On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Hello!

    I'm trying to have all the variations of my URL rewrite to "https://www.mywebsite.com". For this I added these 3 lines to my .htaccess file:
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [L,R=301]

    Now both "http://mywebsite.com/" and "http://www.mywebsite.com/" rewrite to "https://www.mywebsite.com/".
    This is good, but "https://mywebsite.com/" still gives a "This Connection Is Not Private" error page.
    I've tried un-commenting these lines, but that didn't help:
    RewriteCond %{HTTP_HOST} !^$
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTP_HOST} (.+)$
    RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R=301,L] .

    Am I using this wrong? Or is there another way?

    Thanks in advance for your help!
    • Please check your security certificate, it does matter if it has www. or not, with me my hoster was able to change it for me as I didn't want www at all.

      I just searched this issue to confirm, and found what seems to be a good article with a solution, please have a look. This happens to be my hoster but its just a random find

      https://www.a2hosting.com/kb/security/ssl/using-www-and-non-www-domains-with-an-ssl-certificate [ed. note: nuan88 last edited this post 6 months, 1 week ago.]
      • Quote from: nuan88 at Feb 07, 2019, 10:03 PM
        Please check your security certificate, it does matter if it has www. or not, with me my hoster was able to change it for me as I didn't want www at all.
        I just searched this issue to confirm, and found what seems to be a good article with a solution, please have a look. This happens to be my hoster but its just a random find
        https://www.a2hosting.com/kb/security/ssl/using-www-and-non-www-domains-with-an-ssl-certificate
        This is the same as what I tried before with the exception of adding
        RewriteCond %{HTTPS} on
        I've tried it and it still doesn't work.
        This is my whole .htaccess file:
        # MODX supports Friendly URLs via this .htaccess file. You must serve web
        # pages via Apache with mod_rewrite to use this functionality, and you must
        # change the file name from ht.access to .htaccess.
        #
        # Make sure RewriteBase points to the directory where you installed MODX.
        # E.g., "/modx" if your installation is in a "modx" subdirectory.
        #
        # You may choose to make your URLs non-case-sensitive by adding a NC directive
        # to your rule: RewriteRule ^(.*)$ index.php?q=$1 [L,QSA,NC]
        
        RewriteEngine On
        RewriteCond %{SERVER_PORT} 80
        RewriteBase /
        
        
        
        # Prevent dot directories (hidden directories like .git) to be exposed to the public
        # Except for the .well-known directory used by LetsEncrypt a.o
        RewriteRule "/\.|^\.(?!well-known/)" - [F]
        
        
        # Rewrite www.domain.com -> domain.com -- used with SEO Strict URLs plugin
        #RewriteCond %{HTTP_HOST} .
        #RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
        #RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
        #
        # or for the opposite domain.com -> www.domain.com use the following
        # DO NOT USE BOTH
        #
        RewriteCond %{HTTPS} on
        RewriteCond %{HTTP_HOST} !^$
        RewriteCond %{HTTP_HOST} !^www\.mywebsite\.com [NC]
        RewriteCond %{HTTP_HOST} (.+)$
        RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R=301,L] .
        
        
        RewriteCond %{HTTPS} off
        RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [L,R=301]
        
        
        
        # Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent 
        # https://www.domain.com when your cert only allows https://secure.domain.com
        #RewriteCond %{SERVER_PORT} !^443
        #RewriteRule (.*) https://example-domain-please-change.com/$1 [R=301,L]
        
        
        
        # Redirect the manager to a specific domain - don't rename the ht.access file
        # in the manager folder to use this this rule
        #RewriteCond %{HTTP_HOST} !^example-domain-please-change\.com$ [NC]
        #RewriteCond %{REQUEST_URI} ^/manager [NC]
        #RewriteRule ^(.*)$ https://example-domain-please-change.com/$1 [R=301,L]
        
        
        
        # The Friendly URLs part
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
        
        
        
        # Make sure .htc files are served with the proper MIME type, which is critical
        # for XP SP2. Un-comment if your host allows htaccess MIME type overrides.
        
