Insecure Connection: issue on www redirect to non-www with https
its working for some browsers but not working for some other
It shouldn't be "working" for any browser, unless you have perhaps previously accepted the invalid certificate? You will get the invalid certificate browser warning before your site receives the request. The SSL handshake is the very first thing that occurs during the request to ensure the connection is secure, it's not possible to implement a redirect (or anything) before this occurs.
The only way to resolve your problem is to implement a SSL cert that covers the www subdomain.
Related videos on Youtube
14 : 08
08 : 13
04 : 38
05 : 25
06 : 21
02 : 30
Riyas Muhammed
Updated on September 18, 2022Comments
-
Riyas Muhammed almost 2 years
I am not much familiar with server configurations, please help me on this issue:
I have a Debian8 server and a SSL certificate, the SSL certificate only for My non-www domain so I would like to redirect all of www request into non-www, by below htaccess code its working for some browsers but not working for some other
On Chrome: Successfully redirecting
http://www.example.comorhttp://example.comrequest intohttps://example.comthis is what I want for all browsers.On Mozilla: Redirecting
http://www.example.comrequest intohttps://www.example.comand stopped working with INSECURE CONNECTION error. I think from here browser checking first for SSL certificate of www and stop before non-www redirect.Following is my
.htaccessto redirect www to non www with https, is anything I missed on.htaccess? or any other solution through DNS or with help of apache defaultssl.conf.RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L] RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]My SSL certificate is Certbot and I followed this tutorial to install https://www.youtube.com/watch?v=-TPoGQ4IjDI&t=100s you could see there is only one domain prompting that is non-www, no option for setting SSL certificate for www. If I could get a SSL certificate for www then also I can solve the issue.
-
Riyas Muhammed almost 7 yearsbut its totally working fine in Chrome, anyway like you said, let me think about new certificate that covers the www also...
-
Riyas Muhammed almost 7 yearsthanks for the answer, I am going to install a SSL thats covers www also
-
Riyas Muhammed almost 7 yearshere is a free ssl certificate that provide free ssl for www and non-ww , but I don't know how to install this in a Debian8 server.
-
Riyas Muhammed almost 7 yearssorry link missed sslforfree.com
-
Riyas Muhammed almost 7 yearshow to enable HSTS ? I am not much familiar, please suggest me
-
MrWhite almost 7 yearsWhen the user accesses
https://...you can send back aStrict-Transport-Security: max-age=NNNNHTTP response header. From now on (until it expires) the browser will always send requests to HTTPS, even if the user types HTTP. You should consider this a one-way process - there is no way to go back to HTTP (before it expires), once HSTS has been enabled. -
Riyas Muhammed almost 7 yearsthanks for your answer, also you know how to install a SSL certificate on Debian8 I have following files ca_bundle.crt, certificate.crt and private.key
-
MrWhite almost 7 yearsUnfortunately, that's another (and probably too broad) question. Not something that can be stated in comments.
-
arod almost 7 yearsI had this same problem and the solution was to update the certificate. I guess Chrome has a cache, or automatically tries other URLs (??) so it 'appears' to work. But the real solution is updating the SSL certificate.
-
RalfFriedl over 5 yearsThis is a comment on another answer and seems to promote a particular vendor.
