I guess I am trying to do three things at once, but I am trying to:
example.com
to example.com.au
example.com.au
to www.example.com.au
That is, four variations all directed to the HTTPS version.
Here are the sections in the configuration file:
<VirtualHost *:80>
ServerName example.com.au
ServerAlias www.example.com.au example.com www.example.com
ServerAdmin …
Redirect permanent / https://www.example.com.au/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com.au:443
ServerAlias example.com.au www.example.com example.com
ServerAdmin …
VirtualDocumentRoot /whatever/example.com/www
CustomLog logs/example.log combined env=!dontlog
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com.au/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com.au/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com.au/chain.pem
</VirtualHost>
The problem is that although the redirection appears to be working, the certificate doesn't seem to apply. When I attempt to open the following in my browser (without the www
):
https://example.com.au/
I get the following message:
The certificate is only valid for www.example.com.au
Now I thought that the redirect should tell the browser that it's really going to https://www.example.com.au
, but:
The question is: How do I configure the virtual host to redirect these variations to SSL using the one certificate?
My DNS server is properly set up (all names resolve correctly) and the LetsEncrypt is correct and current. Only the domain has been changed to protect the innocent.
The reason for the warning is: your browser, when trying to reach https://example.com.au/ , can't trust that 301 Redirect
respond really came from example.com.au
, since there is no such hostname in the certificate.
Since you are already using Let's encrypt certs, all you need is to split your :443
VirtualHost into 4 separate vhosts, each with its own cert, and then configure 3 of them with redirection to https://www.example.com.au/ (or, if possible, get a cert that will match all needed hostnames).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.