Redirect to https not working


#1

I’ve looked thru all similar topics on this forum and other places around the net, I can’t seem to find the solution.

I have installed the Let’s Encrypt certificate successfully, but I can’t get auto-redirect from http to work. Redirect is set via /etc/apache2/sites-available/domain.com.conf file. Here is the contents of the file:

<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin webmaster@localhost
DocumentRoot /home/username/public_html/domain.com/

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteCond %{THE_REQUEST} !/(robots.txt|sitemap.xml)\s [NC]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

The file is linked to its sites-enabled symlink correctly. I tried to restart apache2 service, tried disabling the local .htaccess file for this site, but all to no avail. I scanned thru all the .conf files and made sure this domain is not mentioned in any other .conf file. The weird thing is, redirect does work with some of my websites located on the same server, but with some, it does not.

I’ve tried looking thru the log files, but haven’t found anything specific.

Please help, I’m clueless!


#2

Hi @Angel996

your certificate works with your non-www version. But not with your www-version. It has only one domain name. So create one certificate with two domain names.

That’s something like

GET /index.html HTTP/1.1

I don’t think you want to check that, it’s always not robots.txt or sitemap.xml.


#3

I’m sorry, I don’t understand. This .conf file was created automatically by certbot, and the same .conf file works for some other domains. And yes, I actually have two certificates for each domain: one for the www and one for “bare” 2nd level domain, it’s all been done automatically by certbot.


#4

Then share your domain name. Or use a tool like https://check-your-website.server-daten.de/ to check it. The protocol of your topic has your domain name. But it’s nearly impossible to find errors without checking the domain.


#5

Who created the rewrite rule?
It doesn’t seem to work.


#6

I’m sorry, I don’t really understand the point of sharing the domain name, I don’t have a problem with my certificate installation or https version whatsoever, I have a problem with redirecting from http to https version. Obviously, the rewrite rule is not working. I know this is more of an Apache question, but I just thought it would be a typical issue for Letsencrypt users, especially because it was certbot that created the rewrite rule and other Letsencrypt users may have already come across it. Maybe I’d really better off trying Apache support forums…


#7

That simply makes it a lot easier for us to help you.
Nonetheless, he did include an OR on that line:

Then show that part of the coding.

Ok…
Let us know how that goes…


#8

I don’t understand the point of checking it from client side. It’s a 100% server side problem. I kind of expected some replies like “check this and that config file and log file and post log output here” something.

I’ve tried https://check-your-website.server-daten.de/ This site does a lot of stuff checking certificates and DNS records, it won’t help troubleshoot Apache configuration.

I have a weird feeling about this really. Looks like you don’t understand the nature of the problem. It’s a problem with Apache config. It’s supposed to generate the 301 header which it does not. There’s no point checking it at browser side.


#9

But this is what we do.
And we do understand that it can show things you might not see nor understand.

And now I repeat myself:


#10

We can’t tell what is wrong (nor how to fix it) if you don’t show us anything at all.

The config shows us what it should be doing.
The browser check shows us what it is actually doing.
Sometimes you have to look at it form both sides to see the true picture.


#11

Found it.

The reason was that I moved some of the domains from another server, so I copied all the .conf files from there. Because the IP was different, I had to reissue and reinstall the certificates. For some twised reason, Certbot created a <VirtualHost *:80> section inside every *-le-ssl.conf (which I thought was only for the 443 port connections), but the redirect section there was commented out. So, instead of domain.com.conf file, a domain.com-le-ssl.conf file was actually used for port 80 connection. I didn’t realize the “SSL” .conf file also had a “port 80” section. Instead, I was looking for an error in the domain.com.conf file which was not used at all.

The solution is either to uncomment the redirect section of the *-le-ssl.conf file, or remove <VirtualHost *:80> section completely from it, to allow the *.conf file to take over.