Redirect http to https

Question

I have a small issue I cannot solve. I run Apache on Ubuntu 16.04 and after installing a Let's encrypt cert, all works except for this...

When I type mydomain.com, it goes automatically to https://mydomain.com

When I type www.mydomain.com, it goes automatically to https://mydomain.com

When I type mydomain.com, it goes automatically to https://mydomain.com

When I type http://mydomain.com, it goes automatically to https://mydomain.com

But when I type http://www.mydomain.com, it stays in insecure http://www.mydomain.com

Here are the conf files...

nuc@nuc:~$ cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
    ServerName mydomain.com
    ServerAlias www.mydomain.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

and...

nuc@nuc:~$ cat /etc/apache2/sites-available/000-default-le-ssl.conf 
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName mydomain.com
    ServerAlias www.mydomain.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>

Any help would be greatly appreciated... :-)

Does this answer your question? Redirect people after SSL is set up — pa4080, Feb 28 '20 at 07:49
Edwin, I will suggest you to do what @JucaPirma has suggested. For the record, in your configuration file mentioned above, you have added only one "RewriteCond" which is comparing with "=mydomain.com". You should add one more "RewriteCond" for "=www.mydomain.com" or use "RewriteCond" to match an expression. — Kishan Parekh, Feb 28 '20 at 08:40
For me it sounds as cache issue, does this happen when a new incognito window is in use? — pa4080, Feb 28 '20 at 09:08

score 1 · Answer 1 · answered Mar 09 '19 at 02:02

1

Instead of using mod_rewrite, how about just use

Redirect / https://mydomain.com/

answered Mar 09 '19 at 02:02

JucaPirama

406
2
10

Antonin GAVREL · Answer 2 · 2020-03-02T15:03:48.670

Full detailed answer on how to proceed since I had some trouble while it is very simple:
Once you got your 3 certificates (private.key, certificate.crt, ca_bundle.crt) from Let's encrypt or https://www.sslforfree.com/ :

1/ upload them to the remote server:
On the remote server that you are connected (nb: obviously you can choose another name or even location instead of 'certificates', just be consistant for after):

mkdir /etc/ssl/certificates

On your machine (assuming you unziped the 3 files in the sslforfree folder):

scp  ~/Downloads/sslforfree/* ubuntu@{replace with you server adress, if aws you can use the elastic IP}:/etc/ssl/certificates

Alternatively you can use some ftp software like filezilla or use rsync. I just think that scp myfiles ubuntu@156.185.219.228:/etc/ssl/certificates is very simple if you are using ubuntu on your own computer.

2/ Edit the config files located at /etc/apache2/sites-available on your server

cd /etc/apache2/sites-available && chmod 777 *

then use your favorite editor and you can replace in 000-default.conf :

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

with (assuming your site dns is mysite.com):

ServerName http.mysite.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
Redirect permanent / https://mysite.com/

3/ Then edit default-ssl.conf (bonus: the 4th item will enable the favicon located at /var/www/html, which is obviously something you also want if you go through the hassle of getting SSL, ctrl+shirt+R to force the cache of your browser to load it later on):

ServerAdmin webmaster@localhost
ServerName mysite.com
DocumentRoot /var/www/html
AddType image/x-icon .ico

and enable SSL by changing the path for two first and removing the hashtag and changing the path for the third item:

SSLCertificateFile  /etc/ssl/certificates/certificate.crt
SSLCertificateKeyFile /etc/ssl/certificates/private.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
SSLCertificateChainFile /etc/ssl/certificates/ca_bundle.crt

4/ Enable the module, default-ssl.conf and finally reload config for apache2 server:

sudo a2enmod ssl &&
sudo a2ensite default-ssl.conf &&
sudo systemctl reload apache2

Don't forget to reset permissions to default: chmod 644 *

Your site is now secured through permanent redirect to https!

ok I edited, thank you ;) – Antonin GAVREL Mar 02 '20 at 01:40 — Antonin GAVREL, Mar 02 '20 at 01:40

Redirect http to https

2 Answers2