.htaccess將所有請求（包括ssl和非ssl）重定向到https://domain.com

Question

我正在使用Let's加密我的域名上的SSL，不幸的是它只保護我的domain.com而不是www.domain.com。

So, I want 
http://domain.com 
http://www.domain.com 
https://www.domain.com 

重定向到

https://domain.com 

現在我設法得到它的除了https://www工作，這表明SSL錯誤。

有人可以幫忙嗎？

我的htaccess：

RewriteEngine On 
RewriteBase/
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] 
RewriteRule ^(.*)$ http://%1/$1 [R=301,L] 
RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 
# remove .php; use THE_REQUEST to prevent infinite loops 
RewriteCond %{THE_REQUEST} ^GET\ (.*)\.php\ HTTP 
RewriteRule (.*)\.php$ $1 [R=301] 
# remove index 
RewriteRule (.*)/index$ $1/ [R=301] 
# remove slash if not directory 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteCond %{REQUEST_URI} /$ 
RewriteRule (.*)/ $1 [R=301] 
# add .php to access file, but don't redirect 
RewriteCond %{REQUEST_FILENAME}.php -f 
RewriteCond %{REQUEST_URI} !/$ 
RewriteRule (.*) $1\.php [L] 

<ifModule mod_gzip.c> 
mod_gzip_on Yes 
mod_gzip_dechunk Yes 
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$ 
mod_gzip_item_include handler ^cgi-script$ 
mod_gzip_item_include mime ^text/.* 
mod_gzip_item_include mime ^application/x-javascript.* 
mod_gzip_item_exclude mime ^image/.* 
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* 
</ifModule> 


<IfModule mod_deflate.c> 
    # Compress HTML, CSS, JavaScript, Text, XML and fonts 
    AddOutputFilterByType DEFLATE application/javascript 
    AddOutputFilterByType DEFLATE application/rss+xml 
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject 
    AddOutputFilterByType DEFLATE application/x-font 
    AddOutputFilterByType DEFLATE application/x-font-opentype 
    AddOutputFilterByType DEFLATE application/x-font-otf 
    AddOutputFilterByType DEFLATE application/x-font-truetype 
    AddOutputFilterByType DEFLATE application/x-font-ttf 
    AddOutputFilterByType DEFLATE application/x-javascript 
    AddOutputFilterByType DEFLATE application/xhtml+xml 
    AddOutputFilterByType DEFLATE application/xml 
    AddOutputFilterByType DEFLATE font/opentype 
    AddOutputFilterByType DEFLATE font/otf 
    AddOutputFilterByType DEFLATE font/ttf 
    AddOutputFilterByType DEFLATE image/svg+xml 
    AddOutputFilterByType DEFLATE image/x-icon 
    AddOutputFilterByType DEFLATE text/css 
    AddOutputFilterByType DEFLATE text/html 
    AddOutputFilterByType DEFLATE text/javascript 
    AddOutputFilterByType DEFLATE text/plain 
    AddOutputFilterByType DEFLATE text/xml 

    # Remove browser bugs (only needed for really old browsers) 
    BrowserMatch ^Mozilla/4 gzip-only-text/html 
    BrowserMatch ^Mozilla/4\.0[678] no-gzip 
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html 
    Header append Vary User-Agent 
</IfModule> 


## EXPIRES CACHING ## 
<IfModule mod_expires.c> 
ExpiresActive On 
ExpiresByType image/jpg "access plus 1 year" 
ExpiresByType image/jpeg "access plus 1 year" 
ExpiresByType image/gif "access plus 1 year" 
ExpiresByType image/png "access plus 1 year" 
ExpiresByType text/css "access plus 1 month" 
ExpiresByType application/pdf "access plus 1 month" 
ExpiresByType text/x-javascript "access plus 1 month" 
ExpiresByType application/x-shockwave-flash "access plus 1 month" 
ExpiresByType image/x-icon "access plus 1 year" 
ExpiresDefault "access plus 2 days" 
</IfModule> 
## EXPIRES CACHING ## 

Answer 1

當加載使用證書保護的網站，客戶端

1. 做了DNS解析和連接到IP地址（即東西開始與https:）。
2. 通過SSL handshake它從服務器獲取證書
3. 通過現在安全的c做一個HTTP請求hannel，發送的主機名，你在瀏覽器的地址欄中設置

現在步驟2和3之間時，瀏覽器將實現由服務器提供的SSL證書持有比你要求什麼不同的主機名（domain.com）（www.domain.com） ，並會發出警告。

這裏唯一的解決辦法是讓一個wildcard certificate爲*.domain.com，這將是有效的兩個domain.com和www.domain.com（但是，據我記得，不是my.sub.domain.com）。