For reasons much too long and complex to get into (it involves several layers of corporate red tape resulting in someone else not purchasing a wildcard SSL certificate I requested), IF you have to set up a domain to redirect all requests to https://www.xyz.com – secure protocol with the www subdomain. So: http://xyz.com, http://www.xyz.com, and https://xyz.com should ALL redirect to https://www.xyz.com.
use the following code in htaccess file :-In the .htaccess If I enable:

  • The forcing of https
  • redirection for www. prefixed urls to urls without the prefix

The visitor is not redirected from www.example.com to https://example.com, as I would have expected. Instead, the user is redirected to https://www.example.com (so the prefix isn’t removed).

I am not an expert in htaccess url rewriting, but it seems like the subdomain is only removed for http connections and it redirects to the unprefixed, but unsecured version of the url (so it doesn’t do anything for https connections). Wouldn’t it be better to rewrite secure connections as well? Just wondering if this is an oversight or by design.

# ensure www.
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ensure https
RewriteCond %{HTTP:X-Forwarded-Proto} !https 
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]