I've setup a new domain for a small business and they wanted to have https://
in their domains because their previous host provided it by default (previous host had the old domain as well).
When I setup my server config blocks in /etc/apache2/sites-available/
I forwarded all requests to the new domain like so:
# example2 - NEW, example1 - OLD
# Simply redirecting all traffic to https
ServerName example2.com
ServerAlias www.example2.com
ServerAlias example1.com
ServerAlias www.example1.com
Redirect 301 / https://example2.com/
ServerAdmin info@example.com
ServerName example2.com
DocumentRoot /var/www
SSLEngine on
SSLCertificateFile /path/to/ssl/example2/example2.crt
SSLCertificateKeyFile /path/to/ssl/example2/example2.com.key
SSLCACertificateFile /path/to/ssl/example2/example2.com-bundle
# If the old site is arrived at via HTTPS, redirect to new
ServerName example1.com
ServerAlias www.example1.com
Redirect 301 / https://example2.com/
So, requests to http://example2.com and http://example1.com are working and redirecting to https://example.com. BUT, requests to https://example1.com are not redirecting to https://example2.com, instead they're showing that "scary screen" to end users warning them of the fact that the connection may not be private, etc. (Google Chrome)
The DNS zone files for the old domain (example1.com) are pointing to the IP of the example2.com servers and I thought I had my server config done properly. Why is everything redirecting properly EXCEPT for the https:// of the old site?
Answer
requests to https://example1.com are not redirecting to https://example2.com, instead they're showing that "scary screen" to end users warning them of the fact that the connection may not be private
Here's your problem:
# If the old site is arrived at via HTTPS, redirect to new
ServerName example1.com
ServerAlias www.example1.com
Redirect 301 / https://example2.com/
That's a vhost matching on the HTTPS port (443) and example1.com, but not running TLS for the vhost. (Remember, you can run plain-text HTTP or encrypted HTTPS on any port you like. Running plain-text HTTP on port 443 would be unusual, but not prohibited by any standard, so Apache lets you do it.)
Obtain a valid certificate for example1.com and www.example1.com, and then add something like this to that vhost:
SSLEngine on
SSLCertificateFile /path/to/ssl/example1/example1.crt
SSLCertificateKeyFile /path/to/ssl/example1/example1.com.key
SSLCACertificateFile /path/to/ssl/example1/example1.com-bundle
and it should work much better.
As an additional point unrelated to your specific question, unless you have completely redesigned the URLs, please do your best to redirect people to the corresponding location on the new domain instead of just to the front page. Breaking everyone's existing links is extremely annoying, so only do it if you absolutely must.
No comments:
Post a Comment