Redirection & SSL

How to redirect a URL (e.g., from a cancelled domain) to another domain, without any SSL-related errors?

Breaking it down

Don't include aliases in canonical SSL certificate

When a domain name redirects to another domain name (the canonical or primary domain name), the alias' domain name doesn't need to be included in the SSL certificate of the canonical domain name.

This is already the case for the variant of a domain name with the prefix www.: No need to include it in the SSL certificate.

Output of sudo certbot certificates. Note that domain eur_en doesn't have any aliases defined! And the arbitrary domain ending at .us, just above it, does have 1 alias

Aliases don't have their own SSL certificates

An alias cannot have its own SSL. Otherwise, an error will occur as in the case of 2024.02 (below).

Aliases don't have their own VHDF files

Not sure? Just check /etc/apache2/sites-available of your favourite webserver.

Putting it together

• Include the old domain name on the alias field of the Apache VHDF files
• Remove the previous SSL certificate
• Don't create any new SSL certificate
• Give it some time to propagate.

Case: example.cn → example.com (2024.02)

Case (2024.02): The webshop at domain example.cn (English webshop for China, abbreviated as cn_en) will be cancelled and the URL should be redirected to example.com (English webshop for Europe, abbreviated eur_en). How to solve this...

Problem

After disabling the domain example.cn (http & https) and redirecting it to example.com, I get this SSL error, claiming that example.cn is using a certificate for example.com

Actions & additional information

• The certificates of the alias was removed using sudo certbot remove
• In a new Chrome session, it works as intended
• Unfortunately, it doesn't work in the existing Chrome session - Maybe wait until after the weekend? Otherwise, remove cookies, etc.?

See also

• Let's Encrypt