About force www to non www

Hello everyone,

I am sorry i am new.

My site redirect to now www succesfully only if i browse https://www.mydomain.com but is i browse https://www.mydomain.com/xyz chrome gives SSL errror.

But if i browse http://www.mydomain.com/xyz there is no problem and it directs to https://mydomain.com succesfully.

Thank you in advance.

How are you doing the redirection?

3 Likes

I am not sure. I only installed discourse how it described on https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md

So there’s nothing else on the server, you created a certificate using letsencrypt, you aren’t using Cloudflare and didn’t edit the app.yml directly?

1 Like

Yes. i did not any modification and i do not use cloudflare.

So how are you redirecting http://www.mydomain.com/xyz to https://mydomain.com ? Discourse doesn’t do this by default.

It sounds like domain redirection by your registrar, as you’ve not given us any details of the real domain we can’t troubleshoot, you will need to start there.

1 Like

thanks,

Please see ;

http://www.fstdesk.com/xyz OK

https://www.fstdesk.com/xyz NOK

Correct, because Discourse is registered to http://fstdesk.com/ as seen in your certificate:

common name: fstdesk.com

Your certificate doesn’t include a subject alternate name for https://www.fstdesk.com so the webserver can’t honor that request without first issuing a certificate with a SAN including the WWW entry.

Google Chrome will handle root redirects, but only in the case of @ -> www and www -> @ - if you try the same URLs in Safari you will note that https://www.fstdesk.com also returns the error.

In short this isn’t an error, it wouldn’t work at all if you weren’t using Chrome, which tries to correct mistyped root domains.

Your options are:

  • Reconfigure your let’s encrypt to include the subject alternate name www.fstdesk.com - this will mean changes to the configuration of your Discourse installation, guides already exist here to achieve this.
  • Manage your redirects outside of Discourse

The simplest option is the second one, services such as Cloudflare can catch and redirect all traffic in this way with no Discourse configuration changes whatsoever.

1 Like

Thank you.

but while http://www.fstdesk.com directs to https://fstdesk.com , https://www.fstdesk.com does not ?

Correct, to redirect HTTPS the server first has to make a secure connection, which requires with a certificate that includes the www entry. Your server can’t redirect requests for HTTPS without a certificate which first allows it. That’s option one, modifying your server to include www.fstdesk.com so that it can respond to requests made to www.fstdesk.com.

The redirect you see from https://www.fstdesk.com to https://fstdesk.com is being done by your browser, not your server.

1 Like

How can i do this ? Thank you.

But why while https://www.fstdesk.com directs to https://fstdesk.com , https://www.fstdesk.com/xyz does not ?

Interesting, the url sometimes redirects sometimes does not

It doesn’t, what’s happening is this:

http://fstdesk.com/ -> exists in DNS, redirects to https://fstdesk.com/ and is therefore VALID

https://www.fstdesk.com/xyz exists in DNS but no certificate exists -> INVALID

Chrome knows that there’s no certificate for www.fstdesk.com but has a feature called SSLCommonNameMismatchHandling which will check for a version without the www and redirect there.

If you try a different browser like safari you will also see the error for http://www.fstdesk.com/

Chrome effectively tricked you into believing you had a redirect which was failing in certain cases, where no redirect exists and instead a feature just made it look like some but not all https://www addresses were valid.

Try this;

https://www.fstdesk.com/t/new-actions-about-palm-oil-issue/85

it works. .

Only in Chrome, look at Safari:

If we sidestep the browser completely and talk to your server using cURL we get:

* Server certificate:
*  subject: CN=fstdesk.com
*  start date: Jan  1 20:57:46 2019 GMT
*  expire date: Apr  1 20:57:46 2019 GMT
*  subjectAltName does not match www.fstdesk.com
* SSL: no alternative certificate subject name matches target host name 'www.fstdesk.com'
2 Likes

So how can i add www.fstdesk.com for letsencrypt. Thanks for help.

Setting up Let’s Encrypt with Multiple Domains offers some hints, but it’s not exactly what you’re looking for. You’ll need to modify those instructions to do what you want.

3 Likes

thank you Jay Pfaffman

1 Like

i can not solve the problem. any support please. Thanks