Ssl – Redirecting old https domain to new https domain

I've setup a new domain for a small business and they wanted to have https:// in their domains because their previous host provided it by default (previous host had the old domain as well).

When I setup my server config blocks in /etc/apache2/sites-available/ I forwarded all requests to the new domain like so:

<VirtualHost *:80>
    # example2 - NEW, example1 - OLD
    # Simply redirecting all traffic to https
    ServerName example2.com
    ServerAlias www.example2.com
    ServerAlias example1.com
    ServerAlias www.example1.com

    Redirect 301 / https://example2.com/

</VirtualHost>

<IfModule mod_ssl.c>

<VirtualHost *:443>
    ServerAdmin info@example.com
    ServerName example2.com

    DocumentRoot /var/www

    SSLEngine on
    SSLCertificateFile /path/to/ssl/example2/example2.crt
    SSLCertificateKeyFile /path/to/ssl/example2/example2.com.key

    SSLCACertificateFile /path/to/ssl/example2/example2.com-bundle
</VirtualHost>

<VirtualHost *:443>
    # If the old site is arrived at via HTTPS, redirect to new
    ServerName example1.com
    ServerAlias www.example1.com

    Redirect 301 / https://example2.com/
</VirtualHost>
</IfModule>

So, requests to http://example2.com and http://example1.com are working and redirecting to https://example.com. BUT, requests to https://example1.com are not redirecting to https://example2.com, instead they're showing that "scary screen" to end users warning them of the fact that the connection may not be private, etc. (Google Chrome)

The DNS zone files for the old domain (example1.com) are pointing to the IP of the example2.com servers and I thought I had my server config done properly. Why is everything redirecting properly EXCEPT for the https:// of the old site?

<VirtualHost *:443> # If the old site is arrived at via HTTPS, redirect to new ServerName example1.com ServerAlias www.example1.com Redirect 301 / https://example2.com/ </VirtualHost>

Best Answer

requests to https://example1.com are not redirecting to https://example2.com, instead they're showing that "scary screen" to end users warning them of the fact that the connection may not be private

Here's your problem:

That's a vhost matching on the HTTPS port (443) and example1.com, but not running TLS for the vhost. (Remember, you can run plain-text HTTP or encrypted HTTPS on any port you like. Running plain-text HTTP on port 443 would be unusual, but not prohibited by any standard, so Apache lets you do it.)

Obtain a valid certificate for example1.com and www.example1.com, and then add something like this to that vhost:

SSLEngine on
SSLCertificateFile /path/to/ssl/example1/example1.crt
SSLCertificateKeyFile /path/to/ssl/example1/example1.com.key
SSLCACertificateFile /path/to/ssl/example1/example1.com-bundle

and it should work much better.

As an additional point unrelated to your specific question, unless you have completely redesigned the URLs, please do your best to redirect people to the corresponding location on the new domain instead of just to the front page. Breaking everyone's existing links is extremely annoying, so only do it if you absolutely must.

Best Answer

Related Solutions

Apache SSL – Is It Bad to Redirect HTTP to HTTPS?

Apache 2.4.6 Virtual Host ServerAlias directive not matching alias in all cases

Related Topic