Tutorial: Redirect your naked domain with SSL on AWS S3

Unfortunately, AWS S3 makes it quite hard to redirect naked domains with SSL. That's why we create a quick tutorial to help you get started:

Step 01: What does your www domain point to?

Visit your domain name provider and locate where you can add custom nameservers in the DNS settings. If you already have a CNAME record that pointing to AWS S3, you can skip the next sentences and move on to step 2. If the CNAME record however is non-existent or not redirecting to AWS S3, you want to associate a host name with an Amazon S3 bucket using CNAMEs. Select a host name that belongs to a domain you control. This example uses the images subdomain of the johnsmith.net domain. Create a bucket that matches the host name. In this example, the host and bucket names are images.johnsmith.net.Then, create a CNAME record that defines the host name as an alias for the Amazon S3 bucket. For example: images.johnsmith.net CNAME images.johnsmith.net.s3.amazonaws.com. Now, copy the CNAME record records and paste them into the CNAME entry field of your domain.

Step 02: Naked SSL redirection

Please note: The following process is a bit more time consuming. Therefore we built NakedSSL, to make the lives of web masters, admins, and web developers a little easier. Find out if NakedSSL solves your problem:

Enter your naked domain to see if we can help:

Do you have a valid SSL certificate installed? Check these guides:

Get a SSL certificate

Make sure you have a valid SSL certificate installed for your domain. If you do not have a SSL certificate, redirecting from e. g. https://domain.com to https://www.domain.com will not work, as the browser will have to establish a SSL connection first, before a redirect can be executed. The redirection process therefore fails, as the SSL certificate does not match. In this case we recommend buying a valid SSL certificate for your www and naked domains. Our choice: RapidSSL from The SSL Store. Once you have purchased the SSL certificate, you need to install the SSL certficate on your server. In the next step, you will have to set up the redirect, and these possible configurations can solve your problem:

You could use an if condition in your Nginx configuration, e. g. like this:

server {
listen 443;
server_name domain.com;
if ($host = domain.com) {
rewrite ^(.*) https://www.domain.com:443$request_uri? permanent;

Or you could use the following configuration to create a 301 redirect for your naked domain:

server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;

return 301 https://www.example.com$request_uri;

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
return 301 https://www.example.com$request_uri;

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;

====>>> Your site configuration goes here <<======

We build NakedSSL to make your life as a web professional easier. One domain is free, so just give it a try.

NakedSSL: One domain, free forever:

Start with our free single-domain plan and upgrade only if necessary: NakedSSL offers 3 different plans for all your needs.
Need even more domains? Just contact us.

Single Plan

1 domain


(or until we are broke)

Sixpack Plan

6 domains

€4.99 / month

€49.90 / year

Shitload Plan

25 domains

€16.99 / month

€169.90 / year