I'm trying to set up HTTPS redirects properly on my website running in Apache. I have a wildcard SSL certificate for *.example.com. Currently, my RewriteRule redirects all HTTP traffic to the same HTTPS address, which works great for all the subdomains. But when someone tries to go to http://example.com, it redirects them to https://example.com, and their browser throws a security warning because my certificate doesn't cover that URL.
I'd like to set up the server so any address with a subdomain redirects to that same address with HTTPS, and an address with no subdomain redirects to that address with www added:
- http://example.com redirects to https://www.example.com
- http://foo.example.com redirects to https://foo.example.com
- http://bar.example.com redirects to https://bar.example.com
My server is running Ubuntu 16.04, MySQL, PPH 7, and Apache 2. I've tried reading up on the official documentation but most of it goes over my head. Here's what I have in /etc/apache2/sites-enabled/000-default.conf under <VirtualHost *:80>
RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent,L]
RewriteRule ^http://example.com https://www.example.com [L]
I'm expecting the first rule (bottom) to redirect the base domain to HTTPS with www. added, and the second rule to redirect all other traffic to HTTPS with the same url. Currently it seems like the second rule is being applied in all cases.
