Issue with HTTPS and .htaccess - My Forums

Issue with HTTPS and .htaccess

redhen — Feb 07, 2019, 06:51 PM

Hello!

I'm trying to have all the variations of my URL rewrite to "https://www.mywebsite.com". For this I added these 3 lines to my .htaccess file:

RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [L,R=301]

Now both "http://mywebsite.com/" and "http://www.mywebsite.com/" rewrite to "https://www.mywebsite.com/".
This is good, but "https://mywebsite.com/" still gives a "This Connection Is Not Private" error page.
I've tried un-commenting these lines, but that didn't help:

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} (.+)$
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R=301,L] .

Am I using this wrong? Or is there another way?

Thanks in advance for your help!

Re: Issue with HTTPS and .htaccess

BobRay — Feb 08, 2019, 08:08 PM

It looks correct to me, though I would add [NC] to the RewriteCond, just in case.

Re: Issue with HTTPS and .htaccess

nuan88 — Feb 08, 2019, 06:10 PM

I also had to at one point specify https in the calls in my template to the css and js files...and then later had to remove those. They fixed the problem, but then...something changed and they messed things up.

Looking at your file, this looks weird

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [L,R=301]

Re: Issue with HTTPS and .htaccess

nuan88 — Feb 08, 2019, 06:09 PM

Here's what I have, it took quite awhile to get https working properly, quite annoying.

I deleted all the commented out parts, but did leave the part about rewriting secure requests...near the bottom, that could help you


    Order allow,deny
    Deny from all


# 
# SecFilterEngine Off 
# SecFilterScanPOST Off
# 

Options All -Indexes
Options +FollowSymlinks

RewriteEngine On
RewriteBase /


RewriteCond %{HTTP_HOST} domain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain.com/$1 [R,L]

# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent 
# https://www.domain.com when your cert only allows https://secure.domain.com
#RewriteCond %{SERVER_PORT} !^443
#RewriteRule (.*) https://example-domain-please-change.com/$1 [R=301,L]

# The Friendly URLs part
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA,NC]

Re: Issue with HTTPS and .htaccess

redhen — Feb 08, 2019, 05:06 PM

Quote from: nuan88 at Feb 07, 2019, 10:03 PM

Please check your security certificate, it does matter if it has www. or not, with me my hoster was able to change it for me as I didn't want www at all.
I just searched this issue to confirm, and found what seems to be a good article with a solution, please have a look. This happens to be my hoster but its just a random find
https://www.a2hosting.com/kb/security/ssl/using-www-and-non-www-domains-with-an-ssl-certificate

This is the same as what I tried before with the exception of adding

RewriteCond %{HTTPS} on

I've tried it and it still doesn't work.
This is my whole .htaccess file:

# MODX supports Friendly URLs via this .htaccess file. You must serve web
# pages via Apache with mod_rewrite to use this functionality, and you must
# change the file name from ht.access to .htaccess.
#
# Make sure RewriteBase points to the directory where you installed MODX.
# E.g., "/modx" if your installation is in a "modx" subdirectory.
#
# You may choose to make your URLs non-case-sensitive by adding a NC directive
# to your rule: RewriteRule ^(.*)$ index.php?q=$1 [L,QSA,NC]

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteBase /



# Prevent dot directories (hidden directories like .git) to be exposed to the public
# Except for the .well-known directory used by LetsEncrypt a.o
RewriteRule "/\.|^\.(?!well-known/)" - [F]


# Rewrite www.domain.com -> domain.com -- used with SEO Strict URLs plugin
#RewriteCond %{HTTP_HOST} .
#RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
#RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
#
# or for the opposite domain.com -> www.domain.com use the following
# DO NOT USE BOTH
#
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\.mywebsite\.com [NC]
RewriteCond %{HTTP_HOST} (.+)$
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R=301,L] .


RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [L,R=301]



# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent 
# https://www.domain.com when your cert only allows https://secure.domain.com
#RewriteCond %{SERVER_PORT} !^443
#RewriteRule (.*) https://example-domain-please-change.com/$1 [R=301,L]



# Redirect the manager to a specific domain - don't rename the ht.access file
# in the manager folder to use this this rule
#RewriteCond %{HTTP_HOST} !^example-domain-please-change\.com$ [NC]
#RewriteCond %{REQUEST_URI} ^/manager [NC]
#RewriteRule ^(.*)$ https://example-domain-please-change.com/$1 [R=301,L]



# The Friendly URLs part
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]



# Make sure .htc files are served with the proper MIME type, which is critical
# for XP SP2. Un-comment if your host allows htaccess MIME type overrides.

#AddType text/x-component .htc



# If your server is not already configured as such, the following directive
# should be uncommented in order to set PHP's register_globals option to OFF.
# This closes a major security hole that is abused by most XSS (cross-site
# scripting) attacks. For more information: http://php.net/register_globals
#
# To verify that this option has been set to OFF, open the Manager and choose
# Reports -> System Info and then click the phpinfo() link. Do a Find on Page
# for "register_globals". The Local Value should be OFF. If the Master Value
# is OFF then you do not need this directive here.
#
# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
#
# Your server does not allow PHP directives to be set via .htaccess. In that
# case you must make this change in your php.ini file instead. If you are
# using a commercial web host, contact the administrators for assistance in
# doing this. Not all servers allow local php.ini files, and they should
# include all PHP configurations (not just this one), or you will effectively
# reset everything to PHP defaults. Consult www.php.net for more detailed
# information about setting PHP directives.

#php_flag register_globals Off



# For servers that support output compression, you should pick up a bit of
# speed by un-commenting the following lines.

#php_flag zlib.output_compression On
#php_value zlib.output_compression_level 5



# The following directives stop screen flicker in IE on CSS rollovers. If
# needed, un-comment the following rules. When they're in place, you may have
# to do a force-refresh in order to see changes in your designs.

#ExpiresActive On
#ExpiresByType image/gif A2592000
#ExpiresByType image/jpeg A2592000
#ExpiresByType image/png A2592000
#BrowserMatch "MSIE" brokenvary=1
#BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
#BrowserMatch "Opera" !brokenvary
#SetEnvIf brokenvary 1 force-no-vary

Any ideas?

Re: Issue with HTTPS and .htaccess

nuan88 — Feb 07, 2019, 10:03 PM

Please check your security certificate, it does matter if it has www. or not, with me my hoster was able to change it for me as I didn't want www at all.

I just searched this issue to confirm, and found what seems to be a good article with a solution, please have a look. This happens to be my hoster but its just a random find

https://www.a2hosting.com/kb/security/ssl/using-www-and-non-www-domains-with-an-ssl-certificate