Home › Forums › BulletProof Security Pro › SSL Certificate subdomain issue
- This topic has 9 replies, 3 voices, and was last updated 4 years, 10 months ago by Russell.
-
AuthorPosts
-
Ljubomir ManojlovicParticipant
P.S. – I created my installations on localhost (but using real (sub)domains). For installation I used Alpha wildcard SSL.
ISSUES
I’m using Really Simple SSL and I added it’s code to BPS custom codes (as you provided me infos). Code is
# BEGIN rlrssslReallySimpleSSL rsssl_version[3.2.5] <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTPS} !=on [NC] RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] </IfModule> # END rlrssslReallySimpleSSL
However, issue is with subdomains (main domain works fine in www and non-www mode). Subdomains with (ie) blog.mydomain.com works fine, but https://www.blog.mydomain.com drop me in WARNING page of certificate issue. As certificate is ok by itself, obviously problems could be:
a) BPS not apply Really Simple SSL code, or (most likely)
b) Really Simple SSL code is not good
Any idea
AITpro AdminKeymasterSee this StackOverflow forum topic for the answer > https://stackoverflow.com/questions/8296054/subdomains-not-working-when-www-is-added
Ljubomir ManojlovicParticipantI’m not sure on what part of link you think.
1) I set in DNS all with A record (needed by Bitnami, but should not to be different than CNAME), both – blog and http://www.blog (BTW, it open link, but with warning). So, that cannot be issue.
When I try same on https://support.apple.com and also https://www.support.apple.com, it always redirect (open) to https://support.apple.com, as it should to be (and how I wanted). So, from my point of view, I have wrong or not applied redirection rules, but …
Please be clear what you thought with link.
AITpro AdminKeymasterWell personally I would never use www for a subdomain site since that does not really make any sense to do.
Example: This forum site is a subdomain site: forum.ait-pro.com. Note: We would not use www in front of the subdomain name because that would not make any sense to do that.
Ljubomir ManojlovicParticipantGreat. I figured now that you don’t understand my issue.
1) EXAMPLE ONE
Try to type in browser (you cannot stop visitors to do it, right?) https://forum.ait-pro.com as well as https://www.forum.ait-pro.com and see what you get (in both situations – P.S. – use Incognito).
2) EXAMPLE TWO
Try to type in browser (you cannot stop visitors to do it, right?) https://support.apple.com as well as https://www.support.apple.com and see what you get (in both situations – P.S. – use Incognito).
Your Forum drop out blank page (as you didn’t add support for www in DNS), what is same like my case (where I have SSL error, as I added DNS support), but substantially are same cases vs redirection.
Apple instead works as should to be. In both typing in browser, it redirect on https://support.apple.com (as you wrote, www is not ‘normal’ or usual to type, but Apple knows how MANY PEOPLE DO IT), as it should to be (what I want).
Hopefully, now you get me.
AITpro AdminKeymasterWhy would we add support for a www subdomain when that is not a standard or conventional thing to do. If someone accidentally types in www for this forum site then they have made a mistake since we would never use the www subdomain for a subdomain site. If other people are doing that then I would suggest that they are not doing something that is an Internet standard. You are aware the www is a subdomain and if you also have another subdomain then technically you have a subdomain – subdomain site and not a subdomain site.
Instead of creating some silly problematic solution like creating an additional subdomain for a subdomain website the smarter thing to do would be to redirect or rewrite the www subdomain. Not sure if that is even possible to do, but it is a much more logical approach to someone mistakenly typing in the wrong URL for a website.
AITpro AdminKeymasterI just tested doing a redirect for the www subdomain URL for this site and of course it did not work because that is not the correct website. www would be the subdomain and forum would be the primary domain, which of course is incorrect. Probably the only option you would have would be to setup Forwarding in your host control panel for www to forward to the correct subdomain site. that may not work either if a CNAME record is not setup for the www subdomain. Not really sure since I have never tried to do anything like that before.
Ljubomir ManojlovicParticipantEXCELLENT
Thanks for great idea to set it in DNS (need some time to pass). Yes, now it works equal as on my example with Apple Support. Everything is redirected fine and now did visitor type with or without www, it always open without version.
I posted it here as I thought how code is not applied for redirection in BPS custom code section, but no, DNS solve issue.
P.S. – I generally agree with you, but as I wrote, Apple KNOW how there is LOT OF PEOPLE who still don’t type it without www, so this is something what should be done in domain DNS to get it to work well (nobody want to get visitors on non existing page warning, right?).
Thanks again.
RussellParticipantIf you are reading this article, we can assume that you already have a basic understanding of subdomains. However, if the technical details related to subdomains are not thoroughly clear when you buy an SSL certificate, even a small mistake becomes irreversible and can waste your money.
RussellParticipantYes, SSL.com’s Basic SSL certificate does work with subdomains. You may select one Fully Qualified Domain Name (FQDN) to protect with your Basic SSL certificate
-
AuthorPosts
- You must be logged in to reply to this topic.