How to avoid SSL warnings about certificate not for the current site when redirecting alternate domains?

redirects 301-redirect https security-certificate http
5,348

Cloudflare is a free solution for redirecting your alternate domains with HTTPS support. Here are detailed instructions for setting it up:

  1. Visit Cloudflare
  2. Create an account and verify your email address
  3. Use the "add a site" feature to add your alternate domain under their free plan. If you are creating an account, it should ask you to do this as a step of the account creation process.
  4. Set up your DNS at Cloudflare
    • Cloudflare will import your DNS from your current web host
    • Keep all TXT, SOA, and MX records as well as any subdomains that you don't want cloudflare to redirect.
    • Ensure that records you do want cloudflare to redirect are "Proxied". Click on the icon in the "Proxy status" column to change whether or not they are proxied. Proxied records will be handled by Cloudflare's web servers.
    • Since we will later add a redirect rule, the IP address you enter for proxied A records doesn't actually matter, no traffic will ever go to it.
    • Make sure you have a proxed A record for the domain apex (@)
    • I also have a wildcard subdomain proxied A record (*) so that all subdomains (including www) get redirected.
  5. Go to your DNS registrar and update your nameserver (NS) records to be the values that Cloudflare gives you.
  6. Cloudflare will try to verify these for you. Don't worry if that doesn't work right away, the verification could take a few hours and Cloudflare will retry it for you.
  7. Go to "Page Rules" and add the following rule to do the redirect.
    • URL matches: *example.com/* Where you use your alternate domain in place of example.com. The first * is a wildcard that matches any subdomain. The second * is a wildcard that matches any path. This single rule should match every request to the domain and its wildcard subdomains.
    • Pick a setting: Forwarding URL
    • Select status code: 301 - Permanent Redirect
    • Enter destination URL: https://example.org/$2 where you use your main domain in place of example.org. The $2 is the URL path captured from the second glob of the URL match. Without $2, all the requests for deep pages would redirect to the home page. This rule strips the subdomains. If desired you could use https://$1example.org/$2 to preserve the captured subdomain as well.
    • Save the page rule.

It could take hours for everything to start working.

  • Your new NS records need to propagate through DNS. This should take a couple hours, but worst case could take a few days.
  • Cloudflare need to update their servers with your rules. This should take a few minutes.
  • Cloudflare needs to create a SSL certificate for your HTTPS requests. This should take a couple hours.

If you are impatient to test things, you can start testing on the command line.

  • See if your NS records have updated: dig NS example.com where you use your alternate domain in place of example.com. Look for the cloudflare NS records.
  • See what server Cloudflare is using for your site: dig @xx.ns.cloudflare.com example.com where you use one of the actual NS records that Cloudflare gave you instead of xx and again your alternate domain. Look for an A record with an IP address that you can use see if the redirects are working on Cloudflare's servers.
  • See if Cloudflare is serving redirects: curl --resolve example.com:80:X.X.X.X --head http://example.com/ where X.X.X.X is one of the IP addresses from the previous step and you use your alternate domain in place of example.com. Look for a Location: header with the redirect destination. You can repeat this step with other URLs such as http://www.example.com/, http://foo.example.com/, http://example.com/path and https://example.com/. Keep in mind it may take a couple hours for the HTTPS redirects to start working.

Cloudflare lets you add many additional alternate domains to your Cloudflare account and set them up the same way. Each of your alternate domains can use its own free plan.

Share:
5,348
Stephen Ostermiller
Author by

Stephen Ostermiller

Updated on September 18, 2022

Comments

  • Stephen Ostermiller
    Stephen Ostermiller over 1 year

    I have multiple domains forward issue. Domains with plurals and singular e.g.:

    • example.com,
    • examples.com,
    • example.biz,
    • examples.biz

    I forwarded all of them to https://examples.com and https://www.examples.com but ran into web browser warnings about someone could intercept communications as the SSL cert issued is not for the current website I visited. I have SSL cert for https://examples.com and https://www.examples.com

    What is the best solution for this?

    • Admin
      Admin about 6 years
      Get a multi-domain SSL certificate for the IP address performing the redirects. Each domain variation should be included in the SAN.
  • Stephen Ostermiller
    Stephen Ostermiller about 6 years
    When you say "check your SSL certificates" what should they check for? It sounds to me like they need 3 additional domains added to their certificate with 3 additional www variants. How should they do that?
  • Theodor_D.
    Theodor_D. about 6 years
    @StephenOstermiller well, you are right, i was meaning URL redirect but still if you/he do/does a Google search with the term "DNS redirect" you get results about URL redirect. So, when developers say "Do a DNS redirect they mean do a URL redirect by adding the IP in which you want to get redirected to". Syntactically your comment is right. But still the meaning is exactly the same. As for the SSL's. They have to check for which domain name they have purchased the SSL for and use it for that domain. Or simply add 3 additional "www" as you say, if their SSL service provider offer this..
  • Theodor_D.
    Theodor_D. about 6 years
    and what for exactly you gave me a minus for my reply?? isn't this a reply which explains to a new user what he has to do to solve his problem??
  • Stephen Ostermiller
    Stephen Ostermiller about 6 years
    I left two comments explaining my down vote. I think their problem is mostly that their security certificate doesn't cover the alternate domain names. You should edit your question to remove the domain redirect and add more about expanding certificates

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to redirect HTTPS to HTTP behind proxy (CloudFlare)
HTTPS and HTTP URLs point to different places?
Are drops in Google ranking common after switching to https?
What are the Consequences for using Relative Location Headers?
How to redirect example.com from HTTPS to HTTP, then HTTP example.com to newdomain.com?
Best way to redirect all HTTP to HTTPS in IIS
handshakeexception handshake error in client (os error wrong_version_number tls_record cc 242) Flutter app/Node server
Is it possible to allow mixed content in Flutter WebView
SocketException: Failed host lookup: 'methods.abc.com' (OS Error: No address associated with hostname, errno = 7), StackTrace :
Handshake error in client (OS Error: TLSV1_ALERT_PROTOCOL_VERSION(tls_record.cc:586) in flutter app when trying to do a post/get request