Home>

Sakura's VPS CentOS 6.10
I tried to install LetsEncrypt on my own with SSL support
Because it was caused by not setting the virtual host, or because it did not work
SSL installation could be implemented by installing LetsEncrypt certificate in the SSL box.
However, redirection without www does not go well.
I tried many things, but the results are below and the result is almost good
* Since the virtual host is not set, it is written in httpd.conf as follows.

<Directory"/var/www/html">

RewriteEngine on
RewriteCond% {HTTPS} off
RewriteRule ^ (. *) Https://abc.com/$1 [R = 301, L]

With the above writing, only one of several access patterns will not work.

abc.com ⇒ https://abc.com/ 301 redirect OK
http://abc.com/ ⇒ https://abc.com/ 301 redirect OK
www.abc.com ⇒ https://abc.com/ 301 redirect OK
https://www.abc.com/ =>"https://www.abc.com/" will be "Not a secure connection". In short, it is not redirected.

Only the last case will not be redirected if you type from www with https.

In short, I want to redirect 301 from any pattern to https://abc.com/ without www
Could you show me how?
Thank you.

scsi-sama
This is an edit/addition request

  

Are you obtaining a wildcard certificate for abc.com or a certificate for www.abc.com?

The free certificate LetsEncrypt doesn't seem to support wildcards.
So when you visit https://www.abc.com/
"Not a secure connection" is displayed in the browser and below it
"This certificate is valid only for abc.com."
Because it is a certificate that does not support wildcards,
Isn't it possible to redirect https://www.abc.com/ in the first place?

  • Answer # 1

    Since

    % {HTTPS} offonly redirects, it is natural thathttps: // ~is not redirected.
    Also, use theexampledomain for examples instead of domain names owned by others.

    RewriteEngine on
    RewriteCond% {HTTPS} off
    RewriteRule ^ (. *) Https://example.com/$1 [R = 301, L]
    RewriteCond% {HTTP_HOST}! ^ Example \ .com $[NC]
    RewriteRule ^ (. *) Https://example.com/$1 [R = 301, L]

  • Answer # 2

    Yes, that certificate is not possible.

  • Answer # 3

    Kanji like this,

    RewriteEngine on
    RewriteCond% {HTTP_HOST} ^ www \ .example \ .com $
    RewriteRule ^ (. *) Https://example.com/$1 [R = 301, L]
    RewriteCond% {HTTPS} off
    RewriteRule ^ (. *) Https://example.com/$1 [R = 301, L]


    Addendum
    The SSL certificate error stops when the browser tries to open https://www.example.com.
    This happens before the redirect is processed and cannot be avoided with server-side settings.
    Let's Encrypt can issue certificates for multiple domains, so let's issue certificates for both www-free and those with www.

  • Answer # 4

    Let's catch the problem.

    The final thing you want to do is "redirect" + "SSL".
    Rather than trying to do both at once, first set up "redirect" and make sure it's set up correctly.

    <Directory "/ var/www/html">
        ServerName example.com↲
        DocumentRoot /var/www/html/example.com↲
        RewriteEngine on↲
        RewriteCond% {HTTP_HOST}! ^ Example \ .com↲
        RewriteRule ^ (. *) $Http://example.com/$1 [R = 301, L]
    </Directory>
    Whether

    access towww.example.comisexample.com.
    Whethertest.example.comisexample.com.

    If it doesn't work, check/var/log/httpd/error_log.

    By the way, you can check if there are any grammatical errors in the settings with the following command.

    httpd -t

    If you can do this,

    Using

    certbot-autoto switch to SSL can be set semi-automatically by simply responding interactively.

    Download certbot-auto and grant execute permission.

    cd ~
    wget https://dl.eff.org/certbot-auto
    chmod a + x certbot-auto

    Execute certbot-auto.

    ./ certbot-auto

    SSL server certificate settings

    When asked whether to use Apache or nginx. If you only have Apache, you probably won't be asked.

    How would you like to authenticate and install certificates?
    -------------------------------------------------- -----------------------------
    1: Apache Web Server plugin-Beta (apache)
    2: Nginx Web Server plugin-Alpha (nginx)
    -------------------------------------------------- -----------------------------
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

    Enter your email address.

    Enter email address (used for urgent renewal and security notices) (Enter 'c' to
    cancel): [email protected]

    You will be asked to accept the terms. Enter "A".

    Please read the Terms of Service at
    https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
    in order to register with the ACME server at
    https://acme-v01.api.letsencrypt.org/directory
    -------------------------------------------------- -----------------------------
    (A) gree/(C) ancel: A

    You will be asked if you want to share your email address with the Electronic Frontier Foundation.
    I received an e-mail from the Foundation, but I entered "N" because it is not necessary.

    ------------------------------------- ------------------------------------------
    Would you be willing to share your email address with the Electronic Frontier
    Foundation, a founding partner of the Let's Encrypt project and the non-profit
    organization that develops Certbot? We'd like to send you email about EFF and
    our work to encrypt the web, protect its users and defend digital rights.
    -------------------------------------------------- -----------------------------
    (Y) es/(N) o: N

    If there are multiple sites on the Web server, you will be asked which site will be HTTPS.
    Enter the target number. If you have only one, you probably won't be asked.

    Which names would you like to activate HTTPS for?
    -------------------------------------------------- -----------------------------
    1: example.com
    2: www.example.com
    -------------------------------------------------- -----------------------------
    Select the appropriate numbers separated by commas and/or spaces, or leave input
    blank to select all options shown (Enter 'c' to cancel): 1

    After a while, certificate acquisition will proceed automatically.

    Specify whether to redirect to HTTPS. In this case, since it redirects, it responds with 2.

    Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
    -------------------------------------------------- -----------------------------
    1: No redirect-Make no further changes to the webserver configuration.
    2: Redirect-Make all requests redirect to secure HTTPS access. Choose this for
    new sites, or if you're confident your site works on HTTPS.You can undo this
    change by editing your web server's configuration.
    -------------------------------------------------- -----------------------------
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

    When "Congratulations!" is displayed, the setting is complete.

  • Answer # 5

    Under my knowledge, I found that the current issue of Let's Encrypt's non-wildcard certificate cannot solve this problem.
    Let's Encrypt also confirmed that we released a wildcard certificate from March this year, so I tried it, but it couldn't be installed under my environment.

    Let's Encrypt, which is currently not used for wildcards, was issued at the following.
    SSL box

    After all, I found an SSL certificate that seems to be the cheapest, though it was charged.
    Enjoy SSL
    https://www.e-ssldirect.com/

    Things that I'm trying to apply for here are priced at less than 1000 yen per year, but wildcards are not supported,
    Because you can register two common names (domains), it will behave to solve this problem.

    This solved the problem that I had troubled for several days.
    Thanks to the answers from various people, I was able to solve it by giving various hints.

    Thank you for your answers.
    I'm really thankful to you.