httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "edflecko ." <edfle...@gmail.com>
Subject [users@httpd] How to deal with www and non-www domain names with one certificate?
Date Tue, 04 Feb 2020 18:02:52 GMT
I don't understand how to deal with forcing all connections to
www.sierraprogress.org to simply sierraprogress.org , forcing all
connections to my website with https , and using only one certificate per
domain name?

Here's my unique server information:
CentOS 7
Server version: Apache/2.4.41 (codeit)
OpenSSL 1.1.1c

1.) Forcing all connections to www.domainname.com to domainname.comis best
done with a rewrite rule, isn't it? I've found some examples online, but I
don't know if one is better than the others?

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^([^.]+)\.sierraprogress\.org$ [NC]
RewriteRule ^(.*)$ https://sierraprogress.org/$1 [R=301,L]

RewriteEngine On
RewriteCond %{HTTP_HOST} ^sierraprogress\.org$ [NC]
RewriteRule ^ https://www. sierraprogress.org %{REQUEST_URI} [R=301,L]

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.sierraprogress.org
RewriteRule (.*) https:// sierraprogress.org /$1 [R=301,L]

Since I want ALL websites that this server will host to remove the www AND
be https connections, maybe the first example is best?

Do I just place this code snippet in my httpd.conf file?

2.) Here's my sierraprogress.org.conf file:

<VirtualHost *:80>
    ServerName sierraprogress.org
    ServerAlias www.sierraprogress.org
DocumentRoot /var/www/sierraprogress.org/public_html
<Directory /var/www/sierraprogress.org/public_html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
    </Directory>
    ErrorLog /var/www/sierraprogress.org/error.log
    CustomLog /var/www/sierraprogress.org/requests.log combined
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www/sierraprogress.org/public_html
    Protocols h2 h2c http/1.1
    ServerName sierraprogress.org
    ServerAlias www.sierraprogress.org
<Directory /var/www/sierraprogress.org/public_html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
    </Directory>
ErrorLog /var/www/sierraprogress.org/error.log
    CustomLog /var/www/sierraprogress.org/requests.log combined
    SSLEngine on
SSLCertificateFile /etc/httpd/ssl/sierraprogress.crt
    SSLCertificateKeyFile /etc/httpd/ssl/sierraprogress.key
SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>

The one certificate I'm using ( sierraprogress.crt) works fine for
sierraprogress.org connections but, of course, will NOT work for
www.sierraprogress.org connections because of the domain name mis-match.
I've also tried using a wildcard certificate for *.sierraprogress.org (see
below), but I couldn't get that to work at all.

Suggestions on how to handle these issues?

