How to force SSL on your site

Since sites accessed with HTTPS are secure, it's important to actually utilize your SSL certificate.

Once you have set up your SSL certificate with this guide, you should set up your site so that it actually gets used.

After installing an SSL certificate, your website is available over HTTP and HTTPS. However, it’s better to use only the latter because it encrypts and secures your website’s data. You can also use the .htaccess file to force HTTPS connection. This tutorial will show you how.

Forcing HTTPS on All Traffic:

One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one. You can activate the feature to force HTTPS on all incoming traffic by following these steps:

Go to File Manager in your cPanel and open .htaccess inside the public_html folder. If you can’t locate it, create a new file called ".htaccess". Insert this code into the file:

RewriteEngine On
RewriteCond %{SERVER_PORT}80
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If you already have an existing .htaccess file:

Do not duplicate RewriteEngine On, and make sure the lines beginning with RewriteCond and RewriteRule immediately follow the already-existing RewriteEngine On.

Forcing HTTPS on a Specific Domain

Let’s say that you have two domains: http://yourdomain1.com and http://yourdomain2.com. Both domains access the same website, but you only want the first one to be redirected to the HTTPS version. In this case, you need to use the following code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain1.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to replace yourdomain1.com with the actual domain you’re trying to force HTTPS on.

Forcing HTTPS on a Specific Folder

The .htaccess file can also be used to force HTTPS on specific folders. However, the file should be placed in the folder that will have the HTTPS connection. In this case, use the follow

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(folder1|folder2|folder3) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Make sure to change the folder references to the actual directory names. After making the changes, clear your browser’s cache and try to connect to your site via HTTP (manually type in http://yourdomain.com). If everything was added correctly, the browser will redirect you to the HTTPS version.

Congratulations! you have successfully edited your .htaccess file and redirected all HTTP traffic to HTTPS, the secured version of your website. Depending on the platform where you developed your website, there could be alternative methods to enable this feature. For example, you can configure your WordPress site to work with HTTPS using a plugin, such as Really Simple SSL.

If you have any questions or something isn't working, feel free to make a support ticket either on our Discord, or on our billing panel and we'd be happy to help you out.

PreviousHow to enable SSL NextUpload your website with cPanel

Last updated 5 years ago

Was this helpful?