How to force a site to use SSL ( HTTPS:// )

We all want to stay safe on the internet and it's easier to do so when SSL (Secure Sockets Layer) is in use. SSL ensures that all communications between your web browser and the site you are visiting is encrypted. Sites using SSL will usually show a green padlock at the start of your browsers address bar.

This article shows you how to have the web server force all connections to your site using SSL, this means all connections will be made using https:// instead of http://. Keeping your information safe from hackers.

This article does not detail how to ensure all your content is available over https:// - you need to ensure your site is configured correctly. We have a separate article on fixing mixed content issues.
Prior to completing these steps you need to ensure that a valid SSL certificate is in place for the domain you want to force SSL on.

This can be a purchased/EV SSL certificate or a free Let's Encrypt certificate. We have a separate article on how to configure Lets Encrypt on your domain.

With version 80 cPanel introduced a much simpler way to configure a domain to force all traffic over HTTPS.

Unless you have a specific requirement for custom primary/alias domain HTTP/HTTPS configuration we recommend using this new method.

Alias domains inherit their redirection status from their parent domain. The alternative method to force HTTPS by editing the .htaccess file is still included should you require it.

Using Force HTTPS within cPanel Domains

  1. Click Domains from within the DOMAINS section in cPanel.
  2. Simply click the slider switch under the Force HTTPS Redirect column next to the domain you want to enable.
  3. You'll see a confirmation message in the top-right hand corner and the switch will toggle to On.
    All traffic for this domain will now be forced to HTTPS.

Configuring Force HTTPS by editing .htaccess

  1. To force SSL connections to a site edit the .htaccess file in the folder containing the site. You can do this through cPanel File Manager or via FTP (download the file, edit it and upload again).
    Add the following lines to the top of the .htaccess file
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  2. After saving the file, try visiting your website using a http:// URL - you'll find that it gets redirected to the https:// version


How did we do?


Powered by HelpDocs
© Krystal Hosting Ltd 2003–2019