ssl

There are 2 posts tagged ssl ().

http to https redirect infinite loop problem

If you want to force ssl on your website and for some reason you can’t do it in vhost config directly, you got 3 ways to do it in htaccess.
Changes are you got a good hosting and all 3 will work for you ( for example on your own VPS ). Then there are some hostings without modssl, or with load balancers and then some of these generic rules, that work for 99% people out there will end up in endless loop.

Best to try all 3 of them, one by one and see which one works for you.

htaccess ssl redirect by %{HTTPS} variable

1st version – the most basic, works on most hostings

<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

htaccess ssl redirect by port number

2nd version – if server is using apache without modssl, then %{HTTPS} value will always be ‘off’ and therefore the rule above will cause infinite loop. Use this version instead – it checks server port instead of ^{HTTPS} variable.
It works great on websupport.sk

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{SERVER_PORT} !^80$
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

htaccess https redirect infinite loop

3rd version – if all 2 above end in infinite loop, chances are your hosting is using some kind of load balancer.
Try this version then:

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTP:X-Forwarded-Proto} !https
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Laravel force ssl

If you are doing this on Laravel project, make sure you put this in root folder. Very often your root folder will have 4 line htaccess file which redirects everything into public folder. That’s where you need to put this. Do not put http->https rules into public folder’s htaccess, unless that is your root folder as well ( on VPS for example )

Free SSL certificate – how to

Two words – Let’s encrypt!
Assuming you already have Ubuntu LAMP set up, you just need to install Certbot to manage your SSL certificates.

Installation of Certbot – SSL manager

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --help

.. you should get some meaningful output.
Now that you have a way to manage your certificates, it’s time to get one!.

Usage

Assuming you have virtual hosts set up, such as example.com, and you are using Apache, just run following command:

./certbot-auto --apache -d example.com

You need to be in the directory where you’ve extracted certbot.
You can do multiple domains at once

./certbot-auto --apache -d example.com -d nocookies.example.com

How it works

Certbot will obtain new certificate from https://letsencrypt.org, detect vhost configuration on your Apache and will create copy of that config with SSL enabled.

You can find certificates in directory

/etc/letsencrypt/live/phpsolved.com/

If you ran the command first time, you’ll be asked to provide your email address and accept terms and conditions.
You also need to renew the certificate every 90 days – you can do that by issuing following command:

certbot renew

If you want certificate for both non-www and www version of your domain ( for redirect ) you need to specify both at once, e.g.:

./certbot-auto --apache -d example.com -d www.example.com

If you do 2 commands, it won’t work properly.
This is wrong:

./certbot-auto --apache -d example.com
./certbot-auto --apache -d www.example.com

Unlike other certificates, such as StartSSL, this one actually works. If you use StartSSL, you won’t get ‘green icon’ in all browsers, see https://bugzilla.mozilla.org/show_bug.cgi?id=994033.

Sources:
https://github.com/certbot/certbot
https://letsencrypt.org/getting-started/