Weird redirect question

Hi all!

I'm trying to figure out if I'm doing something wrong, or if this is normal behavior. I have site aaa.fi which redirects to https:// www.bbb.fi , meaning from HTTP to HTTPS. Certificate is for site bbb.fi. This works fine.

However, if I type https:// aaa.fi -> browser (chrome) tells me that connection is not secure and it doesn't redirect to site https:// www.bbb.fi, which it should.

Hopefully I managed to explain this in an understandable manner. So could someone more experienced tell me if this is expected behavior or is my configuration wrong?

Here's sites conf file (obfuscated for security purposes):

server {
listen 80;
server_name bbb.fi;
access_log /PATH/aaa.fi.access.log combined;
return 301 https:// www. aaa.fi$request_uri;
}

server {
listen 80;
server_name www. bbb.fi;
access_log /PATH/aaa.fi.access.log combined;
return 301 https:// www. aaa.fi$request_uri;
}

server {
listen 443;
server_name bbb.fi www. bbb.fi;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;

ssl_certificate /PATH;
ssl_certificate_key /PATH;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128H+3DES:!ADH:!AECDH:!MD5;

ssl_dhparam /PATH;

add_header Strict-Transport-Security "max-age=31536000" always;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /PATH.crt;
resolver 213.140.164.26 212.149.120.42;

access_log /PATH/aaa.fi.access.log combined;
return 301 https:// www. aaa.fi$request_uri;
}

Sorry for blanks between URLs. Seems that forum does not accept my post with obfuscated addresses.

 

Use this http://redirectdetective.com/ please and paste output.

Test the case that isn't working.

 

Hi PhpNinja and thanks for suggestion!

The redirect path seems to be working as it should be! So everything should work OK. But still I get the mentioned certificate error and redirect from https:// bbb.fi to https:// aaa.fi doesn't work.

 

Maybe some cache from your browser? have you tried to clean cache or use another browser?

 

Tried with Chrome, Firefox and Edge, everyone with private browsing mode on. Still not working. So mainly I'm wondering if behavior is "by design"?

 

As you have mentioned about the redirection of your website, it is suggested that you should once check the .htaccess file from public.html folder. In this file, you need to remove the redirection code which causes your site redirect. Also to remove the secure connection error, you will need to remove self-signed certificate for your domains from SSL/TLS certificate option.

 

It is super strange that redirect detective gives you a normal result.

Can you give me real urls to try it myself ? I guess you are trying to redirect very quick. Sometimes you have to redirect from non www to www. Then from http to https ... It creates issues if you try to redirect directly to the final destination.

 

Funny thing, I can't locate .htaccess file or public.html directory. They don't exist. We are using nginx only as proxy. These sites are not all put up with linux apache / etc. I _think_ this problem is with our nginx configuration. We use certificates, but we don't use self-signed certificates.

Hah, good one! I'm not so good with how websites works so pardon me mr. Ninja!

I'm sorry, I do not want to share real URLs. I think it's not a good idea to show whole world a. configuration of nginx and b. real URLs. I hope you can understand me.

Are you suggesting that I should add routes between http and https?

Also sorry for delay in answer!