Situacija je sljedeća. Trebam napraviti redirect određenim redosljedom
Trenutno koristim ovo:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.
RewriteRule (.+)/$ https://www.%{HTTP_HOST}/$1 [R=301,L]
Ali odmah preusmjerava na HTTPS sa www
Googlao sam, ali nisam uspio pronaći rješenje.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
</IfModule>Hvala, ali ne radi. Kada testiram http://www.domena.com/ daje mi rezultat 200, odnosno ne redirecta na https, a http://domena.com/ redirecta na http://www.domena.com (isto bez https). Ne znam ima li kakve veze s mojim problemom, ali koristim HSTS
Očito ne kužiš .htaccess sintaksu.
Ne možeš baš “određenim redoslijedom” napraviti redirect kako ti želiš.
Predlažem ti da naučiš (jednostavno je, ali treba malo vremena) umjesto da googlaš i tražiš gotova rješenja.
Za sad ono što ti treba, a što radi preusmjerenje http://tvojadomena.com/ => https://www.tvojadomena.com/ je ispod:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+\.[a-z]{2,6})$ [NC]
RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]HSTS me traži da prvo redirektam na https a onda na www. Ili da maknem www
Error: HTTP redirects to www first
http://robertobilic.com(HTTP) should immediately redirect tohttps://robertobilic.com(HTTPS) before adding the www subdomain. Right now, the first redirect is tohttp://www.robertobilic.com/. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain.
A što je zanimljivo na drugoj domeni imam identične postavke, a curl -i -I daje različite rezultate
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
Header always set x-xss-protection “1; mode=block”
… i ima tu još toga ako je Apache >= 2.4
Edit @robi052 - sad vidjeh gdje ti se domena hosta. Druga domena ti je na istom hostingu?
u tom si poslu, onda vjerovatno znaš da se u dosta slučajeva koristi nginx + php-fpm bez ikakvog apachea 
@korisnik9758789 - i primjenjuješ HSTS/ .htaccess na isti 
Good morning, Colombo. This is America!
Nakon ovakvog redirect chaina sigurno ces biti u nemilosti Googlea.
Domena: Da. Isti hosting
Header set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
CSP
Header always set Content-Security-Policy: "default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google.com https://maps.google.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://ajax.googleapis.com https://csi.gstatic.com https://www.gstatic.com https://cdnjs.cloudflare.com https://www.vimeo.com https://www.vimeocdn.com https://platform.twitter.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://www.vimeocdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: https://csi.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net https://secure.gravatar.com https://syndication.twitter.com www.githubusercontent.com https://ps.w.org https://ts.w.org https://s.w.org https://wordpress.org https://www.facebook.com cdnjs.cloudflare.com https://yoast-mercury.s3.amazonaws.com https://www.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; connect-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com www.gstatic.com *.algolia.net *.algolianet.com https://yoast.com; media-src 'self'; child-src 'self' https://www.google.com/recaptcha/ https://wp-themes.com; frame-src 'self' https://www.google.com/recaptcha/; form-action 'self'; frame-ancestors 'self' https://www.google.com/recaptcha/; upgrade-insecure-requests; block-all-mixed-content; report-uri https://robertobilic.report-uri.io/r/default/csp/enforce;"
Header set Referrer-Policy: unsafe-url;
Ako hoćeš, pošaljem ti cijeli htaccess samo mi u PM pošalji e-mail
EDIT: Nemam u .htaccess uključen mod_ssl i prve tri postavke kao ti. Ostalo imam. X-Frame, nosniff i xss isto postaljeno
Trenutačno koristim ovo i uglavnom radi osim kod redirecta http://domena.com (i poddirektoriji) gdje me preuspjerava na https://www.domena.com/ odnosno na traženu poddirektorij sa / na kraju, iako sam postavio bez / na kraju.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.robertobilic.com/$1 [R=301,L]
Dao sam samo preporučene postavke, i to za Apache >2.4 (to nisu “moje” postavke)
U tvojoj verziji web servera poželjno bi bilo da imaš uključeno i sljedeće:
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”
Ako ti je i druga domena na istom web serveru i kod istog hosting providera, jednostavno je nemoguće da jedna radi a druga ne radi. Negdje si fulao, triple check…