Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
WP Multisite, different Domains, 1 Install Question Question
Moving my wordpress install to a sub-folder Question Question

Question

Potential Security Risk Ahead Error on non-www urls

Posted June 18, 2020 2k views
UbuntuWordPress

My issue is when I open my website without WWW then it doesn’t redirect to https://www.admecindia.co.in, in result page doesn’t open up and shows ‘Security Error’ like this:

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to admecindia.co.in. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

When i click on the Advanced Button given there, then it shows this.

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for admecindia.co.in. The certificate is only valid for www.admecindia.co.in.

Error code: SSL_ERROR_BAD_CERT_DOMAIN

my .htaccess code is:

<IfModule mod_rewrite.c>
 RewriteEngine On
  RewriteBase /

  RewriteCond %{HTTP_HOST} ^admecindia\.co\.in$ [NC]
  RewriteRule ^(.*)$ https://www.admecindia.co.in/$1 [L,R=301]


  RewriteRule ^index\.php$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.php [L]

</IfModule>

thanks

Add a comment
ravibhadauria143
By:
ravibhadauria143
edited by MattIPv4

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
WP Multisite, different Domains, 1 Install Question Question
Moving my wordpress install to a sub-folder Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev June 18, 2020

Hi there @ravibhadauria143,

It looks like that your Let’s Encrypt was issued only for the www version of your domain name.

I would recommend issuing a new SSL certificate which would include both the non-www and the www version.

To do that, I would recommend following the steps from this tutorial here:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

Basically, when you run the certbot command, you need to make sure that you specify the two versions:

  • sudo certbot --apache -d your_domain -d www.your_domain

Hope that this helps!
Regards,
Bobby

How To Secure Apache with Let's Encrypt on Ubuntu 18.04
by Kathleen Juell
by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically.
Reply Report

Related

Looking for something else?

Ask a new question Search for more help