        #AddType text/x-component .htc
        
        
        
        # If your server is not already configured as such, the following directive
        # should be uncommented in order to set PHP's register_globals option to OFF.
        # This closes a major security hole that is abused by most XSS (cross-site
        # scripting) attacks. For more information: http://php.net/register_globals
        #
        # To verify that this option has been set to OFF, open the Manager and choose
        # Reports -> System Info and then click the phpinfo() link. Do a Find on Page
        # for "register_globals". The Local Value should be OFF. If the Master Value
        # is OFF then you do not need this directive here.
        #
        # IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
        #
        # Your server does not allow PHP directives to be set via .htaccess. In that
        # case you must make this change in your php.ini file instead. If you are
        # using a commercial web host, contact the administrators for assistance in
        # doing this. Not all servers allow local php.ini files, and they should
        # include all PHP configurations (not just this one), or you will effectively
        # reset everything to PHP defaults. Consult www.php.net for more detailed
        # information about setting PHP directives.
        
        #php_flag register_globals Off
        
        
        
        # For servers that support output compression, you should pick up a bit of
        # speed by un-commenting the following lines.
        
        #php_flag zlib.output_compression On
        #php_value zlib.output_compression_level 5
        
        
        
        # The following directives stop screen flicker in IE on CSS rollovers. If
        # needed, un-comment the following rules. When they're in place, you may have
        # to do a force-refresh in order to see changes in your designs.
        
        #ExpiresActive On
        #ExpiresByType image/gif A2592000
        #ExpiresByType image/jpeg A2592000
        #ExpiresByType image/png A2592000
        #BrowserMatch "MSIE" brokenvary=1
        #BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
        #BrowserMatch "Opera" !brokenvary
        #SetEnvIf brokenvary 1 force-no-vary
        

        Any ideas?

        • Here's what I have, it took quite awhile to get https working properly, quite annoying.

          I deleted all the commented out parts, but did leave the part about rewriting secure requests...near the bottom, that could help you

          <FilesMatch "^\.htaccess">
              Order allow,deny
              Deny from all
          </FilesMatch>
          
          # <IfModule mod_security.c>
          # SecFilterEngine Off 
          # SecFilterScanPOST Off
          # </IfModule>
          
          Options All -Indexes
          Options +FollowSymlinks
          
          RewriteEngine On
          RewriteBase /
          
          
          RewriteCond %{HTTP_HOST} domain\.com [NC]
          RewriteCond %{SERVER_PORT} 80
          RewriteRule ^(.*)$ https://domain.com/$1 [R,L]
          
          # Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent 
          # https://www.domain.com when your cert only allows https://secure.domain.com
          #RewriteCond %{SERVER_PORT} !^443
          #RewriteRule (.*) https://example-domain-please-change.com/$1 [R=301,L]
          
          # The Friendly URLs part
          RewriteCond %{REQUEST_FILENAME} !-f
          RewriteCond %{REQUEST_FILENAME} !-d
          RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
          RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
          RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
          RewriteRule ^(.*)$ index.php?q=$1 [L,QSA,NC]
          

          • I also had to at one point specify https in the calls in my template to the css and js files...and then later had to remove those. They fixed the problem, but then...something changed and they messed things up.

            Looking at your file, this looks weird

            RewriteCond %{HTTPS} off
            RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [L,R=301]
            [ed. note: nuan88 last edited this post 6 months, 1 week ago.]
            • It looks correct to me, though I would add [NC] to the RewriteCond, just in case.
                Did I help you? Buy me a beer
                Get my Book: MODX:The Official Guide
                MODX info for everyone: http://bobsguides.com/modx.html
                My MODX Extras
                Bob's Guides is now hosted at A2 MODX Hosting