WebFaction
Community site: login faq

Let's Encrypt- can we use a single redirect for multiple domains?

2

I have a number of subdomains that I am slowly converting over to use https only. Since I need to create an .htaccess file to redirect from http to https (as per here), can I create a single app containing that .htaccess file and simply reuse it for all my redirect website records? Is there any potential danger in doing it this way, or do I really need to have a separate app for each redirect website record?

asked 26 Sep '18, 00:07

kjodle
156213
accept rate: 18%

One Answer:
active answersoldest answersnewest answerspopular answers
4

I reuse a single app for all http -> https redirects. I have been unable to think of any risk in doing so.

permanent link

answered 26 Sep '18, 00:14

williaminwi
1064
accept rate: 20%

can you provide an example of how to accomplish this?

(29 Oct '18, 05:57) baba

You have to do exactly what you described in your question.

Create a PHP type of application, named for example redirect_to_https and only add the .htaccess file with the following lines:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteCond %{REQUEST_URI} !^/(.well-known)(/|$)

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Then create an http website, add all the domains and subdomains you want to redirect to https and only attach the application you've created above.

Every http request of a domain or subdomain on the list will be redirected to the exact same https url.

(29 Oct '18, 09:16) iliasr ♦♦

thanks. it seems to work for one site but not the other.

do i need to enable Lets Encrypt for each site that i will be redirecting via redirect_to_https app?

(29 Oct '18, 17:42) baba

You need to make sure the URI /.well-known/acme-challenge/ is not being redirected by your application code.

(29 Oct '18, 21:06) johns

@IliasR U r a gem and a genius!

(30 Oct '18, 03:46) baba

@iliasr @johns I can see that a new line was added to the recommended redirect rule: RewriteCond %{REQUEST_URI} !^/(.well-known)(/|$) It works without it, so what does it do and do you recommend to add it? Also, what is the URI /.well-known/acme-challenge/ that was mentioned? If that's only a Let's Encrypt thing, should this line be used with other non-let's-encrypt SSL certs?

(31 Oct '18, 19:29) teks
1

Let's Encrypt challenges happen over http. We added that condition in our documentation to make sure that requests for any .well-known/ urls do not get redirected to https, that might make the validation to fail.

The .well-known directory is an internet standard used for information discovery. The acme-challenge is specific to Let's Encrypt. Other ssl issuers use similar technics, to different directories, to verify domains.

The .well-known directory is also used by other services, most commonly caldav clients that use it to discover calendars on a calendar server.

(01 Nov '18, 14:30) iliasr ♦♦

@iliasr Thank you for the throughout explanation! I already issued the Let's Encrypt SSL, do you recommend that I add the new condition to the htaccess of my redirect app as well? or is it not necessary for the cert renewal process? (only for the initial validation maybe?)

(01 Nov '18, 16:14) teks
1

Yes, that should be added to your redirect application as well. Just above the ReWrite rule as shown in our documentation here

(01 Nov '18, 16:22) bmeyer71 ♦♦

Please consider updating @iliasr 's answer to reflect the latest recommended htaccess code (which is now different) or include a link to the docs page so other people reading this can be aware of the new changes: https://docs.webfaction.com/software/static.html#static-redirecting-from-http-to-https

(21 Nov '18, 22:59) teks
showing 5 of 10 show 5 more comments
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×75
×75
×29
×17

question asked: 26 Sep '18, 00:07

question was seen: 2,251 times

last updated: 21 Nov '18, 22:59

Related questions

Lets Encrypt wildcard subdomains SSL Certificates

Planned support for Lets Encrypt

[closed] Support for Let's Encrypt

Redirect HTTPS to HTTP except certain directories

Redirects -> https and -> non-www: how to get both working together

Issue with installing a Let's Encrypt certificate

Using LetsEncrypt: acme.sh cron job not renewing

Http -> Https 301 redirect

Cheapest way to get rid of "This site is insecure" HTTPS message

I don't want to use encryption; why does the server respond to https requests?

WEBFACTION
Home
Sign up
Jobs
REACH US
Email
Blog
Twitter
Facebook
SUPPORT
Control panel
Documentation
Q&A community site
Status blog
Support tickets
AFFILIATE PROGRAM
Affiliate program
Visuals
LEGAL
Terms of service
Acceptable use policy
Privacy policy
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM