Question

How do I permanently redirect www.subdomain to subdomain when using Wildcard SSL

I’ve setup a staging server for client viewing using a URL structure of subdomain.domain.tld (e.g.: client-abc.my-staging-site.com, client-xyz.my-staging-site.com, or whatever.my-staging-site.com).

  • subdomain = “client site name”
  • domain.tld = “my staging domain with top-level-domain.”

Please note that I’ve already installed a Wildcard SSL.

Thus far, I can get www, none-www, and none-ssl (i.e., http) to redirect to none-www with ssl (i.e., https) within my apache vhost file (see below).

I.E., I have the following URLs redirecting successfully to https://subdomain.domain.tld/…

Which is accomplished via this apache vhost file, subdomain.domain.tld.conf:

<VirtualHost *:80>
    # vhost domain with www in front of subdomain
    ServerName www.subdomain.domain.tld

    # permanent redirect www to none-www and http to https
    # must have a second <VirtualHost *:80> set up
    # change https to http if there is no SSL certificate
    # this is faster than .htaccess;
    Redirect permanent / https://subdomain.domain.tld/
</VirtualHost>

<VirtualHost *:80>
    # vhost domain without www in front of subdomain
    ServerName subdomain.domain.tld

    # rewrite rules enabled
    RewriteEngine On

    # redirect http to https
    # comment out if there is no SSL certificate
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R=301,L]
    
    #…all other normal config stuff goes here…

</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        # vhost domain
        ServerName subdomain.domain.tld

        #…all other normal config stuff goes here; including ssl stuff…

    </VirtualHost>
</IfModule>

However I can not get the following to redirect to https://subdomain.domain.tld/…

I’ve tried using rewrite rules in both the vhost conf file and .htaccess file, e.g.,…

# rewrite rules
RewriteEngine On

# remove the www on sub-domains; however because the ssl is called before the rewrite rules
# the browser will complain; if using a wildcard ssl, only the first sub-domain level 
# is supported the workaround could be to add every virtual host name in the Subject Alternative 
# Name (SAN) extension, the major problem being that the certificate will need to be reissued 
# whenever a new virtual server is added; nonetheless, if the end-user accepts the security 
# risk and proceeds, the url will be rewriting to the none-www which is secure
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [QSA,R=301,L]

Please also note, for some reason, when accepting the browser warning for security risk the browser retains the URL of https://www.subdomain.domain.tld/ (not good) and displays the files from the very first vhost on the server (also not good). If I can’t redirect, at least help me figure out how to disable this odd result.

Any suggestions would be welcome. Thanks in advance.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

If the virtualhost with the redirect is not being called when you use www.subdomain.domain.tld you may want to add a ServerAlias directive under the ServerName for that virtualhost.

ServerAlias www.subdomain.domain.tld

Since all traffic that matches that Virtualhost is redirected to the correct place this should solve the problem as it will be the first VirtualHost that will match based on the requested name.