Thank you for your time and suggestions!
Ed

Certificate Decoder - https://www.sslshopper.com/certificate-decoder.html

-----BEGIN CERTIFICATE-----
MIIIRTCCBy2gAwIBAgIRAOKGYmn0tkDkNQnJmw6pxPUwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3IxEjAQBgNVBAoTCUludGVybmV0
MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMTFkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcN
MjAwMjAzMDAwMDAwWhcNMjIwMjAyMjM1OTU5WjCB9zELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTk1
ODExMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpTYWNyYW1lbnRvMRMwEQYDVQQJEwpT
dWl0ZSA0NTU0MRIwEAYDVQQJEwkxMTAyIFEgU3QxOjA4BgNVBAoTMUNhbGlmb3JuaWEgQ29tbXVu
aXR5IENvbGxlZ2VzIENoYW5jZWxsb3IncyBPZmZpY2UxKjAoBgNVBAsTIVNpZXJyYSBDb21tdW5p
dHkgQ29sbGVnZSBEaXN0cmljdDEdMBsGA1UEAwwUKi5zaWVycmFwcm9ncmVzcy5vcmcwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDesbsGiNvbFKliUNCDwIi2vlQLZUReIy+RG+WQMT7/
OFxUoqmakn425m7NcobMSE6YPhzpnSJrULaMWqipYYYm1L20oLcrCsE4yFsCT1pZcBwGDxbLjJHp
izD18Q/KUub/shkpVzaFi6L2po6ePeUfIvutT0qZqGVZ/OFumWRMc6AXpoByxnKc6V5JAmMKl8rK
gYZHKjzYaTo740IVqqTSfWNRMQjk8DH0H9MpztryZZXiuFOpc0v6nOMjnarcvejod823/+9yWNJS
bLZPZ9msaeTRcElhg3WGyTiHqDIa7wBIQ9pv0r+1oOxSJhuX8ikctUBgrW9y7AbuIbOg2ehIpgvS
wEronErkdE3c+XR1czU9+swklVYNM+mVLLUCVHKjiq1spvaPM7x7yor9Y8/irU20CnK3ei19dtH0
PjghyENMotP1aHqixiROG2knfV1OGZFNoavTcd2P65+tqLjvnfvBJmozny48WzIMtDj7diuk82R0
EWxvH5l5B75gYc58v1Ilc1Zj0ZJb86hD2SFMc/tyTnh2jAK3J/PkTIkJUBFiayNt+pmXgpeoDXU4
MPlCZ1lQPndKFrQF8fiQCGi+gWFe14ce8YUMNpUt3MADqgix/K/Y5CYxj/ZoYFcNPrSeD10fCfgv
f5kqC0DpzW5kTjPd/7PI5DdgRgPn1wq/nQIDAQABo4IDSjCCA0YwHwYDVR0jBBgwFoAUHgWjd49s
luJbh0umtIascQAM5zgwHQYDVR0OBBYEFOHuaAxD1C5HSZGgBA0qVgTht+QaMA4GA1UdDwEB/wQE
AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBgNVHSAE
YDBeMFIGDCsGAQQBriMBBAMBATBCMEAGCCsGAQUFBwIBFjRodHRwczovL3d3dy5pbmNvbW1vbi5v
cmcvY2VydC9yZXBvc2l0b3J5L2Nwc19zc2wucGRmMAgGBmeBDAECAjBEBgNVHR8EPTA7MDmgN6A1
hjNodHRwOi8vY3JsLmluY29tbW9uLXJzYS5vcmcvSW5Db21tb25SU0FTZXJ2ZXJDQS5jcmwwdQYI
KwYBBQUHAQEEaTBnMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vSW5Db21t
b25SU0FTZXJ2ZXJDQV8yLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNv
bTAfBgNVHREEGDAWghQqLnNpZXJyYXByb2dyZXNzLm9yZzCCAX4GCisGAQQB1nkCBAIEggFuBIIB
agFoAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAFwDGMvfQAABAMARjBEAiBS
1GLLzhw2uxvhnWSqc3D5corPiWhG8/3tjgV/Ae20QQIgDXVYeoOB6vHJISfi6Y9CLnmhcXvtCYRy
rTA2vx+uOO0AdwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXAMYy+yAAAEAwBI
MEYCIQDZtOwDM/INlQIIMfJtAy8+e7dLfj3iiWrBS9snu3XPJAIhALyFF8aX2k5zrGflzhfF8Bvu
+JXYx+YHIPzQuO/4KKCOAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAFwDGMv
bgAABAMARzBFAiA8Egg+2KvuX5cnBJPd+jLn3Ze5C5PUYtn/CP7JkduU8QIhAO+jSeVlXzep0gBy
Vf2EYXkag2hZ7k4kDwVuxpIP2u4XMA0GCSqGSIb3DQEBCwUAA4IBAQAFoLuCc6SvsFmiPoANyHYR
pf5nsRRh+u2K/G4vmpJbOOAXPUCguh4HeTXYR7ELxwsHkquXB9UkK87yA/j7b8xSSjZOswRXQ0hA
yEZKwhn9o5UDJwhO2Gg/JnWuHdPJteJkFUVk3RRKu1FNmFPzRs3AhulWKt9WMKTainZbdqoz0BqS
r6JXum67C3Q2j8bBOrJd60EmQeY2qQTsv/dNEHfbdNQinNJr/E7G9knlN/iOMq3S9aTs2xvA76Yo
EkKDAPH7/e7E3GnNdbiQbEuTCWFS2koP5z/Vnxq4ItRImt7U9y91ehU9geK4rvr8Ud0n64khLPuy
4EwEmKxGvbjugBN4
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
-----END CERTIFICATE-----

Mime
View raw message