Overview
After upgrading from Evoq 8.x to 9+, some users have reported issues with secure sites not properly redirecting from www.<domain> to <domain>. In these cases, the redirect was set up and working properly in Evoq 8.x and errors began after the upgrade.
Redirect failures can be a problem when a site is secured with a *.domain.com wildcard SSL certificate, because addresses in the form *.*.domain.com are not covered by the same SSL certificate. This article assumes that your certificate has been set up and properly installed on your server, bindings are properly configured in IIS, and that the only major change was a DNN Evoq upgrade.
Prerequisites
- Access to a Superuser account
Diagnosis
Using a browser in a hidden or incognito mode, browse to:
www.<your full domain including subdomain>
If your site was set up to direct ‘www’ traffic to your base website, you should be directed to a version of the address without ‘www.’ For example: www.evoqcontent.dnndev.me > evoqcontent.dnndev.me
If you have the site secured and properly configured, the redirected site should be secure (https).
If any of this fails to occur, you may get one of several errors:
- "Your connection is not private" error. This can happen if you manually add ‘https://’ before the domain name including the www. This is uncommon, but if it is expected behavior from your users, it can be solved using a URL rewrite in IIS.
- A redirection to an insecure version of your site. This can happen if the default page that clients land on is not secure, or if the mapping mode is set to Canonical.
- No redirect occurs, leading to a 404 error. This can occur if the redirection hasn’t been set up or is misconfigured.
Solution
- Ensure that Advanced URL Management (Settings > Site Settings > Site Behavior > Site Aliases) is configured correctly. The www alias should be added, it should not be set as primary, and the Site Alias Mapping Mode should be set to Redirect. See this guide for more information on these settings.
- Ensure that the default landing page is set to use SSL (Content > Pages > [select the default page] > Advanced > More > Secure Connection set to On). See this article if you need to set all your pages to use a secure connection.
- Ensure that SSL is enabled site wide (Settings > Security > More > SSL Settings). Note that SSL Enforced only needs to be on in very specific situations. Reference this guide to learn how these settings interact.
Note also that the SSL URL and Standard URL settings on the same page can usually be left blank. Only fill them in if your SSL certificate doesn't cover your main URL. - If the settings from the previous steps are in place and the redirect is still failing, you can attempt removing and re-adding the alias in Advanced URL Management (Settings > Site Settings > Site Behavior > Site Aliases).
Testing
Solutions that affect browsing to and from a site should always be tested in a fresh environment or with browsing cache disabled. The old session should be shut down and a fresh session created before testing any settings change. Incognito mode in Chrome with the DevTools (Ctrl+Shift+C on Windows, Command+Option+C on Mac) open and Network > Disable cache checked will work. Incognito mode will need to be fully exited and all Incognito windows closed before testing another change.
In a fresh environment, browse to:
www.<your full domain including subdomain>
Site should redirect to your domain address without ‘www.’ If applicable, your session should also be secure.
Comments
0 comments
Please sign in to leave a comment.