在https上的www到非www不能正常工作
[英]www to non www on https not working
问题描述
I know that this is somewhat a common question BUT I've done my part and tried everything people suggested on other questions and nothing works out so please bear with me... 
我知道这是一个常见的问题,但是我已经尽了自己的本分,并尝试了其他人在其他问题上提出的所有建议,但没有任何效果,因此请耐心等待...
I have a website that I've purchased an SSL certificate yesterday, I managed to move the site to https completely but I'm still having this problem: 我有一个昨天购买了SSL证书的网站,我设法将网站完全移至https,但是仍然遇到此问题:
When a user tries to reach the site on https with WWW, I get a certificate error. 当用户尝试使用WWW通过https到达站点时,出现证书错误。
Every other combination works fine (http://www to https:// non www works).
So basically my end goal is to get the user to the https://nonwwwversion of a URL from every combination 所以基本上我的最终目标是让用户从每种组合中使用URL的https://nonwwwversion
Example: User tries to reach site from a link which is like 示例:用户尝试通过类似的链接访问网站
https://www.example.com/xyz
they should be redirected to 他们应该重定向到
https://example.com/xyz
but it just doesn't work. 但这是行不通的。
The site is wordpress, I've attacked this from every possible angle but couldn't get it to work, neither did the hosting guys unfortunately. 该站点是wordpress站点,我已经从各个角度进行了攻击,但是无法正常工作,不幸的是,托管人员也没有。
The SSL is a RapidSSL Standard, which has the non www. SSL是RapidSSL标准,具有非www。 version of the site as common name, maybe thats the problem? 网站的通用名称版本,也许就是问题所在?
My .htaccess file looks like this: 我的.htaccess文件如下所示:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond ^www\. [NC]
RewriteRule ^ https://mysite.com%{REQUEST_URI} [R=301,NE,L]
# BEGIN W3TC Browser Cache
# END W3TC Browser Cache
# BEGIN W3TC Page Cache core
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} =on
RewriteRule .* - [E=W3TC_SSL:_ssl]
RewriteCond %{SERVER_PORT} =443
RewriteRule .* - [E=W3TC_SSL:_ssl]
RewriteCond %{HTTP_COOKIE} w3tc_preview [NC]
RewriteRule .* - [E=W3TC_PREVIEW:_preview]
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} =""
RewriteCond %{REQUEST_URI} \/$
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC]
RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html" -f
RewriteRule .* "/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html" [L]
</IfModule>
# END W3TC Page Cache core
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
2 个解决方案
解决方案1
0 2015-01-09 02:48:56
It sounds like the problem is you don't have a valid SSL cert for www . 听起来像是问题在于您没有适用于www的有效SSL证书。 If you didn't order it that way you only got domain.com . 如果您不以这种方式订购,则只会得到domain.com 。 You should ALWAYS order the www version then you automatically get the non domain version but that is not always the case the other way around depending on the CA you get it from. 您应该始终订购www版本,然后您会自动获得非域版本,但是根据您从其获得证书的CA,情况并非总是如此。
The problem is it has to do the handshake and connect to the site before any rewrite rule will take place. 问题在于,必须进行握手并连接到站点, 然后才能执行任何重写规则。 So if you don't have a valid cert for WWW , most likely you will get a WARNING page stating it's unsafe and not to trust the site. 因此,如果您没有针对WWW的有效证书,则很可能会收到一个警告页面,指出该页面不安全并且不信任该网站。
The only way to fix that is to get another cert that contains both WWW and Non WWW . 解决的唯一方法是获取同时包含WWW and Non WWW另一个证书。 Remember WWW is actually just another subdomain. 请记住, WWW实际上只是另一个子域。
Remember create the CSR with the www.domain.com version and they will give you non www version included(Most CA's will). 请记住,使用www.domain.com版本创建CSR,它们会为您提供非www版本(大多数CA都会这样做)。 So you don't have to pay extra. 因此,您不必支付额外的费用。
解决方案2
0 2015-04-01 09:46:31
RapidSSL covers both www and non-www, BUT you have to order your certificate with www (www.domain.com), which means your Common Name must be written with www when creating your CSR on the server. RapidSSL涵盖www和非www,但必须通过www(www.domain.com)订购证书,这意味着在服务器上创建CSR时,必须使用www来写您的通用名称。 If you order the certificate without www (domain.com), then the www option will not be automatically covered by the certificate. 如果订购不带www(domain.com)的证书,则证书将不会自动覆盖www选项。
www.domain.com is a subdomain to domain.com, many people forget that. www.domain.com是domain.com的子域,很多人都忘记了这一点。 This means, if you order it without www, it means you might not want the subdomains to be included in your SSL, which is why they don't provide it by default in a package. 这意味着,如果订购时不带www,则意味着您可能不希望将子域包含在SSL中,这就是为什么默认情况下它们未在软件包中提供子域的原因。
I have made the same mistake buying my first certificate at RapidSSL, I canceled the order (we got a refund, cause it was canceled within 30 days) and then reordered the new one with www as Common Name and it worked. 我在RapidSSL购买我的第一个证书时犯了同样的错误,我取消了订单(我们退款,原因是在30天内被取消了),然后用www作为通用名称重新订购了新证书,它可以正常工作。
When it comes to redirects, if you have server access, in Apache this is the best option to redirect to https 重定向时,如果您具有服务器访问权限,那么在Apache中,这是重定向到https的最佳选择
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
Redirect / https://domain.com
</VirtualHost>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.