no www – How to redirect an https site from www to non www

After adding a SSL certificate I want to redirect all my site’s URL variations to 301 redirect to non www one. I tried creating a redirect from cPanel for all other variations.

Every other url variation redirects except for https://www.example.com this one does not redirect to https://example.com. Both URLs can be accessed and wont redirect to the non www one.

I’ve added canonical, google has crawled and indexed both. Analytics gave a redundant hostname notification. I also tried redirecting from htaccess file using these code:

# BEGIN SSL
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www.)?example.com$ (NC)
RewriteRule ^$ https://example.com$1 (R,L)
# END SSL

and

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www.example.com (NC)
RewriteRule ^(.*)$ https://example.com/$1 (R=301,L)

Both failed.

All I want is to redirect all URL variations secure or non secure to redirect to https://example.com (non WWW secure version)

seo – I’m Having Questions. Regarding Search Console and HTTPS

I want to identify finally that which is my perfect domain?
Can anyone visit and let me know because I want to apply for the Adsense, so URL is a matter for that.

1-http://www.theinfohubs.com
2-https://www.theinfohubs.com
3-http://theinfohubs.com
4-https://theinfohubs.com

2nd thing is before I set-up search console for https, in this site having good meta description that I have set during post from Yoast SEO, and now all the pages Meta description show the same, can anyone tell me a proper answer of both?

https – Is letsencrypt compatible with DANE TLSA?

What is the relationship between letsencrypt and DANE TLSA?

None in particular, and at least nothing different from any other CA and DANE.
Why do you think there would be a specific relationship?

Can or should letsencrypt be used together with DANE TLSA?

You can, but should you, that is a lot of another matter, and you are giving no details on your situation to know what would be best. Note that TLSA records are mostly used by email systems currently, not very much by browsers.

However, by default, certbot uses a new public key at each certificate renewal. This is good hygiene for cryptographic material, however if you use the certificate in some TLSA records it means you will need to change those records, and carefully, considering various caches. The alternative is to instruct certbot or equivalent, to renew the certificate but use the same public key. It won’t be wise however to never change the key.

After that, again, your question is the same for any CA, why do you specifically pick Let’s Encrypt?

Is DANE TLSA a full replacement for letsencrypt (and any certificate authority (CA) based)?

No, or not fully. Did you read at least some introductory material on DANE?

There are multiple usages:

  • PKIX-TA: you publish the CA certificate for a given service and connection can proceed only if the certificate presented by server is from this given CA.
  • PKIX-EE: you publish the certificate that the client is expected to see from the server, but usual PKIX validation must occur (the certificate needs to have a valid trust path until a root certificate)
  • DANE-TA: the certificate that will be used is chained to the one published here, and no PKIX validation is necessary (that means basically anyone can be its own CA)
  • DANE-EE: the certificate is self signed and published in the DNS, it should be the one seeing when connecting.

On top of the above, you can publish either the certificate or the public key, and when you do the certificate it can be the certificate itself or a fingerprint.

This is all detailed in the Wikipedia entry on DANE, you should have a look at it.

When letsencrypt is used together with DANE TLSA, can or should two different SSL certificates be used?

First, do not say “SSL certificates”, as this is doubly wrong:

  1. SSL died 20 years ago because in 1999 TLS was invented and it is its successor. No sane people would today still run SSL versions…
  2. You can use TLS without certificates (TLS works as well with a shared key), and you can use those certificates outside TLS (ex: S/MIME)

So you are dealing with “X.509 certificates” if you want to be precise, but otherwise certificate is enough in this context everyone understand which kind of certificates you are talking about.

Now, why 2 certificates? With Let’s Encrypt you can generate as many you want if you like (until you reach their rate limits), and you can have multiple TLSA records.

Hence you can have 2 certificates if you want. Or 1. Or 3. Or 10.
“It depends”. Your questions at this stage are far too vague/generic. Where do they come from to have this shape?

PS1: you should also look at CAA records if you are serious about handling your certificates. All known public CAs have to use them, and hence you can restrict which CA can deliver certificates for the domains you maintain.

PS2: and of course if you are really serious, if you use TLSA or CAA records, you need to use DNSSEC.

htaccess – All pages are not being redirected to HTTPS when accessed using HTTP

I’m running a WordPress blog that has an issue with HTTPS redirect. Except home page, no other URL is being redirected to HTTPS if you visit via HTTP.

