For reasons much too long and complex to get into (it involves several layers of corporate red tape resulting in someone else not purchasing a wildcard SSL certificate I requested), I have to set up a domain to redirect all requests to https://www.example.com – secure protocol with the www subdomain.
EDIT: The SSL certificate is only valid for the www.xyz.com domain.
So: http://example.com, http://www.example.com, and https://example.com should ALL redirect to https://www.example.com.
My .htaccess-fu is weak at best and I can't seem to get this to work. Note: hosting is on Media Temple if that makes a difference.
So far, my .htaccess file looks like so:
RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteRule (.*) https://www.example.com/$1 [R,L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Both http://example.com and http://www.example.com are redirecting to https://www.example.com, so yay. However, https://example.com is not redirecting to https://www.example.com and is thus throwing a security warning page:
This is probably not the site you are looking for!
You attempted to reach example.com, but instead you actually reached a server identifying itself as www.example.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of example.com.
You should not proceed, especially if you have never seen this warning before for this site.
Any help in getting me past this one final hump would be muchly appreciated!
Best Answer
You need a certificate that is valid for both
example.comandwww.example.comif you're going to rewrite those requests towww.example.com(or two separate certs that accomplish this). There's no way around this.