How to redirect all https request to https

Question

I am a bit confused right now by all those redirects.

I have one main domain domainA.com and all its subdomains secured by a wildcard certificate. But we have multiple domains for foreign countries like domainA.ch or domainA.co.uk . These other Domains are redirected via 301 to the main domain, which works fine when the user types one of the following in his address bar: domainA.ch, www.domainA.ch or http://domainA.ch

But if he enters completely https://domainA.ch the user gets a ERR_CERT_AUTHORITY_INVALID message.

The one solution would be to a multi-domain-certificate instead of single-domain, but this would financially a big difference. The other solution is to get all other domains a vhost, secured by letsencrypt and redirected via .htaccess to the main domain.

Both solutions don't look "very fine" for me, is there a way to redirect before the browser does the handshake?

Thanks very much

domainA.com.conf:
prefix = /var/www/vhosts/system/$pool
user = __
group = __
listen = php-fpm.sock
listen.owner = root
listen.group = __
listen.mode = 0660
chdir = /
pm = ondemand
pm.max_children = 5
pm.max_spare_servers = 1
pm.min_spare_servers = 1
pm.process_idle_timeout = 10s
pm.start_servers = 1

Answer 1

Unless you have different IP address for each domain - then each one of them can have there own certificate. Otherwise you need a SAN certificate for that single IP address.

Answer 2

You can't have a wildcard cert that matches different top level domains.

When the client browser connects to https://domain.ch , it needs to see a certificate that includes that domain in the subject or a Subject Alternate Name (SAN).

So there is no easy redirect configuration for your https traffic without the correct certificate. If you have a lot of TLD domains that you just want to redirect to your global site, you should take a look at other options. Let's Encrypt certificates might be the way to go.