搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

Learn More

SSL not working when redirecting from non-www to www

more options

Hello, im a web developer and have come accross a problem which only occurs in the firefox browser.

When i design a website, i use the www version of it always, and have redircts for all other instances, eg; mydomain.co.uk > https://www.mydomain.co.uk http://www.mydomain.co.uk > https://www.mydomain.co.uk https://mydomain.co.uk > https://www.mydomain.co.uk

So they all end up at the secure www version of the website. This is done in the .htaccess file and works great in Chrome, Edge, Explorer etc just not firefox.

In firefox i get the error

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to boothandco.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

What can you do about it?

The issue is most likely with the web site, and there is nothing you can do to resolve it. You can notify the web site’s administrator about the problem.

Ignoring it then procceeds to the full https://www. but that warning screen will be enough to put potential visitors off no doubt.

Is there an "easy fix" for this or is the only way to solve the problem to use up more SAN's and double up on www and non-www versions of each website?

Any help is greatly appreciated.

Thanks Chris

所有回复 (5)

more options

Can you post some links as real examples of websites that have this problem ?


Start Firefox in Safe Mode to check if one of the extensions ("3-bar" menu button or Tools -> Add-ons -> Extensions) or if hardware acceleration or userChrome.css is causing the problem.

  • switch to the DEFAULT theme: "3-bar" menu button or Tools -> Add-ons -> Themes
  • do NOT click the "Refresh Firefox" button on the Safe Mode start window

You can remove all data stored in Firefox for a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History -> Show All History" or "View -> Sidebar -> History").

Using "Forget About This Site" will remove all data stored in Firefox for this domain like history and cookies and passwords and exceptions and cache, so be cautious. If you have a password or other data for that domain that you do not want to lose then make sure to backup this data or make a note.

You can't recover from this 'forget' unless you have a backup of involved files.

If you revisit a 'forgotten' website then data for that website will be saved once again.

more options

Yes certainly;

boothandco.com lindwayspringsalpacas.co.uk peakautolocks.co.uk

I know its because its the non-www version of the site, but i dont understand why firefox isnt redirecting straight to the secure www.

more options

The SAN list only includes the www. prefixed domain if I check the certificate. I do not see the server response headers in the Network Monitor, so I don't know why Firefox doesn't see the redirect.

The certificate is only valid for the following names:
cecilwebdesigns.co.uk
www.cecilwebdesigns.co.uk
www.lindwayspringsalpacas.co.uk
www.pothongthaitherapy.co.uk
www.ddbl.co.uk
www.whitepeakhousekeeping.co.uk
www.boothandco.com
www.tecniblock.co.uk
www.peakautolocks.co.uk
www.cinema-box.co.uk
www.upperfieldfarm.co.uk

Error code: SSL_ERROR_BAD_CERT_DOMAIN

more options

由cor-el于修改

more options

Yes the issue is now why Firefox is not seeing the redirect when all other browsers can see it fine.

I will show the htaccess file below incase im missing something obvious.

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# remove the index file.
RewriteCond %{THE_REQUEST} ^.*/index
RewriteRule ^(.*)index$ http://www.boothandco.com/$1 [R=301,L]

# Remove PHP extention.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# Custom error pages.
ErrorDocument 404 https://www.boothandco.com/notfound

由cor-el于修改