Search code examples
.htaccessmod-rewritesslhttpsno-www

.htaccess: non www to www (with https) shows ssl_error_bad_cert_domain in Firefox

I have a problem with redirections and didn't find a solution on the whole web...

The right domain is: https://www.fit-for-easa.com

The following redirections DO work:
http://fit-for-easa.com to https://www.fit-for-easa.com
http://www.fit-for-easa.com to https://www.fit-for-easa.com

But the problem is with:
https://fit-for-easa.com

In Chrome it is forwarded correctly to https://www.fit-for-easa.com - 
but not in Firefox what seems very strange to me. 
Firefox shows ssl_error_bad_cert_domain.

This is my .htaccess file:

AddType image/svg+xml svg svgz
AddEncoding gzip svgz

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://www.fit-for-easa.com%{REQUEST_URI} [L,R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Can it be that the problem is that the certificate is only for the www-Version but not for the non-www-Version? And that Firefox takes this critical whereas Chrome ignores it?

Thank you for your help!

(Sorry that I marked the text as code, but I don't have enough reputation to post more than two links - I'm working on it!)

Solution

  • In Chrome it is forwarded correctly to https://www.fit-for-easa.com - but not in Firefox what seems very strange to me. Firefox shows ssl_error_bad_cert_domain.

    It does not work in Chrome either for me. Maybe it worked for you because you've added an exception earlier. The reason is simple: the name fit-for-easa.com is not included in the certificate, only the name with the www prefix. From the certificate:

     Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=3wertig.com
 ...
 X509v3 Subject Alternative Name: 
 DNS:3wertig.com, DNS:www.fit-for-easa.com, DNS:www.steuerberatung-zodel.de

    To redirect from https://fit-for-easa.com to any other site your certificate has to include the name as shown in the URL, i.e. fit-for-easa.com and not www.fit-for-easa.com. No htaccess settings or DNS settings can work around this, but the certificate has to be fixed.