How to redirect domain with expired SSL certificate to new domain using apache

Posted on

How to redirect domain with expired SSL certificate to new domain using apache – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, redirect, 301-redirect, , .

So in the past I used https://example.com. Then decided that I wanted to use https://myotherexample.com instead of example.com. So I setup the server, pointed DNS at that server and everything was great. Now I wanted to redirect https://example.com to https://myotherexample.com so people with the old address would continue on to the new site. This works fine for redirecting port 80 to the new domain, however when trying to redirect port 443 (the ssl port) apache seems to require there be a valid SSL certificate for the old domain (even though I’m no longer serving a secure version of the site at that address). My SSL cert for the old domain has expired, and since there isn’t anything there to protect, I’m left wondering, how do I go about doing this kind of redirect?

example.com config:

▽
<VirtualHost *:80>


        ServerAdmin webmaster@localhost
        DocumentRoot /sites/example.com/html
        ServerName example.com
        ServerAlias www.example.com
        Redirect / https://myotherexample.com/


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

And the SSL version that I need to redirect to the new domain:

<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /sites/example.com/html
        ServerName example.com
        ServerAlias www.example.com
        Redirect / https://myotherexample.com/

        <Directory /sites/example.com/html>
                Options FollowSymlinks
                AllowOverride All
                Require all granted
        </Directory>

        SSLEngine on
        SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
        # this ssl is expired now
        SSLCertificateFile /etc/apache2/ssl/example.com.crt
        SSLCertificateChainFile /etc/apache2/ssl/example.com.IntermediateCA.crt

</VirtualHost>

I’m obviously going about this the wrong way, but is there a way to redirect an SSL domain (the https version of the domain) to a new domain using apache, without needing to keep an active ssl cert on the old domain? Thanks so much!

This is the behaviour you would expect. Imagine if somebody hijacked your DNS and set up a 301 redirect. You can use https://letsencrypt.org/ for a free cert and redirect clients until the old domain is no longer accessed.

I upvoted Matt’s reply, but I want to state it more explicitly.

Redirect is an HTTP thing, implemented as set of reply status codes (3XX) and a specific header (Location). This is an ordinary HTTP transaction. HTTP in HTTPS is possible strictly after successful TLS connection establishment, and the valid certificate is required for TLS. So, no valid certificate => no TLS => no HTTPS => no redirect possible.

Expired certificate is not valid, so it is not possible to do anything HTTP-ish until certificate is replaced, including redirects.

Leave a Reply

Your email address will not be published.