This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SSL not working when redirecting from non-www to www

  • 5 ردود
  • 1 has this problem
  • 12 views
  • آخر ردّ كتبه M.S. S.

more options

Hello, im a web developer and have come accross a problem which only occurs in the firefox browser.

When i design a website, i use the www version of it always, and have redircts for all other instances, eg; mydomain.co.uk > https://www.mydomain.co.uk http://www.mydomain.co.uk > https://www.mydomain.co.uk https://mydomain.co.uk > https://www.mydomain.co.uk

So they all end up at the secure www version of the website. This is done in the .htaccess file and works great in Chrome, Edge, Explorer etc just not firefox.

In firefox i get the error

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to boothandco.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

What can you do about it?

The issue is most likely with the web site, and there is nothing you can do to resolve it. You can notify the web site’s administrator about the problem.

Ignoring it then procceeds to the full https://www. but that warning screen will be enough to put potential visitors off no doubt.

Is there an "easy fix" for this or is the only way to solve the problem to use up more SAN's and double up on www and non-www versions of each website?

Any help is greatly appreciated.

Thanks Chris

Hello, im a web developer and have come accross a problem which only occurs in the firefox browser. When i design a website, i use the www version of it always, and have redircts for all other instances, eg; mydomain.co.uk > https://www.mydomain.co.uk http://www.mydomain.co.uk > https://www.mydomain.co.uk https://mydomain.co.uk > https://www.mydomain.co.uk So they all end up at the secure www version of the website. This is done in the .htaccess file and works great in Chrome, Edge, Explorer etc just not firefox. In firefox i get the error '''Warning: Potential Security Risk Ahead Firefox detected a potential security threat and did not continue to boothandco.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. What can you do about it? The issue is most likely with the web site, and there is nothing you can do to resolve it. You can notify the web site’s administrator about the problem.''' Ignoring it then procceeds to the full https://www. but that warning screen will be enough to put potential visitors off no doubt. Is there an "easy fix" for this or is the only way to solve the problem to use up more SAN's and double up on www and non-www versions of each website? Any help is greatly appreciated. Thanks Chris

All Replies (5)

more options

Can you post some links as real examples of websites that have this problem ?


Start Firefox in Safe Mode to check if one of the extensions ("3-bar" menu button or Tools -> Add-ons -> Extensions) or if hardware acceleration or userChrome.css is causing the problem.

  • switch to the DEFAULT theme: "3-bar" menu button or Tools -> Add-ons -> Themes
  • do NOT click the "Refresh Firefox" button on the Safe Mode start window

You can remove all data stored in Firefox for a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History -> Show All History" or "View -> Sidebar -> History").

Using "Forget About This Site" will remove all data stored in Firefox for this domain like history and cookies and passwords and exceptions and cache, so be cautious. If you have a password or other data for that domain that you do not want to lose then make sure to backup this data or make a note.

You can't recover from this 'forget' unless you have a backup of involved files.

If you revisit a 'forgotten' website then data for that website will be saved once again.

more options

Yes certainly;

boothandco.com lindwayspringsalpacas.co.uk peakautolocks.co.uk

I know its because its the non-www version of the site, but i dont understand why firefox isnt redirecting straight to the secure www.

more options

The SAN list only includes the www. prefixed domain if I check the certificate. I do not see the server response headers in the Network Monitor, so I don't know why Firefox doesn't see the redirect.

The certificate is only valid for the following names:
cecilwebdesigns.co.uk
www.cecilwebdesigns.co.uk
www.lindwayspringsalpacas.co.uk
www.pothongthaitherapy.co.uk
www.ddbl.co.uk
www.whitepeakhousekeeping.co.uk
www.boothandco.com
www.tecniblock.co.uk
www.peakautolocks.co.uk
www.cinema-box.co.uk
www.upperfieldfarm.co.uk

Error code: SSL_ERROR_BAD_CERT_DOMAIN

more options

Modified by cor-el

more options

Yes the issue is now why Firefox is not seeing the redirect when all other browsers can see it fine.

I will show the htaccess file below incase im missing something obvious.

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# remove the index file.
RewriteCond %{THE_REQUEST} ^.*/index
RewriteRule ^(.*)index$ http://www.boothandco.com/$1 [R=301,L]

# Remove PHP extention.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# Custom error pages.
ErrorDocument 404 https://www.boothandco.com/notfound

Modified by cor-el