Redirect default HTTPS request (port 443) to a different port with HTTPS

Hallo everybody,

today I’ve been experiencing this problem.

I have cca 10 domains sharing one self-signed SSL certificate. This morning I decided to create virtualhost with non shared certificate, signed by CA. As everybody knows, the only way(s) is to assing private IP or run HTTPS on a different port. The different port was a way I decided to try…

So I set port 444 instead of 443, I got free signed certificate and installed via Virtualmin’s enviroment ‘Manage SSL Certificate’. Everything is fine and working well. My URL reports signed and verified certificate. But…

The problem I want solve is, when somebody try (without specified port), he is transffered to the first SSL enabled virtualhost with self-signed cert which means in some browsers ‘red error’ :confused: He is still on domain, but he views the content of the other virtualhost. So my first idea (and I guess yours too) is simply redirect all request @ TO – seems like a easy job :-), but…

I didn’t figured out, how to get this work properly, so I want to ask you, please, don’t you know how to?


  1. Adding virtualhost listening on 443 to apache conf of this new virtual, and via RewriteRules redirect all requests to URL with :444 port. It ‘works’ at half, because the browser first asks on self-signed cert = error. No clean way.
  2. Adding redirect rules to the first SSL enabled virtualhost, this works the same way like the 1)

I have some suspicion that this might solve some proxying, but I have absolutely no skills with it, so thanks for any help.

(+little question for the end, is somehow available to show content without being port visible?)


Yeah, the problem is that using an alternate port for SSL isn’t the best way to handle that, using a dedicated IP is the best way to provide SSL for a domain.

The trouble is that the SSL connection is negotiated before any content or configuration is read – so it’s not actually possible to solve the problem you’re describing.

That is, if someone connects to, you could add in a .htaccess file or similar to redirect the user to port 444, but they will always receive an SSL warning before that redirect occurs.

Now, you could add a redirect so that someone connecting to port 80 for that domain is redirected to port 444, but it’s not possible to do that with port 443 in a way that prevents a warning from popping up.

My suggestion would be to splurge on a new IP address for this particular domain, that would solve all the problems you’re describing above :slight_smile:


I’m thinking about one possible solution:

  1. disable all ‘shared’ SSL

  2. set only one virtual with SSL on port 443 with signed cert!

  3. on this one virtual set the all other redirects (eg. to

  4. every other virtual, where we want SSL and we have no private IP available, we set some unique port for SSL

This I guess can work without any errors. But the point still is: is there any other way, how to redirect the https request before it gets on the apache conf?

Another thing that should be considered: Is better to have self-signed HTTPS on the default port 443, or have signed by CA on non-standard port? (I suppose the unavailability of IP addresses) What is more secure (no matter how difficult setting is)?

Thank you for your opinions…

I don’t think what you try can be done.

But regarding your statement:

“As everybody knows, the only way(s) is to assing private IP or run HTTPS on a different port.”

this is not correct. Newer version of apache come with mod_ssl version that supports SNI (“name-based SSL”), which works pretty much with all modern browsers. Maybe sufficient in your case?