🕸️ Redirecting HTTPS with Let’s Encrypt and Apache

The free TLS certificate provider Let’s Encrypt automates the request-and-setup process using the ACME protocol to verify domain ownership. Software on your server creates a file in a known location, based on your request. The certificate authority checks that location, and if it finds a match to your request, it will grant the certificate. (You can also validate it using a DNS record, but not all implementations provide that. DreamHost, for instance, only uses the file-on-your-server method.)

Let's Encrypt: How it Works

That makes it really simple for a site that you want to run over HTTPS.

Redirected sites are trickier. If you redirect all traffic from Site A to Site B, Let’s Encrypt won’t find A’s keys on B, so it won’t issue (or renew!) the cert. You need to make an exception for that path.

On the Let’s Encrypt forums, jmorahan suggests this for Apache:

Forum thread

That didn’t quite work for me since I wanted a bit more customization. So I used mod_rewrite instead. My rules are a little more complicated (see below), but the relevant part boils down to this:

These rules can go in your server config file if you run your own server, or the .htaccess for the domain if you don’t.

The reason I went with the more complex mod_rewrite solution is that I hadn't finished updating the entire target site to work over HTTPS. Some sections still had absolute links or remote embeds that needed to be updated. So rather than always redirecting to the HTTPS site, I wanted to set up the redirecting domain to preserve whichever scheme was used to access it. So my redirect rules look like this:

—Kelson Vibber, 2016-04-12

Web Edition

More Tips

Fediverse: KelsonV@Wandering.shop