Redirect Non-www to www Not Working


#1

Hi,

Just trying to get my head around all this DNS stuff and it’s driving me crazy. The first thing I’m trying to do is redirect mysite.com to https://www.mysite.com. I found this advice in another post:

I have not used a CNAME but will change if I need to… In my DNS I currently have:
A mysite.com points to my.ip…
A www points to my.ip…

Is this correct?

Currently, in the CF Crypto tab I have:
Universal SSL = Active
Full SSL
Automatic HTTPS Rewrites = On

I’ve also set an htaccess redirect:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mysite.com [NC]
RewriteRule ^(.*)$ https://www.mysite.com/$1 [L,R=301,NC]

and a couple of Page Rules as recommended…
mysite.com 301 to https://mysite.com
mysite.com/* 301 to https://mysite.com/$1

When I type www.mysite.com into my browser there’s no issue, but when I type mysite.com (no www) I get an error:
“This site can’t provide a secure connection”

When I checked my certificates on SSL shopper, I see that the www and the non-www have different Cloudflare certificates, the non-www version is not valid as it doesn’t contain my site name.

How can I fix?


#2

If your www site works, then you’re most of the way there. You need only two more things:

  1. A DNS entry for non-www that’s set to :orange:. It doesn’t matter if it’s a CNAME or an A record. I just needs to be :orange:
  2. A Page Rule: Match example.com/* and Forwarding URL (301) to https://www.example.com/$1

With :orange: on the non-www site, the Page Rule will catch requests to non-www and forward them to www.


#3

Thanks sdayman,

As mentioned, I do have the page rule you described and I also have an A record from mysite.com to my IP address but this doesn’t seem to be getting redirected at the edge. I currently have the following two A records:

A - mysite.com - points to my.ip…
A - www - points to my.ip…

As for the htaccess redirect, I assume that because it’s SSL, the browser needs to securely connect with the site before the htaccess redirect applies. As mentioned, I checked with SSL Shopper and I currently have 2 different certificates for the www and non-www. The www certificate works, but why is there a separate certificate for the non-www that doesn’t contain my website host?


#4

The page rules you listed do not redirect to www.


#5

Apologies, my mistake. I typed them incorrectly above. The page rules do both have a www…

ie.
mysite.com 301 to https://www.mysite.com
mysite.com/* 301 to https://www.mysite.com/$1


#6

Can you post the domain so I can check response codes?


#8

Also, as mentioned, the certificate for the bare domain doesn’t have the domain in the cert but the cert for the www does. Not sure why there’s 2…


#9

Yeah, that’s weird. The certificate at your www site does include the non-www domain.

It’s late here, but my last suggestion would be to go to the Crypto page here and reset your Universal SSL: go to the very bottom of the page and Disable Universal SSL. Wait a few minutes, then re-click it to Enable Universal SSL.


#10

Thanks - will this will delete both certificates and I’ll then have to wait 24 hours for a new one?


#11

BTW, I created an account directly on CF.com and was then told by my ISP to create it through Cpanel. I created the second one via Cpanel and this may be why there’s 2.


#12

There’s only one certificate (it contains both URLs). That certificate reset shouldn’t take longer than a half hour. I know they say 24 hours, but if you’ve done it once, the second time should be pretty quick.

You’re better off setting your site up directly at Cloudflare. Trying to go through Cpanel or other third-party gateways reduces your control over site settings.


#13

Thanks but I can see 2 distinct certificates. The cert for the non-www url has a serial number ending with 22a (from sslshopper.com), this one does not include my domain. The second one for www has a serial number ending with 4cc and includes both www and non-www.

I set up the account through Cpanel as this allows me to use Railgun but have been using the same account (email) on the CF site. As far as I know, I can’t use Railgun unless I go through Cpanel.


#14

I forgot to add to the above, I disabled and re-enabled SSL via the CF site but this has not yet resolved the issue.


#16

Hi Sdayman,

Thanks for your help with this! The issue’s now been resolved.

Cheers