I have several domains using SSL (UCC SSL) and found an issue where https://www.ourwebsite.org gives the following error:
This site can’t provide a secure connection www.ourwebsite.org uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The website works fine with the following urls:
http://www.ourwebsite.org - redirects to https://ourwebsite.org
http://ourwebsite.org - redirects to https://ourwebsite.org
I've been searching the web for a solution to add to .htaccess and nothing seems to be working.
This doesn't work:
<IfModule mod_rewrite.c> RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\.ourwebsite\.org [NC] RewriteRule (.*) https://ourwebsite.org/$1 [L,R=301] </IfModule>
This doesn't work:
<IfModule mod_rewrite.c> RewriteCond %{HTTP_HOST} ^www\.ourwebsite\.org [NC] RewriteRule ^(.*)$ https://ourwebsite.org/$1 [L,R=301] </IfModule>
This doesn't work:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off [OR] RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301] </IfModule>
This doesn't work:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} on [OR] RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301] </IfModule>
This doesn't work:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301] </IfModule>
I'm really out of ideas as to what else to try. Each time I edit the .htaccess file, upload the file and flush the cache on the server and test in an incognito window. Does anyone have any other suggestions?
Hey there @smithcreate,
Really Simple SSL, Give that plugin a try.
If that doesn't work, GoDaddy offers an SSL installation service you can check out.
Once your issue is resolved,
please be sure to come back and click accept for the solution
Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community
Hi @MrVapor
I've tried Really Simple SSL, but that does not fix the issue. This isn't a mixed content issue. The security certificate is installed correctly. Like I mentioned, everything works except for:
The certificate is installed for https://ourwebsite.org.
http://www.ourwebsite.org redirects to https://ourwebsite.org which is what I want to happen for https://www.ourwebsite.org.
It looks as if you're using a Let's Encrypt certificate. I would contact their support function for further assistance. No one at GoDaddy will be able to help you with this issue because you're using a third-party SSL. There may be some that are familiar with Let's Encrypt on here, I'm sure.
That being said, your SSL is encrypted for the site www.server266.com, which is why you're getting that error. The SSL isn't configured correctly.
Once your issue is resolved,
please be sure to come back and click accept for the solution
Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community
@MrVapor I was simply using ourwebsite dot org as an example to show the code in my htaccess file. That is not my actual website.
@smithcreateThe www variation of the domain would also need to be covered by SSL for it to work properly, as with the https protocol the validity of an SSL certificate is checked before accessing the server where the redirect script resides.
Why would http://www.ourwebsite.org redirect to https://ourwebsite.org then? Is the browser able to read the .htaccess file when not using https://www? But when trying to access https://www the browser is hitting a security certificate error which is stopping it dead in its tracks?
@smithcreate, do you have the CNAME for the www set in the zone file? Might be a silly question, but I've forgotten it before.
Once your issue is resolved,
please be sure to come back and click accept for the solution
Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community
@smithcreateIt seems you've answered your own question there, an SSL certificate is not needed or checked for http:// traffic. But https:// traffic would be stopped before reaching the server if it's lacking or there's a problem with the SSL certificate. I can't tell 100% if this is the issue without testing hands on, but that is what it sounds like. Try running your domain with www thru an SSL checker and see what it says.