2

I would like to redirect domains on HTTP/HTTPS:

http://old.com -> https://new.com
https://old.com -> https://new.com

I have to specify the SSL key/certificate for the old domain but I'm not sure where I have to place these directives:

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/pki/tls/private/new.com.pem"
ssl.ca-file = "/etc/pki/tls/certs/new.com.crt"
}

$SERVER["socket"] == ":80" {
  $HTTP["host"] =~ "old.com|new.com" {
    url.redirect = ( "^/(.*)" => "https://new.com:443/$1" )
  }
}

I was trying to add the code below but Lighttpd reports configuration errors:

$SERVER["socket"] == ":443" {
$HTTP["host"] =~ "old.com" {
url.redirect = ( "^/(.*)" => "https://new.com:443/$1" )
   }
ssl.engine = "enable"
ssl.pemfile = "/etc/pki/tls/private/old.com.pem"
ssl.ca-file = "/etc/pki/tls/certs/old.com.crt"

}
HTF
  • 3,148
  • 14
  • 52
  • 82
  • What configuration errors are reported? Did you add a whole new `$SERVER["socket"] == ":443"` instead of modifying the existing one? – Shane Madden Sep 22 '12 at 19:58

1 Answers1

1

You can't do that.

There can be only one certificate per port.

The possible solutions are:

  1. You get another IP address and specify the old certificate here.
  2. You get a multi domain certificate (which is valid for both the old and the new domain name).
cstamas
  • 6,707
  • 25
  • 42
  • 1
    Actually, TLS Server Name Indication [is supported in lighttpd](http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL#Server-Name-Indication-SNI). One of these days, there will be little enough Windows XP in the world that we'll be able to use it - but for the asker's needs, Windows XP support may be unneeded. – Shane Madden Sep 22 '12 at 20:03
  • @ShaneMadden yes, somewhat true... However I would not deploy it today. – cstamas Sep 23 '12 at 00:38