Welcome to WebmasterWorld Guest from 54.162.184.214

Forum Moderators: Ocean10000 & incrediBILL & phranque

htaccess file

https

     
7:40 pm on Jan 17, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts: 9
votes: 0


I'd be grateful for some help with an .htaccess file. What I need is complex (for me) as I don't understand the protocols. I look after a number of sites with cPanel issued certificates and am having problems when it comes to auto-renewal. Seemingly, the server that renews the certificate is having problems with my redirects. It has to have a line with 'well-known' in it. What order do I place these in to make sure the certificate renewal takes priority? I also need the htaccess to force both https and the www prefix to the urls. The file I am using is this;

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteCond %{REQUEST_URI} !\/\.well-known\/
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

I would be grateful for any help on this. Thank you all in advance.

[edited by: phranque at 10:18 pm (utc) on Jan 17, 2018]
[edit reason] Unlink URL for clarity [/edit]

9:07 pm on Jan 17, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14709
votes: 613


Are you saying that the /.well-known URL has to be exempt from redirection? If so, it's easiest (for you, if not for the server) to put that RewriteCond first:

RewriteCond %{REQUEST_URI} !^\.well-known
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

This goes after all other redirects in htaccess.
-- The NE flag is not needed, though it is not harmful.
-- It is never necessary to escape / slashes in mod_rewrite.
-- Express the hostname as a negative: “anything except this one canonical form”.
Aside: In some situations you need to say
!^(www\.example\.com)?$
in case the request does not contain a Host: header. But this cannot occur on servers that carry multiple hostnames--the request simply won't reach your htaccess file--so that's a savings of three bytes.

If you have multiple sites passing through the same htaccess, it gets messier. You should bend over backwards to avoid using mod_rewrite in more than one htaccess along the same path; there is almost always an alternative. Let each site have its own htaccess with its own RewriteRules. If the server uses the “primary/addon” structure (as opposed to the “userspace” structure) we’ll work it out.
7:15 am on Jan 18, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts: 9
votes: 0


Hello and thank you for your very helpful response. Yes, my hosting provider told me the following before I put in the well-known line:

'The problem is caused by your .htaccess file getting in the way of the authentication process....which has the additional line to not force https if the request is to the /.well-known folder, as this is how the SSL process verifies the link from the server to the domain name.'

The Common Name on the certificate is just example.co.uk, no www prefix if that makes a difference. There is only one .htaccess file for each site, they are all on their own separate webspace. I presume the server has multiple names on it.

So, in your file if I substitute the real domain name for 'example', this should all work?

I'm guessing the first line will be RewriteEngine On?
7:44 am on Jan 18, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11466
votes: 691


My advice is to leave the \.well-known file alone. Leave it out of your redirect code. The key installer will find it if you don't confuse it.
8:04 am on Jan 18, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts: 9
votes: 0


Thank you. However, not having it in is what is causing the renewal problem.
8:09 am on Jan 18, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11466
votes: 691


You misunderstood.

Just upload it to the base directory and leave it alone. Don't include it in your redirect code. That's what is causing the problem.

The certificate key installer is programmed to look for the well-known file and overwrite the key with the new one each renewal.

It will find it if you don't confuse it.
8:16 am on Jan 18, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts:9
votes: 0


I see. I don't have anything to do with the 'well-known' folder, I don't touch it. It is put in place by the hosting company.
9:20 am on Jan 18, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11466
votes: 691


Yes, but you are "touching it" when, according to your original post, you include it in the middle of that redirect.

I would remove this line completely:
RewriteCond %{REQUEST_URI} !\/\.well-known\/

Then add this line somewhere above that rewrite:
RewriteRule ^.well-known/(.*)$ - [L]

Similar to what lucy24 suggested, only independent of the redirect. This way the key installer won't get confused where the file is located... but if lucy24's code is doing the job, use that :)

I'm guessing the first line will be RewriteEngine On?
If you haven't already turned it on. You only need to do this once.
2:16 pm on Jan 18, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11279
votes: 133


according to your original post, you include it in the middle of that redirect.

I would remove this line completely:
RewriteCond %{REQUEST_URI} !\/\.well-known\/

this line excludes that path from the redirect.
(although i would use the ruleset suggested by lucy24)
4:52 pm on Jan 18, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts:9
votes: 0


Apologies for the delay in replying. Thank you all for your input. My original .htaccess file (without any mention of the well-known) did what I wanted which was to force both www and https. However, that was the reason for my post as it interfered with certificate renewal each three month cycle which wasn't good from the clients viewpoint - expired certificates aren't a good look.

So to recap and one final question, if I use the file kindly supplied by Lucy do I replace the example with the real domain name?

Thank you again for all your help and input.
5:30 pm on Jan 18, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:14709
votes: 613


“example.com” is used in these forums for two reasons: because you're not allowed to name your own site, and because it doesn't auto-link. The latter is especially important here in the Apache subforum (and also, I guess, the one for IIS) so code remains readable.
I'm guessing the first line will be RewriteEngine On?
Someone hereabouts got brave and experimented. The line has to occur once in any htaccess file that uses mod_rewrite--but it doesn't matter if it comes first, last or in the middle. It may even occur twice if you have CMS boilerplate supplemented by your own rules. But in practice it makes most sense to put it immediately before your RewriteRule section, because that's where a human would expect to see it.
5:42 pm on Jan 18, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts:9
votes: 0


I will use the file you kindly provided for all my affected websites. Thank you again for all your help, very much appreciated.
8:07 pm on Jan 18, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts:9
votes: 0


One last question, just to clarify when using the file do I actually use URL or URI in the lines? The first edit by phranque left me confused. Thanks again.
8:30 pm on Jan 18, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11466
votes: 691


this line excludes that path from the redirect.
I'm aware of that... however it may have been the cause of the key installer getting lost. I work with these all the time. Best to keep the location of well-known independent of any rewrites. As the OP just said, when he went back to using an old copy of htaccess *without* that line, the installer was able to do its job. There's absolutely no reason for that file path to be included in the redirect, with or without the exemption. There are no browsers that will request it.

One last question, just to clarify when using the file I actually use URL or URI in the lines?
@vSkyeman - use the URI as exemplified.
8:32 pm on Jan 18, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts:9
votes: 0


Thank you.
10:15 pm on Jan 18, 2018 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11279
votes: 133


The first edit by phranque left me confused.

There should be no reason for your confusion - i simply unlinked the URL on this line and otherwise left it as you posted it:
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]
6:36 am on Jan 19, 2018 (gmt 0)

New User from GB 

joined:Jan 17, 2018
posts:9
votes: 0


Hello Phranque, sorry - no criticism intended. I thought the original code had URL in it, it was actually URI when I looked back at the code supplied by my hosting provider. The confusion arose when I looked up URI and found that both can be used.

Apologies again, despite many years experience in web design .htaccess coding has always been unknown territory to me as I haven't needed to use it until recently.