proposed: better certificate and domain layout
Hi, there is no cert available for
https://www.xonotic.org and it's not an issue on itself if the
www prefix is not expected to be used (you may still keep a
www redirect on
http for people doing the mistake).
The problem is that some official link like the "Home" button on forums is linking the
Thanks to another bug (
https forum linking to
non-https home page), people do not get any issue. But if peoples rewrite the url to set
http, they would get the cert error.
Based on my own experience (I host hundreds of website and I in charge of their certificates, and I'm doing web hosting since decades), I would suggest to do this way, in this order:
have a certificate for any domain and subdomain you have content on (
stats.xonotic.org), this does not count
www.xonotic.orgsince it's the same content as
xonotic.org. It looks like this step is already done.
replace all your own links in your own websites from
xonotic.orgto help web crawlers to reference this domain.
xonotic.orgwith a permanent redirect.
I always recommend people to not do certificates for
www subdomain unless this was mistakenly used in physical publications (like physically prints), this to not have to double the number of certificate to take care of. I always recommend people to use
non-www domain as main website and to always do a
www redirect to
non-www domain on main website. I recommend to not do this for subdomains since it double the DNS entries to take care of, unless a subdomain was mistakenly used with a
www prefix in physical publications.
At this point, the
www redirect on main website would just be there to take care of people mistakenly writing the
www prefix in their browser url bar, because of the cargo cult (and urban legend) of
www. Hopefully the cargo cult of
www date from decades, from a time
https was not really a common thing or even a thing at all. So people believing in that urban legend usually don't do
https and people writing
https themselves usually don't do that cargo cult. So unless there is a physical print mistakenly using
https://www no one has to do a cert for this.
Given you do not have cert for
www prefix, you can assume there is no
https://www on the web, or they never worked, it seems OK for you to decide to not take care of cert on
www prefix (I highly recommend you to not care of it)
At the end, you may want to do those steps:
httpdomain and subdomain to
httpscounterpart with permanent redirect.
https://xonotic.orgwithout extra hop (to still take care of cargo cultists typing www in their browser bar).