But you have both dns entries (non-www and www, that’s good, don’t remove that):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
extremesportsindia.com A 142.44.163.35 yes 2 0
AAAA yes
www.extremesportsindia.com C extremesportsindia.com yes 1 0
A 142.44.163.35 yes

Result: Your www version isn’t secure:

Domainname Http-Status redirect Sec. G
http://extremesportsindia.com/
142.44.163.35 200 0.213 H
http://www.extremesportsindia.com/
142.44.163.35 200 0.214 H
https://extremesportsindia.com/
142.44.163.35 200 1.250 B
https://www.extremesportsindia.com/
142.44.163.35 200 0.986 N
Certificate error: RemoteCertificateNameMismatch

So before you add redirects:

Create a new certificate (same method as earlier), but add both domain names.

If you use Certbot, add

-d extremesportsindia.com -d www.extremesportsindia.com

to create the correct certificate.


#6

My openssl has been expired and i want to reinstall it how i can reinstall my let’s encrypt open zerossl??


#7

Create a new certificate with the same command.

If you use ZeroSSL, you have to do that manual. Every 60 - 85 days.


#8

so should i remove all the old certificates to renewing it.


#9

No.

Never remove old certificates if you don’t know you need them again.

An expired certificate is better then no certificate.

Create a new and install it. Then the old certificate is replaced.


#10

when i am creating a certificate then it showing


#11

You have a redirect http -> https, but your app running https doesn’t support the validation file.

Your http instance shouldn’t redirect

/.well-known/acme-challenge


#12

so what should i do now ??


#13

You have added a redirect. So remove that redirect to create a new certificate. Then add it again.


#14

okh thanks a lot. but i wanted to know if i want to renew it then what would be the command in centos??and is there any other way to do it without removing redirection??


#15

Please read the basics.

Then select a client you run on your machine.

Then explain your setup, it’s completely unclear.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#16

My domain is:extremesportsindia.com

I ran this command:creating certificate through zerossl.and when doing verification then

It produced this output:

My web server is (include version): Unknown

The operating system my web server runs on is (include version):centos 7.

My hosting provider, if applicable, is: Hosted by OVH

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no i am using ssh access.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot-auto --version
[/quote]


#17

If you have root access, why do you use zerossl? You have to do that every 60 - 85 days, that’s terrible.

With shell access, you should always be able to use your own certbot or certbot-auto.

And what webserver runs on port 80? There is already an instance you can use.


#18

Two reasons are most likely:

  • Either the verification files are put in the wrong place
  • Or your server is not configured to serve the files with no extensions

To understand which is it, put test.txt file with some text into the same directory where you put the verification files, see if you can access that. If you can, it’s likely the second reason, in which case create a file without extension in the name and try accessing that. If you cannot, then it’s likely the former.

In any case, the web server logs might actually help you to figure what’s happening.


#19

Yes, you shouldn’t need to use ZeroSSL at all in this case; you should be able to automate the process with Certbot!