stackoom
  简体   繁体   中英

Apache Redirect & HTTPS

 原文  2017-05-01 10:47:02       apache/ ssl/ redirect/ virtualhost

Question

I guess I am trying to do three things at once, but I am trying to:

  • direct example.com to example.com.au
  • direct example.com.au to www.example.com.au
  • direct HTTP to HTTP

That is, four variations all directed to the HTTPS version.

Here are the sections in the configuration file: 

<VirtualHost *:80>
    ServerName example.com.au
    ServerAlias www.example.com.au example.com www.example.com
    ServerAdmin …
    Redirect permanent / https://www.example.com.au/
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com.au:443
    ServerAlias example.com.au www.example.com example.com
    ServerAdmin …
    VirtualDocumentRoot /whatever/example.com/www
    CustomLog logs/example.log combined env=!dontlog

    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/live/www.example.com.au/cert.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/www.example.com.au/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/www.example.com.au/chain.pem
</VirtualHost>

The problem is that although the redirection appears to be working, the certificate doesn't seem to apply. When I attempt to open the following in my browser (without the www ): 

https://example.com.au/

I get the following message: 

The certificate is only valid for www.example.com.au

Now I thought that the redirect should tell the browser that it's really going to https://www.example.com.au , but:

  • the address bar stays the same
  • the certificate is invalid, presumably because the address bar stays the same

The question is: How do I configure the virtual host to redirect these variations to SSL using the one certificate?

My DNS server is properly set up (all names resolve correctly) and the LetsEncrypt is correct and current. Only the domain has been changed to protect the innocent.

1 answers

solution1
 0 ACCPTED  2017-05-03 11:30:06

The reason for the warning is: your browser, when trying to reach https://example.com.au/ , can't trust that 301 Redirect respond really came from example.com.au , since there is no such hostname in the certificate.

Since you are already using Let's encrypt certs, all you need is to split your :443 VirtualHost into 4 separate vhosts, each with its own cert, and then configure 3 of them with redirection to https://www.example.com.au/ (or, if possible, get a cert that will match all needed hostnames).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question apache redirect HTTPS to canonical HTTPS apache .htcaccess redirect to https apache http: redirect to https: Apache redirect from https Redirect HTTPS to HTTP in Apache Apache www HTTPS Redirect apache - redirect to https://www Redirect HTTPS to HTP on Apache Apache Https to Http Redirect Apache2 - Resolving redirect to https
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM