How to remove www from https subdomain URL

1
votes

I have a domain that's setup on AWS through elastic load balancer (ELB). To enable SSL I've added AWS managed secure certificate (*.domain.us) to load balancer. I need to be able to access following 8 URL combinations securely:

[1] http://www.domain.us
[2] http://www.subdomain.domain.us
[3] http://domain.us
[4] http://subdomain.domain.us
[5] https://www.domain.us
[6] https://www.subdomain.domain.us
[7] https://domain.us
[8] https://subdomain.domain.us

By the virtue of wildcard AWS certificate, 1, 4, 5, and 8 automatically work for me. But for remaining URL types I've updated my .htaccess file as follows: (if i just access [7] without converting it to www.domain.us, i get a "connection not secure" error, since my AWS certificate is wildcard one and doesn't work on simply https://domain.us. However https://www.domain.us or https://subdomain.domain.us work fine because of wildcard certificate)

RewriteEngine On

# domain.us => www.domain.us -------------------------------------------
RewriteCond %{HTTP_HOST} ^domain.us
RewriteRule ^ http://www.domain.us%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^domain.us
RewriteRule ^ https://www.domain.us%{REQUEST_URI} [R=301,L]

# www.subdomain.domain.us => subdomain.domain.us -----------------------
RewriteCond %{HTTP_HOST} ^www\.([^.]+\.domain\.us)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,QSA,NC,L]

# NO WWW   http://www. becomes always http://
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.(.+\.domain\.us)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

# http => https ------------------------------------------------------------
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

<Files 403.shtml>
order allow,deny
allow from all
</Files>

I am listening to port 80 and 443 on ELB, and sending the corresponding data of each port to instance ports. I have open 80 and 443 ports on EC2 instance.

I've already gone through many SO posts and have created above .htaccess file, but I'm still not able to get no. [6] and [7] work. I still get "connection not secure" error in the browser. Can anybody please help?

1
apache.htaccesssslmod-rewriteelastic-load-balancer
If your certificate does not cover domain.us, then you can not rewrite requests for https://domain.us, because it will never get that far. - CBroe

1 Answers

0
votes

That's a pretty common 'problem' or rather works as designed. You are explicitly calling HTTPS in your browser so before any data is exchanged the HTTPS-connection is established. But it is destined to fail when your certificate doesn't cover

[6] https://www.subdomain.domain.us
[7] https://domain.us

You'd have to implement a logic in the component where the SSL-/TLS-Offloading is handled to first change to http or a correct HTTP_HOST BEFORE the SSL-connection is established.

So your way to go is:

Dont't call URLs with explicit HTTPS!!! :)

Let the server do this. And your server config can be shortened to this: 

RewriteCond %{HTTP_HOST} !^.+\.domain.us
RewriteRule ^ https://www.domain.us%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTP_HOST} ^www\.(.+\.domain\.us)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,QSA,L]

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Note that %{REQUEST_URI} does NOT include %{QUERY_STRING}. So query strings are always dropped on your rewrites.