Question

Apache, non-WWW to WWW (HTTPS/Secure) and Let's Encrypt

Posted August 10, 2019 5.9k views
ApacheConfiguration ManagementLet's EncryptUbuntu 18.04

Okay, so I’ve been able to install a Let’s Encrypt cert on my site, and I want all variations of my domain name to go to https://www.

I’ve been able to redirect the insecure http versions (both www and non-www) to the https://www version, but I cannot figure out how to get the https://[non-www] version to redirect. All I get is an internal 500 error.

Normally, I use the one config file to handle everything, but since Let’s Encrypt generated it’s own config, I’m unsure what to do.

Here is my “normal” config file; basic and just “gets the job done”.

UseCanonicalName On

<VirtualHost *:80>
  ServerName www.domain.co.uk
  ServerAlias domain.co.uk
  DocumentRoot /var/www/html/domain
  Redirect permanent / https://www.domain.co.uk
</VirtualHost>

Here’s my Let’s Encrypt.

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerAdmin admin@domain.co.uk

    ServerName www.domain.co.uk
    ServerAlias domain.co.uk

    DocumentRoot /var/www/html/domain

    <Directory /var/www/html/domain/>
      Options FollowSymLinks
      AllowOverride All
      Require all granted

      # Redirect non-www to www
      RewriteEngine On

      RewriteCond %{HTTP_HOST} !^www\. [NC]
      RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/domain.co.uk/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.co.uk/privkey.pem
  </VirtualHost>
</IfModule>

Where I’ve got the “Redirect non-www to www are the few lines where I’ve tried to make the changes.

I’ve been struggling on this for months, and I’m just out of ideas.

I have tried a CNAME record for www, and now I have A Records for @.domain and www.domain.

My htaccess file for the site is simply used for the actual site and files (because WordPress), and I’d rather keep it that way.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hello,

I have a good news for you! The fix is realy easy, all you need to do is to move the RewriteRule just out of the <Directory></Directory> block.

So it would look something like this:

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerAdmin admin@domain.co.uk

    ServerName www.domain.co.uk
    ServerAlias domain.co.uk

    DocumentRoot /var/www/html/domain

    <Directory /var/www/html/domain/>
      Options FollowSymLinks
      AllowOverride All
      Require all granted
    </Directory>

    # Redirect non-www to www
    RewriteEngine On

    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/domain.co.uk/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.co.uk/privkey.pem
  </VirtualHost>
</IfModule>

I’ve tested this with my site and I can confirm that it definitely works!

As always, make sure to backup your config and to run a config test before restarting Apache.

Hope that this helps!
Regards,
Bobby

  • Thank you so much! Such a simple fix! :-D

  • If you are getting an “invalid certificate” or “non-private connection” error while testing this configuration in your browser, it’s possible that your certificate is only issued for a base domain (or only www subdomain) in which case browsers will block the connection: I had this issue and it was driving me crazy. In this case, you just need to extend your certificate to www subdomain:

    certbot certonly --standalone -d domain.com -d www.domain.com

    and then select “E” for “Expand” when asked by certbot.

    Also: Google Chrome hides “www” part of the domain name (Firefox and Opera do not, as of this comment) so if you are not sure “www” redirection works, you can copy-paste from address bar in Chrome to ensure it does work.

Submit an Answer