redirection from www to no www

Question

I have the following in my virtualhost on my Apache server,

Redirect permanent / https://domain.com
<directory />
        <IfModule mod_rewrite.c>
                Options +FollowSymlinks
                RewriteEngine On
        </IfModule>

        # Redirects WWW URL's to Non-WWW URL's

        <IfModule mod_rewrite.c>
                RewriteCond %{HTTPS} on
                RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
                RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
        </IfModule>
</directory>

We own an SSL for domain.com, but for www.domain.com so I am encountering a problem on my redirects, if a user goes to, http://www.domain.com they will get redirected from there to https://domain.com, however if the user goes to https://www.domain.com they get a your connection is not private and no redirect. I assume this is because www is not linked to the SSL is there anyway around this without buying an SSL for www version of the domain?

Answer 1

Short answer. No there is not a way to do this. Security wise, it makes since.

The connection to https happens before any type of redirection happens. When you connect to a server itself over https, you want to make sure that the connection is valid and secure. After that, then Apache handles the request and does it's rewriting or anything else. The only thing you can do is buy a cert.

Those are your options. Your users will always get that warning page as long as it's self signed and that's by design.

When buying certs, MOST CA's will give you both non and www version. Other wise another trick is to buy the www version and most of the time you get base domain as well. You can get valid certs for $4.99 a year. It's not that bad.

Answer 2

No, there is no way. The TLS tunnel biulds up before sending the HOST variable.