For some sites the http->https rewrite is not working on my server (Debian 10, Apache). The Rewrite HTTP to HTTPS checkbox in ISPConfig is checked. The generated and unmodified Apache vhost file contains the correct rewrite rule. Apache was restarted. No redirect is happening when I request the site with http:// I am looking for ideas on how to troubleshoot this problem.
Is this happening with several sites? Is for those sites the certificate ok when accessed with httpS://? Instead of redirecting, what happens? Do you see the correct website but browser address bar shows url as http://? If there is problem with certificate, this helps: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ If nothing helps, examine apache logs at the time when you try to access the site.
Thanks for your reply. Yes, it happens with a few sites, but not with all. Yes, the certificate is completely fine. Yes. I did indeed have problems with Letsencrypt certificates because migration mode was still switched on from a previous migration a year ago and the certs were not properly renewed. Major problems were caused by the removal of sites from existing certificates. But after a lot of troubleshooting I solved these problems and could renew all certs. I am not sure how my current problem can be related to that because all certs are fine now. I don't see anything special there but I will increase the LogLevel to see more. Thanks so far. If you want to try yourself, please see http://www.annozone.de as an example.
I think the redirect rule is not processed because it is the last rule and preceding subdomain rules are tagged with [L]. But all rules were generated by ISPConfig, so is that a bug?
Yes! That was the right question. I had several other redirects flagged with [L] preceding the http->https rule. But (as usual) it is not an ISPConfig issue. The problems were all homemade. S**t happens when you don't know what you are doing. In my case I was not aware of the implications the flag settings in sub- and alias domain configurations have on the https redirect rule. Thanks again for a good lesson learned!
One last thought though: Shouldn't ISPConfig generate the https rule as its first rule? The [L] won't do any harm then, because all rules will be re-executed after the redirection.
