Hello everyone,
I am sorry i am new.
My site redirect to now www succesfully only if i browse https://www.mydomain.com but is i browse https://www.mydomain.com/xyz chrome gives SSL errror.
But if i browse http://www.mydomain.com/xyz there is no problem and it directs to https://mydomain.com succesfully.
Thank you in advance.
How are you doing the redirection?
I am not sure. I only installed discourse how it described on https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md
So there’s nothing else on the server, you created a certificate using letsencrypt, you aren’t using Cloudflare and didn’t edit the app.yml directly?
Yes. i did not any modification and i do not use cloudflare.
So how are you redirecting http://www.mydomain.com/xyz to https://mydomain.com ? Discourse doesn’t do this by default.
It sounds like domain redirection by your registrar, as you’ve not given us any details of the real domain we can’t troubleshoot, you will need to start there.
Correct, because Discourse is registered to http://fstdesk.com/ as seen in your certificate:
common name: fstdesk.com
Your certificate doesn’t include a subject alternate name for https://www.fstdesk.com so the webserver can’t honor that request without first issuing a certificate with a SAN including the WWW entry.
Google Chrome will handle root redirects, but only in the case of @ -> www and www -> @ - if you try the same URLs in Safari you will note that https://www.fstdesk.com also returns the error.
In short this isn’t an error, it wouldn’t work at all if you weren’t using Chrome, which tries to correct mistyped root domains.
Your options are:
The simplest option is the second one, services such as Cloudflare can catch and redirect all traffic in this way with no Discourse configuration changes whatsoever.
Thank you.
but while http://www.fstdesk.com directs to https://fstdesk.com , https://www.fstdesk.com does not ?
Correct, to redirect HTTPS the server first has to make a secure connection, which requires with a certificate that includes the www entry. Your server can’t redirect requests for HTTPS without a certificate which first allows it. That’s option one, modifying your server to include www.fstdesk.com so that it can respond to requests made to www.fstdesk.com.
The redirect you see from https://www.fstdesk.com to https://fstdesk.com is being done by your browser, not your server.
How can i do this ? Thank you.
But why while https://www.fstdesk.com directs to https://fstdesk.com , https://www.fstdesk.com/xyz does not ?
Interesting, the url sometimes redirects sometimes does not
It doesn’t, what’s happening is this:
http://fstdesk.com/ -> exists in DNS, redirects to https://fstdesk.com/ and is therefore VALID
https://www.fstdesk.com/xyz exists in DNS but no certificate exists -> INVALID
Chrome knows that there’s no certificate for www.fstdesk.com but has a feature called SSLCommonNameMismatchHandling which will check for a version without the www and redirect there.
If you try a different browser like safari you will also see the error for http://www.fstdesk.com/
Chrome effectively tricked you into believing you had a redirect which was failing in certain cases, where no redirect exists and instead a feature just made it look like some but not all https://www addresses were valid.
Only in Chrome, look at Safari:
If we sidestep the browser completely and talk to your server using cURL we get:
* Server certificate:
* subject: CN=fstdesk.com
* start date: Jan 1 20:57:46 2019 GMT
* expire date: Apr 1 20:57:46 2019 GMT
* subjectAltName does not match www.fstdesk.com
* SSL: no alternative certificate subject name matches target host name 'www.fstdesk.com'So how can i add www.fstdesk.com for letsencrypt. Thanks for help.
Set up Let’s Encrypt with multiple domains / redirects offers some hints, but it’s not exactly what you’re looking for. You’ll need to modify those instructions to do what you want.
thank you Jay Pfaffman
i can not solve the problem. any support please. Thanks