I want to redirect all HTTP traffic to HTTPS. Currently, only the Home page(http://www.example.com) is being redirected to HTTPS if you try with HTTP.

but if you visit http://www.example.com/page1, then it won’t be redirected to HTTPS and stays at HTTP.

I don’t want to use any plugin such as “really simple SSL”. After a lil’bit of searching over net, I found that I can modify the .htaccess file to do that. Then I tried to understand .htaccess file (considering I never worked with PHP or WordPress or even Apache before). I got to know that RewriteEngine On should appear only once in your file but in my case, it’s appearing twice. maybe some plugin or theme had modified this that i’m not aware of. below is the content of my .htaccess file.

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 24 hours"
    ExpiresByType image/jpeg "access plus 24 hours"
    ExpiresByType image/gif "access plus 24 hours"
    ExpiresByType image/png "access plus 24 hours"
    ExpiresByType text/css "access plus 24 hours"
    ExpiresByType application/pdf "access plus 1 week"
    ExpiresByType text/javascript "access plus 24 hours"
    ExpiresByType text/html "access plus 5 minutes"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresDefault "access plus 24 hours"
</IfModule>
<ifModule mod_headers.c>
Header set X-Endurance-Cache-Level "2"
</ifModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - (L)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php (L)
</IfModule>

# END WordPress
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} (L,R=301)

I don’t have any subdomains. only a single domain.
So to clear my doubts, I have two questions.

1) Is this .htaccess file correct? I mean can we have two RewriteEngine On lines? that too outside the , again I’m not very familiar with this syntax.

2) What should I change to reflect HTTPS redirection on all of my pages?

PS: these are one of the links that I have visited-

htaccess

.htaccess syntax multiple RewriteEngine on

https://www.hostinger.com/tutorials/ssl/forcing-https

https – This server could not prove that it is LLLL.com; its security certificate is from *.dnsmadeeasy.com. This may be caused by a misconfiguration

I’m having difficulty figuring out why my site is giving this error only to some users (we just migrated the domain last night) https://DavidKim2020.com

This is the error it’s giving to some users:

This server could not prove that it is davidkim2020.com; its security
certificate is from *.dnsmadeeasy.com. This may be caused by a
misconfiguration or an attacker intercepting your connection.

We’ve tried changing the .htaccess, disable cache on the server, updating the cert, nothing is making it work consistently.

Any help is appreciated, thank you!

Should Article Hotlink Images be HTTP or HTTPS?

Greetings, GSA pplz.
I am planning to re-deploy the image libraries I was using to accompany GSA article-type posts calling for them.
I’ve been using HTTP. I now wonder if there are any article sites that this may cause an issue with, as the link is inserted as HTML and not through the targets’ interface, and if the page is HTTPS, this may cause issues.
Any knowledge?  Thanks, GSA community members.

2016 – [SP2016][Office Online Server] Web Apps don’t work on SharePoint https sites

I have issues with my lab environment where I have set redirection from http to https. Everything works fine until I try to open documents in web apps. I am getting error that there was a problem and document cannot be opened.

Here is short overview of how I set up redirection:

  1. Added new binding in IIS for my web application (https, port 443 and certificate)
  2. AAM settings:

    a)Internal URL:https://servername, Zone:Default, Public URL:https://servername

    b)Internal URL:http://servername, Zone:Default, Public URL:https://servername

Office farm configuration:

enter image description here

WOPI zone has been set to internal-https.

Logs from OOS:

