1

I am trying to redirect all requests to a secure non-www url. But my code is failing to redirect when I vist https://www. This is the only url that is not working, can anybody help me figure out why https://www does not redirect as planned? Here is my code:

<IfModule mod_rewrite.c>
  RewriteEngine On

  Options +FollowSymlinks

  RewriteCond %{HTTPS} =on
  RewriteRule ^ - [env=proto:https]
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ - [env=proto:http]

  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
  RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

I am using Flight php for my routing.

Kenny Chan
  • 1,232
  • 1
  • 15
  • 20
Mikkel Emil Lindblom
  • 57
  • 1
  • 11

2 Answers2

0

You added a contition to make sure your rewrites for www. are only valid for non-SSL requests.

Remove RewriteCond %{HTTPS} !=on

Daniel Ferradal
  • 2,727
  • 1
  • 13
  • 19
  • I am still getting: "This site can’t provide a secure connection". I assume I am to remove it from this string: `RewriteCond %{HTTPS} !=on RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]`. Thanks for your answer. – Mikkel Emil Lindblom Aug 31 '16 at 09:36
  • "I'm still getting..."? You didn't say anything about what you were getting. You said your `https://www` was not being redirected, and I told you that rewritecond was the cause. Remove it! What you say now sounds like a browser complaining about a CA, which has nothing to with a redirection which will happen "after" the SSL has already been negotiated. If you want to avoid to present an invalid certificate for www. you can't. But this is a different issue than a redirect. – Daniel Ferradal Aug 31 '16 at 09:42
  • Sorry about the misunderstanding, but the certificate is valid for www aswell. I am trying to achieve a redirect for https www to non-www on https. As this is the only protocol not working with my current .htaccess setup. – Mikkel Emil Lindblom Aug 31 '16 at 09:51
  • 1
    As @ezra-s said, if you get "This site can’t provide a secure connection", it's not an redirect problem, and the problem is not in your .htaccess , it's in your SSL/TLS certificate setup . – Tom Aug 31 '16 at 11:08
0

There might be SSL misconfiguration issue, because you are not getting redirection error. The error "This site can’t provide a secure connection" can blow due to certain reasons. Let me explain one-by-one below:

  • SSL certificate is not from Trusted CA (Self Signed).
  • SSL certificate has been expired.
  • SSL misconfiguration can also prompt such error message.
  • Time and date of your computer is not proper.
  • You might be using old/insecure version of SSL certificate (SHA1).
  • Using old web browser.

I suggest you check for above mentioned points.

Suggestions:

  • Get valid certificate from trusted certificate authority, whose root chain is already in leading web browsers (i.e. Comodo or Symantec).
  • Renew your SSL certificate.
  • Check your website in SSL checker tool.
  • Make time and date perfect.
  • If you are using old version of SSL certificate ask your SSL provider to reissue it.
  • Make your browsers up-to-date.

Hopefully this information will help you to solve your problem.

Gunjan Tripathi
  • 298
  • 1
  • 5