Redirection & SSL

Uit De Vliegende Brigade
Naar navigatie springen Naar zoeken springen

Don't include aliases in canonical SSL certificate

When a domain name redirects to another domain name (the canonical or primary domain name), the alias' domain name doesn't need to be included in the SSL certificate of the canonical domain name.

This is already the case for the variant of a domain name with the prefix www.: No need to include it in the SSL certificate.

Output of sudo certbot certificates. Note that domain eur_en doesn't have any aliases defined! And the arbitrary domain ending at .us, just above it, does have 1 alias

Aliases can't have their own SSL certificates

An alias cannot have its own SSL. Otherwise, an error will occur as in the case of 2024.02 (below).

Case: example.cn → example.com (2024.02)

Case (2024.02): The webshop at domain example.cn (English webshop for China, abbreviated as cn_en) will be cancelled and the URL should be redirected to example.com (English webshop for Europe, abbreviated eur_en). How to solve this...

Problem

After disabling the domain example.cn (http & https) and redirecting it to example.com, I get this SSL error, claiming that example.cn is using a certificate for example.com

Actions & additional information

  • The certificates of the alias was removed using sudo certbot remove
  • In a new Chrome session, it works as intended
  • Unfortunately, it doesn't work in the existing Chrome session - Maybe wait until after the weekend? Otherwise, remove cookies, etc.?