02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing buqay Medium Wopi,CheckFile,WACSERVER HttpRequestAsyncException (url:UREDACTED_(vHKPAP1SI77bjR6MgrgTYoLULPb0bcptKBENxaaj3dA=), e:Microsoft.Office.Web.Common.HttpRequestAsyncException: No Response in WebException —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) — End of inner exception stack trace — at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Office.Web.Common.HttpRequestAsync.GetResponseCallback(IAsyncResult asyncResult) — End of inner exception stack trace —) 9a3fbd9e-4066-604e-f675-99afa0e09b9f
02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing adhsk Unexpected WOPI CheckFile: Catch-All Failure (exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed. —> Microsoft.Office.Web.Common.HttpRequestAsyncException: No Response in WebException —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) — End of inner exception stack trace — at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Office.Web.Common.HttpRequestAsync.GetResponseCallback(IAsyncResult asyncResult) — End of inner exception stack trace — — End of inner exception stack trace — at Microsoft.Office.Web.Apps.Common.WopiTalky.AddHostResponseDataAndThrow(Exception exception, HttpRequestAsyncResult result) at Microsoft.Office.Web.Apps.Common.WopiTalky.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Apps.Common.WopiDocument.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Common.HttpRequestAsync.End() at Microsoft.Office.Web.Apps.Common.WopiDocument.CheckWopiFile()) 9a3fbd9e-4066-604e-f675-99afa0e09b9f
02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing ajjve Medium WOPI CheckFile: Catch-All Failure (url:UREDACTED_(6UnYFVPmv6zdLFtOUT4YJEYsPRvdiT0O6frvZoEsQhM=)) 9a3fbd9e-4066-604e-f675-99afa0e09b9f
02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Word Online DocX Common ann56 Medium Setting Completion: (Operation:WacCheckFile) (CompletedSuccessfully:False) (RootOperation:) (StartTime:02/06/2019 07:54:12.612) (DurationInMilliseconds:39) (SizeInBytes:0) (ExtraInfo:) 9a3fbd9e-4066-604e-f675-99afa0e09b9f
02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Services Infrastructure Services Infrastructure Br Err bsl5f Medium BaseDocument::LogSessionMetrics: {“ApplicationLCID”:”pl-PL”,”BrowserLCID”:”pl-PL”,”DataLCID”:”en-US”} 9a3fbd9e-4066-604e-f675-99afa0e09b9f
02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Office Online Collab Sandboxing axvdb Medium CheckFailureCache.IncrementCheckFailureCount Doc: e02f7b7c23e308eeaca7d4921b409b72f6a1fc0a5f729604cb5a51af65ef2121 User: IREDACTED 9a3fbd9e-4066-604e-f675-99afa0e09b9f
02/06/2019 08:54:12.65 w3wp.exe (0x3AB4) 0x2738 Services Infrastructure Services Infrastructure Br Err b66ra Unexpected FileUnknownException with InnerException from CheckBaseDocument, InnerException: Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed. —> Microsoft.Office.Web.Common.HttpRequestAsyncException: No Response in WebException —> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) — End of inner exception stack trace — at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Office.Web.Common.HttpRequestAsync.GetResponseCallback(IAsyncResult asyncResult) — End of inner exception stack trace — — End of inner exception stack trace — at Microsoft.Office.Web.Apps.Common.WopiTalky.AddHostResponseDataAndThrow(Exception exception, HttpRequestAsyncResult result) at Microsoft.Office.Web.Apps.Common.WopiTalky.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Apps.Common.WopiDocument.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException) at Microsoft.Office.Web.Common.HttpRequestAsync.End() at Microsoft.Office.Web.Apps.Common.WopiDocument.CheckWopiFile() 9a3fbd9e-4066-604e-f675-99afa0e09b9f

I read some articles (e.g. link) that adding http path as intranet zone may resolve issue, but in my scenario it removes redirection from http to https.

How can I configure it to make it work? I suppose that better option would be to extend my web application to SSL (I have done it for another web app and web apps work there), but I am wondering whether it is possible to perform it without creating separate site.

Thanks in advance for advice.

security certificate – How to understand HTTPS / SSL?

I deployed a python server a few weeks ago, but for that I had to use nginx.

And following the tutorial, I talked about enabling https / ssl.

Okay, I did that.

Now I am studying Nginx to better understand how it works, but in the Ningx course (Linux Academy) it doesn’t cover things so much about https / ssl, it only covers things like enabling using lets encrypt and certbot.

But I want to understand how it works behind the scenes.

What readings are recommended for this?

PS: all tutorials on how to enable https with nginx use certbot with lets encrypt.

linux – Apache rewrite need separate rules for https?

On a centos8 server I created a file called /etc/httpd/conf.d/rewrite.conf with these contents:

RewriteEngine on
RewriteRule (.*) https://www.othersite.com  (L,R)

If I go to http://myserver.com, it is redirected to https://www.othersite.com as expected. But, if I go to https://myserver.com, it is not redirected. I just got the regular index.html. A valid certificate is installed.

Should it work like this or does Apache need additional rewrite rules in the SSL virtual host definition?

seo: Sitemap.xml file is redirected to http://example.com (instead of HTTPS: // www …)

Please help me with the following problem:

All website content runs on HTTPS and WWW while Google is viewing sitemap.xml only without https and www (as long as no such pages exist)

The Sitemap.xml file includes approximately 50 sub-sitemap files of 40,000 links each and is accepted by Google Console if entered manually.

Can anyone explain where to redirect sitemap files?
enter the image description here
enter the image description here
enter the image description here
enter the image description here