Redirect www to non-www shows cert warning

My domain is: otofacts.com

i have this in my .htaccess

<IfModule mod_rewrite.c>

RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]

RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

RewriteCond %{HTTP_HOST} ^54\.xxx\.xxx\.xxx$

RewriteRule ^(.*)$ https://otofacts.com/$1 [L,R=301]


RewriteCond %{HTTP_HOST} ^www\.otofacts\.com$ [NC]

RewriteRule ^(.*)$ https://otofacts.com/$1 [R=301,L]

</IfModule>

I'm trying to get it to redirect to https://otofacts.com

So far these scenarios fail

  1. https://www.otofacts.com/
  2. https://54.xxx.xxx.xxx

These 2, will show a " Your connection is not private" warning on chrome. But when i proceed to unsafe. it does redirect correctly to otofacts.com

Any idea what i'm missing here? Thanks

Your certificate contains only the domain name without the www prefix. You may want to generate another certificate, including the www.otofacts.com version too.

1 Like

so generate 2 different certs on my AWS EC2?

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

and

sudo certbot --apache -d yourdomain.com -d yourdomain.com

thats all?

No.
You should only keep the certificate containing both version (host) of your domain.

Only this^

After you generated and installed the certificate (and confirmed it's working on both versions), you can use sudo certbot delete to delete the single certificate version.

If the certbot version is new enough, it'll ask to expand the existing certificate (which you should say "Yes" to) and there will be nothing to delete :wink:

1 Like

Ok, i followed this tutorial here How to Install Let’s Encrypt with Apache2 on EC2 Ubuntu 18.04 | Linuxbeast

ran this code

sudo certbot certonly --apache

and activate HTTPS for both otofacts.com and www.otofacts.com. it asked if i should replace the old cert, i chose yes.

now https://www.otofacts.com still shows the cert warning. but www.otofacts.com in address bar redirects correctly.

in my <VirtualHost *:443> i added this too

RewriteCond %{HTTP_HOST ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [L,R=301]

Any idea what i'm missing?

Your server still uses the same certificate as before.

2 Likes

You shouldn't rely on the redirect to fix the certificate issue.
Also, why did you use the certonly flag this time?

Using the certonly flag don't do any good on this instance, and will still require you to manually reload your apache webserver every single time your certificate reloads.

systemctl reload apache2

Ok, i pointed the SSLCertificateFile and SSLcertificateKeyFile to the proper .pem's

now it works after i restarted apache.

sudo systemctl restart apache2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.