Primary LetsEncrypt domain lost its www redirection after using bncert

Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 6d3e46b0-89d7-e563-208f-843619968e2c
Description:
I have 2 dozen websites on a single AWS cloud-based LAMP stack for which I have Let’s Encrypt SSL certificates enabled. I use my company website, tooliedotterpress.com, as the server name, thus it’s listed first in the list of domains to receive the SSL Certificate.

After I did a revoke/recertification of the server prior to its expiration back in March, suddenly the www redirection stopped working for ONLY that domain name. I made no changes to my virtual hosts configuration file, either before or after running bncert. I also had made no changes to the existing CNAME in my DNS record.

I haven’t had time to chase down the problem. When I ran bncert today prior to SSL certificate expiration, I listed both the plain and www versions of each domain just to be sure.

The www redirection for that primary domain name continues to NOT work. Where do I go to look for the problem?

Hello @Toolie,

I can see that only geek***.net is applying correctly the redirection from non-www to www (but it is being redirected by Moodle). The rest of domains does not seem to apply the redirection as expected.

Bncert tool applies some changes in the .conf files. Could you verify the changes with these backup files in order to find something weird? (Note that the support tool does not gather the content of those backup files):

bitnami.conf.back.202103281031
bitnami-apps-prefix.conf.back.202103281031
httpd.conf.back.202103281031
---
bitnami.conf.back.202106191835
bitnami-apps-prefix.conf.back.202106191835
httpd.conf.back.202106191835
---
bitnami.conf
bitnami-apps-prefix.conf
httpd.conf

Alternatively, adding these lines in each <VirtualHost *:443> section in apache2/conf/bitnami/bitnami-apps-vhosts.conf should make it work:

  # BEGIN: Enable non-www to www redirection
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteCond %{HTTP_HOST} !^localhost
  RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
  RewriteCond %{REQUEST_URI} !^/\.well-known
  RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
  # END: Enable non-www to www redirection

Regards

Hi David, I ran comparisons on the backup files going back to this past December. None of the backup files had anything unusual in them, so I don’t know where else to look.

The bitnami-apps-vhosts.conf file contains entries like these:

## vaddhost: (tooliedotterpress.com) at *:80
<VirtualHost *:80>
    ServerName     tooliedotterpress.com
    ServerAlias    www.tooliedotterpress.com
    ServerAdmin    [email]@tooliedotterpress.com
    DocumentRoot   "[path]/tooliedotterpress.com"
    CustomLog      "/opt/bitnami/apache2/logs/[filename]" combined
    ErrorLog       "/opt/bitnami/apache2/logs/[filename]"
</VirtualHost>

## vaddhost: (tooliedotterpress.com) at *:443
<VirtualHost *:443>
    ServerName     tooliedotterpress.com
    ServerAlias    www.tooliedotterpress.com
    ServerAdmin    [email]@tooliedotterpress.com
    DocumentRoot   "[path]/tooliedotterpress.com"
    SSLEngine on
    SSLCertificateFile "[path]/tooliedotterpress.com.crt"
    SSLCertificateKeyFile "[path]/tooliedotterpress.com.key"
    CustomLog      "/opt/bitnami/apache2/logs/[filename]" combined
    ErrorLog       "/opt/bitnami/apache2/logs/[filename]"
</VirtualHost>

I’m thinking that adding your rewrite lines to the end of the second group (*.443, just prior to for each domain would be the best option.

Any other thoughts?

Hello @Toolie,

I would go ahead with that option. Please let us know if that does not work for you (in that case, please share a new support tool output).

Regards

Here is the latest bnsupport tool ID: af74e9aa-88bf-2582-29af-5031b964de22

I tried adding the redirect block to all the websites in my virtual hosts file, and the ONLY one for which it does not work, and which still remains broken is my primary domain. To be clear:

http://tooliedotterpress.com - goes to the website as https://tooliedotterpress.com
http://www.tooliedotterpress.com - fails completely. I have a temporary meta http-equiv redirect in there now.

It is the www version that fails, and that’s what I and most people use. I DO have a CNAME for the “www” in my DNS, I double-checked today.

Why is ONLY this website (as primary Let’s Encrypt domain) failing?

