I have a website with an SSL cert. Let's say it's called example.com , I have a rewrite rule set to redirect any request to http://example.com to go to https://example.com/ this works great.
But, every now and then I get someone who types https://www.example.com/ and they get an SSL certificate mismatch. As the cert is only for example.com.
What's the best way to do the re-direct first, before the server throws the ssl certificate to the web browser?
There is no way to do the redirect first, as the SSL connection must be in place before the HTTP connection (which contains any redirect) can occur.
Some certificate authorities will include
www.example.comas a Subject Alternate Name on a certificate forexample.comat no extra charge - that's probably the easiest solution; any other solution (SNI, a second IP forwww) involves buying a second certificate anyway.The server is not the one throwing the exception. It's the browser that is throwing the exception. You need to get a cert that covers www.example.com or a wildcard cert to cover this case.
What is happening is the client is requesting https://www.example.com and since nginx is returning with the cert for example.com it's throwing the error. The client is going to throw the cert mismatch error before any redirects you do at the server side.