cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Using .htaccess In Addition To SSLs

 I have 30 Domains, 5 of which are *.com(s), which I applied the 5 SSL plan. The other Domains are forwarded to the *.com(s), they are for what is called Domain Branding.
 
 Applying the GoDaddy generic .htaccess code;
 
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
 ... in the ROOT .htaccess will get applied the all Domains within the singular hosting plan. This would work if all the Domains hosted had SSLs applied to them. But, only 5 of my 30 domains have SSLs, so this code broke all the remaining 25 Domains on the Hosting Plan.
 
So, The provided GoDaddy code is not usable within a hosting plan that uses a mixture of SSL secured Domains and NON-SSL Domains.
 
*** THE FIX ***
 
OK, let's define some short comings here.
... Since the applied SAN SSLs only work on the Domain.com and does not include the www.Domain.com version, the https://www.Domain.com will show as the website as not being setup/secured properly. This happens only for the SANs, the main SSL in the ROOT includes domain.com and www.domain.com are secured.
 
... The new htaccess CODE for the SAN SSLs...
 
RewriteEngine On
# First part
RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L]
# Second part
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} domain.com [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

1. In the first part, we rewrite the insecure www.domain.com version to domain.com. If the user entered the www. version in their browser, this catches this version, hopefully preventing one instance of https://www.Domain.com from happing. This www.Domain.com name is not protected by a SSL SAN.
 
2. In the second part, start by checking to ensure https is off, if Domain.com is already secure forget doing anything else.
3. Then make sure we're still dealing with the same Domain.com.
 (This is a new set of conditions, notice the [L] above completes the first set of conditions for rewrite)
4. Finally, ReWrite the insecure domain.com into the complete secure SANs defined https://domain.com.
 
This code works for the SAN SSLs htaccess files. (Changing the Domain name for each.) There is no fix for https://www.domain.com, as this "SECURED SANs" domain name is not supplied on the server. It should be included, but GoDaddy doesn't include it for SANs. This I think is wrong thinking, but this is why GoDaddy has all of it's customer relation problems. What? A few bucks extra and it could be included? This is the short comings or short sightedness of GoDaddy's people in charge of such things. Their trying to say that the www. is a subdomain... Which it's really not! The www. version is ALWAYS assumed to be the same as the Domain without it.
 

 

WRPelfrey
3 REPLIES 3
Helper VI
Helper VI

Re: Using .htaccess In Addition To SSLs

Hello @WRPelfrey

 

Thank you for sharing.

 

🙂

***Signature: -> Do not assume anything! If you want help, explain your problem. If my post helped you, give it a Kudo. If you have the solution, mark the topic as Solved.

Re: Using .htaccess In Addition To SSLs

my website is not running .... plz give me help for .htaccess file
New

Re: Using .htaccess In Addition To SSLs

It worked!!!  @WRPelfrey

Thank you so much for posting this.

GoDaddy customer support was useless.

You have helped me incredibly.  Very appreciated.