Hello @Toolie,

I can see there is a typo in your apache2/conf/bitnami/bitnami-apps-vhosts.conf file, line 291.

  DocumentRoot   "/opt/bitnami/apache2/htdocs/XXX.net

You need to close the quotes ‘"’. It is not the root cause but just to avoid future issues.

Also, I can see that tooliedotterpress.com is the only VirtualHost that does not include the Enable non-www to www redirection block. Below you can compare it vs XXX.me

## vaddhost: (XXX.me) at *:443
<VirtualHost *:443>
    ServerName     XXX.me
    ServerAlias    www.XXX.me
    ServerAdmin    root@XXX.me
    DocumentRoot   "/opt/bitnami/apache2/htdocs/XXX.me"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/tooliedotterpress.com.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/tooliedotterpress.com.key"
    CustomLog      "/opt/bitnami/apache2/logs/XXX.me-access_log" combined
    ErrorLog       "/opt/bitnami/apache2/logs/XXX.me-error_log"
# BEGIN: Enable non-www to www redirection
   RewriteEngine On
   RewriteCond %{HTTP_HOST} !^www\. [NC]
   RewriteCond %{HTTP_HOST} !^localhost
   RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
   RewriteCond %{REQUEST_URI} !^/\.well-known
   RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
# END: Enable non-www to www redirection
</VirtualHost>

## vaddhost: (tooliedotterpress.com) at *:443
<VirtualHost *:443>
    ServerName     tooliedotterpress.com
    ServerAlias    www.tooliedotterpress.com
    ServerAdmin    XXX@tooliedotterpress.com
    DocumentRoot   "/opt/bitnami/apache2/htdocs/tooliedotterpress.com"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apache2/conf/tooliedotterpress.com.crt"
    SSLCertificateKeyFile "/opt/bitnami/apache2/conf/tooliedotterpress.com.key"
    CustomLog      "/opt/bitnami/apache2/logs/tooliedotterpress.com-access_log" combined
    ErrorLog       "/opt/bitnami/apache2/logs/tooliedotterpress.com-error_log"
</VirtualHost>

Could you add this rewrite block to your Virtual Host and restart apache?

Regards

David, thanks for noticing the missing quote mark, I have updated that.

I have inserted and removed that virtual host rewrite block from the Tooliedotter Press section multiple times, and it does not solve the problem.

  1. I re-added the block per your request and restarted Apache. I type in http://tooliedotterpress.com and land in the server root with a URL of https://www.tooliedotterpress.com. I’ve put in a blank page to prevent exposing that root.
  2. I type in http://www.tooliedotterpress.com and land in the server root with a URL of https://www.tooliedotterpress.com.
  3. I comment out that block and restart Apache. I enter http://tooliedotterpress.com into my browser’s address bar, and I do get to the site with the URL of https://tooliedotterpress.com.
  4. If I type in http://www.tooliedotterpress.com into the browser address bar, I land in the server root with a URL of https://www.tooliedotterpress.com, and never get to the website.

The non-www to www fails ONLY for this website, everything else works.

The ONLY other thing I can think of is the assembly and inclusion of a single Joomla file containing all the htaccess file contents for my Joomla sites, of which this is one. There are redirect instructions in that standard Joomla htaccess file, but I don’t think they cover the non-www to www.

Other than that, I’m at a complete loss. This is my primary business website, it HAS to work.

Hi @Toolie,

Change ServerName parameter in your httpd.conf file:

ServerName localhost:80 

I think it may be matching the VirtualHost in bitnami/bitnami.conf (<VirtualHost _default_:80>) and serving /opt/bitnami/apache2/htdocs as DocumentRoot.

Apart from that, please enter the rewrite block since it is properly redirecting all sites to https://www according to your results.

Regards

David that WORKED! I would never have tracked that down, so THANK YOU!

My next question is, will running the bncert tool next time undo this change? I realize that I have an unusual circumstance, so I wouldn’t complain if it did, but I need to know in advance so I can change it back.

Thoughts?

Hello @Toolie,

I’m glad it worked for you.
Yes, bncert will change ServerName. You could undo the change or edit your bitnami.conf default VirtualHost to serve your /opt/bitnami/apache2/htdocs/tooliedotterpress.com folder instead.

Regards

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.