Apache Conditional Redirect HTTP to HTTPS

Question

all. I have a syntax problem. I've tried following other sources, but It's just not working.

I've successfully created an unconditional HTTP to HTTPS redirect. Go to http://www.robjvargas.com, wind up at HTTPS. All well and good there.

But now my certificate seems to need HTTP. It's using Let's Encrypt, and so needs renewal every 90 days. With the redirect in effect, a dry-run fails. With the redirect off, the dry run succeeds.

So I tried to put a RewriteCond in to exempt the cert renewal traffic:

# HTTP to HTTPS redirect
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{Request_URI} !^./acme-challenge/*
RewriteRule (.*) https://www.robjvargas.com$1 [R,L]

Only it doesn't work. I think I'm missing something worthy of a forehead slap once I see it, but I'm not seeing it. With the code above, the HTTP to HTTPS redirect still seems universal. So, clearly, the RewriteCond is incorrect. The period before the URI is probably wrong, but I've tried both with and without that.

I also put the full URI into the RewriteCond, but that didn't exempt it, either.

I'm close. I don't get any errors. It just never meets the intended condition.

What am I missing?

cetteup · Accepted Answer · 2018-02-26T17:17:38.970

But now my certificate seems to need HTTP.

This is not quite correct. I am personally renewing over https. In order for that to work however, you need make sure to allow access to the challenge URI in your https VirtualHost by copying the relevant part from the http VirtualHost. If you can't or don't want to do that, here's how to make it work over http with the conditional redirect you started to write.

The problem is that your current regex would match the challenge uri. According to the Apache Docs the REQUEST_URI starts with the / so you should look for the challenge uri like this: ^\/\.well-known\/.*$. This will match the challenge URI (http://example.com/.well-known/acme-challenge).

All put together:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^\/\.well-known\/.*$
RewriteRule (.*) https://www.robjvargas.com/$1 [R,L]

In case of future troubles, use this: htaccess tester

That appears to do the trick. I'm confused by your suggestion. It makes sense, but I didn't do anything to the HTTP VirtualHost to enable that. I mean, I had to manually create it for initial issuance to succeed. But didn't do anything in particular to Let's Encrypt to get it to succeed. In any event, all http except to ./.well-known redirects to https, and the dry run succeeds. Thank you, @taduuda — Rob Vargas, Feb 26 '18 at 17:57

score 3 · Answer 2 · answered Aug 21 '22 at 22:03

3

In my Virtualmin server, following line did the trick.

RedirectMatch ^/(?!.well-known)(.*)$ https://phpmyadmin.example.com/$1

answered Aug 21 '22 at 22:03

Vajira Lasantha

131
3

1

I like this one better because it doesn't need mod_rewrite, but instead uses the simpler mod_alias. And it's a one-liner. :) Can confirm that it works. – Vilx- Nov 06 '22 at 19:29

Apache Conditional Redirect HTTP to HTTPS

2 Answers2