URL not working properly without www

I'm having trouble understanding why sometimes my URL works with the www prefix and NOT without www. And sometimes it's just the other way around.

I'm using: Apache/2.4.59 on Fedora 39 with certbot 2.10.0 and have full acces with a root shell

Currently the URL DOES work with the www prefix and NOT without www

I've read a lot of documentation
(incl. Www needs to be redirected to non www )
and tried a lot but unfortunately with no succes
I'm looking for a hint to get me in the right direction

Tnx in adv.

Below are, in my opinion, the relevant pieces of code,
The last bit is a error massage from a online SSL checker

==========================================

httpd -t
Syntax OK

==========================================

output: Creation of Let'sEncrypte SSL certificate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/crossway.nl/fullchain.pem
Key is saved at: /etc/letsencrypt/live/crossway.nl/privkey.pem
This certificate expires on 2024-08-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for crossway.nl to /etc/httpd/conf/httpd-le-ssl.conf
Successfully deployed certificate for www.crossway.nl to /etc/httpd/conf/httpd-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://crossway.nl and https://www.crossway.nl

==========================================

part of etc/httpd/conf

<VirtualHost *:80>
	DocumentRoot /var/www/crossway.nl
	ServerName www.crossway.nl
	ServerAlias crossway.nl
	ServerAdmin email@crossway.nl
	ErrorLog logs/virtual.crossway.host-error_log
	CustomLog logs/virtual.crossway.host-access_log combined
	RewriteEngine on
	RewriteCond %{SERVER_NAME} =www.crossway.nl [OR]
	RewriteCond %{SERVER_NAME} =crossway.nl
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Include /etc/httpd/conf/httpd-le-ssl.conf

==========================================

part of etc/httpd/httpd-le-ssl.conf

<IfModule mod_ssl.c>
	<VirtualHost *:443>
		DocumentRoot /var/www/crossway.nl
		ServerName www.crossway.nl
		ServerAlias crossway.nl
		ServerAdmin mike@crossway.nl
		ErrorLog logs/virtual.host-error_log
		CustomLog logs/virtual.host-access_log combined
		Include /etc/letsencrypt/options-ssl-apache.conf
		SSLCertificateFile /etc/letsencrypt/live/crossway.nl/fullchain.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/crossway.nl/privkey.pem
	</VirtualHost>
</IfModule>

==========================================

part of .htaccess file in /var/www/abc.nl

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

##------Force HTTPS connections on entire domain ------##
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
##

==========================================

sudo cat /etc/letsencrypt/live/abc.nl/fullchain.pem
sudo cat /etc/letsencrypt/live/www.abc.nl/fullchain.pem

both commands can parse the .pem files

-----BEGIN CERTIFICATE-----
MIIEKD ..... g54iJ+gy
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjC ...... q7hHwg
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDC ....... y753ec5
-----END CERTIFICATE-----

==========================================

Error message from SSL Checker

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.

None of the common names in the certificate match the name that was entered (crossway.nl). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.

1 Like

Welcome @El-Ekim to the community

I see that requests to your base domain use a different cert than requests to your www subdomain. The above VirtualHost looks correct so I think there may be some other VirtualHost for the base domain.

You can see this result at this test site https://www.ssllabs.com/ssltest/analyze.html?d=crossway.nl&hideResults=on

We can sort out your Apache config. Can you show output of this:

sudo apachectl -t -D DUMP_VHOSTS

Fedora Apache may use httpd or apache2ctl instead of apachectl. I don't remember off-hand. Substitute these if above command does not work.

3 Likes

Hi MikeMcQ,

Tnx for the quick response. Here is a dump of the server

sudo httpd -t -D DUMP_VHOSTS


*:443                  is a NameVirtualHost
         default server crossway.nl (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost crossway.nl (/etc/httpd/conf.d/ssl.conf:56)

         port 443 namevhost www.crossway.nl (/etc/httpd/conf/httpd-le-ssl.conf:31)
                 alias crossway.nl

2 Likes

Yeah, you have your base name defined in two different VirtualHosts. Apache does not error for that but you need to have a domain defined just once for each port.

The first one (ssl.conf) may contain default SSL settings so I don't recommend deleting it. Maybe just change its ServerName from crossway.nl to DefaultServer or some other fake name you will remember.

Then restart Apache and I think you will be fine. Requests for that name will then go to the VirtualHost in httpd-le-ssl.conf which looks fine

2 Likes

in the file : /etc/httpd/conf.d/ssl.conf on line 56 there is

<VirtualHost _default_:443>

the domain crossway.nl is not present in this file (nor any domain name)

So i do not see where I did define ... the base name

the entire file:
/etc/httpd/conf.d/ssl.conf

Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

<VirtualHost _default_:443>   // this is line 56

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
1 Like

Then add a ServerName as I described. Apache creates one if omitted. It must have picked up that domain name somewhere. We can chase down where but easier to just add the ServerName

4 Likes

Oke MikeMcQ,

You were 100% right. I added in /etc/httpd/conf.d/ssl.conf an extra line 57

<VirtualHost _default_:443>
ServerName DefaultServer

That did the trick :slight_smile: It is not often that I experience such good help with my question. I did put some time into it, but I wouldn't have discovered this by myself. Thank you very much for your time and knowledge

3 Likes