I have a WordPress website that is working well. The website is shared hosted on a popular hosting site. It was migrated/transferred from a different hosting site to the current one (this point is mentioned as it may play a role in the answer to these two questions). The site has an SSL on the existing site and also had one the original site. I have changed the name servers at the domain registrar to point to the new hosting site.
When I use sslchecker.com/sslchecker to analyze my www domain, I find the following information:
When I analyze using either www.example.com OR https://www.example.com the analyzer says that the url resolves to www.example.com and that the hostnames do NOT match.
When I use sslchecker.com/sslchecer to analyze the non-www domain and I enter: https://example.com or simply example.com the site says resolves to example.com and hostname matches.
Q1. What does this “hostnames do not match” mean? Is the www domain carrying an ssl from the old hosting site? If the www domain is carrying the SSL from the original hosting site, how would I change this?
Q2. (possibly related) When I run GTmetrix on either the www or non-www domain I get a recommendation to remove the following redirect chain if possible:
The mod_rewrite RewriteCond code in .htaccess is not fully understandable to me, so I’m hesitate to make changes without understanding what the code means.
The applicable part of my .htaccess that is present now looks like this:
RewriteEngine On.
RewriteCond %{HTTP_HOST} ^mdavis.photos [NC].
RewriteRule ^(.)$ https://www.mdavis.photos/$1 [L,R=301].
Header always set Content-Security-Policy: upgrade-insecure-requests.
RewriteEngine On.
RewriteCond %{HTTPS} off.
RewriteRule ^(.)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301].
SetEnv PHPRC /home/customer/www/mdavis.photos/public_html/php.ini
Would seem to me that I want to make it so that if the user types in www.example.com or example.com or http://example.com it redirects one time and one time only to https://example.com
Thoughts and/or assistance?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Q1. I’m inclined to not trust this message on this site and think it’s nothing to worry about. It states clearly below that the certificate covers mail.yoursite, www.yoursite and yoursite. I couldn’t reproduce this error trying a couple of other ssl checker services such as https://www.sslshopper.com/. It’s also notable that in the little mouseover ? help icon, they have the ‘Lorem ipsum’ text which greatly decreses my trust in the output of this service
Q2. Your rewrite rules have these lines:
RewriteCond %{HTTP_HOST} ^mdavis.photos [NC].
RewriteRule ^(.)$ https://www.mdavis.photos/$1 [L,R=301]
Which mean ‘when the host starts with mdavis.photos exactly, then do a 301 redirect to the same page on www.mdavis.photos.
If you want the opposite, you’d need to change this to something like this:
RewriteCond %{HTTP_HOST} ^www.
RewriteRule ^(.*)$ https://mdavis.photos/$1 [R=301,L]
Which says ‘if the host starts with exactly www., then redirect to the same page on mdavis.photos
You would need to double check that your WordPress settings aligned with this (i.e. did or did not have www. subdomain) as maybe WordPress will do some fun stuff with also trying to add/remove the www.
HTH, please post response if you have more questions
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0