본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

SSL not working when redirecting from non-www to www

  • 5 답장
  • 1 이 문제를 만남
  • 12 보기
  • 최종 답변자: M.S. S.

more options

Hello, im a web developer and have come accross a problem which only occurs in the firefox browser.

When i design a website, i use the www version of it always, and have redircts for all other instances, eg; mydomain.co.uk > https://www.mydomain.co.uk http://www.mydomain.co.uk > https://www.mydomain.co.uk https://mydomain.co.uk > https://www.mydomain.co.uk

So they all end up at the secure www version of the website. This is done in the .htaccess file and works great in Chrome, Edge, Explorer etc just not firefox.

In firefox i get the error

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to boothandco.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

What can you do about it?

The issue is most likely with the web site, and there is nothing you can do to resolve it. You can notify the web site’s administrator about the problem.

Ignoring it then procceeds to the full https://www. but that warning screen will be enough to put potential visitors off no doubt.

Is there an "easy fix" for this or is the only way to solve the problem to use up more SAN's and double up on www and non-www versions of each website?

Any help is greatly appreciated.

Thanks Chris

Hello, im a web developer and have come accross a problem which only occurs in the firefox browser. When i design a website, i use the www version of it always, and have redircts for all other instances, eg; mydomain.co.uk > https://www.mydomain.co.uk http://www.mydomain.co.uk > https://www.mydomain.co.uk https://mydomain.co.uk > https://www.mydomain.co.uk So they all end up at the secure www version of the website. This is done in the .htaccess file and works great in Chrome, Edge, Explorer etc just not firefox. In firefox i get the error '''Warning: Potential Security Risk Ahead Firefox detected a potential security threat and did not continue to boothandco.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. What can you do about it? The issue is most likely with the web site, and there is nothing you can do to resolve it. You can notify the web site’s administrator about the problem.''' Ignoring it then procceeds to the full https://www. but that warning screen will be enough to put potential visitors off no doubt. Is there an "easy fix" for this or is the only way to solve the problem to use up more SAN's and double up on www and non-www versions of each website? Any help is greatly appreciated. Thanks Chris

모든 댓글 (5)

more options

Can you post some links as real examples of websites that have this problem ?


Start Firefox in Safe Mode to check if one of the extensions ("3-bar" menu button or Tools -> Add-ons -> Extensions) or if hardware acceleration or userChrome.css is causing the problem.

  • switch to the DEFAULT theme: "3-bar" menu button or Tools -> Add-ons -> Themes
  • do NOT click the "Refresh Firefox" button on the Safe Mode start window

You can remove all data stored in Firefox for a specific domain via "Forget About This Site" in the right-click context menu of an history entry ("History -> Show All History" or "View -> Sidebar -> History").

Using "Forget About This Site" will remove all data stored in Firefox for this domain like history and cookies and passwords and exceptions and cache, so be cautious. If you have a password or other data for that domain that you do not want to lose then make sure to backup this data or make a note.

You can't recover from this 'forget' unless you have a backup of involved files.

If you revisit a 'forgotten' website then data for that website will be saved once again.

more options

Yes certainly;

boothandco.com lindwayspringsalpacas.co.uk peakautolocks.co.uk

I know its because its the non-www version of the site, but i dont understand why firefox isnt redirecting straight to the secure www.

more options

The SAN list only includes the www. prefixed domain if I check the certificate. I do not see the server response headers in the Network Monitor, so I don't know why Firefox doesn't see the redirect.

The certificate is only valid for the following names:
cecilwebdesigns.co.uk
www.cecilwebdesigns.co.uk
www.lindwayspringsalpacas.co.uk
www.pothongthaitherapy.co.uk
www.ddbl.co.uk
www.whitepeakhousekeeping.co.uk
www.boothandco.com
www.tecniblock.co.uk
www.peakautolocks.co.uk
www.cinema-box.co.uk
www.upperfieldfarm.co.uk

Error code: SSL_ERROR_BAD_CERT_DOMAIN

more options

글쓴이 cor-el 수정일시

more options

Yes the issue is now why Firefox is not seeing the redirect when all other browsers can see it fine.

I will show the htaccess file below incase im missing something obvious.

RewriteEngine on

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# remove the index file.
RewriteCond %{THE_REQUEST} ^.*/index
RewriteRule ^(.*)index$ http://www.boothandco.com/$1 [R=301,L]

# Remove PHP extention.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# Custom error pages.
ErrorDocument 404 https://www.boothandco.com/notfound

글쓴이 cor-el 수정일시