How to force a site to use SSL ( HTTPS:// )
We all want to stay safe on the internet and it's easier to do so when SSL (Secure Sockets Layer) is in use. SSL ensures that all communications between your web browser and the site you are visiting is encrypted. Sites using SSL will usually show a green or secure/locked padlock at the start of your browsers address bar.
This article shows you how to have the webserver force all connections to your site over SSL, this means all connections will be made using https:// instead of http://. Keeping your information safe from hackers.
This article does not detail how to ensure all your content is available over https:// - you need to ensure your site is configured correctly. We have a separate article on fixing mixed content issues.
Prior to completing these steps, you need to ensure that a valid SSL certificate is in place for the domain you want to force SSL on.This can be a purchased (Extended Validation or EV) SSL certificate or a free Let's Encrypt (Domain Validation or DV) certificate. We have a separate article on how to configure Lets Encrypt on your domain.
With version 80 cPanel introduced a much simpler way to configure a domain to force all traffic over HTTPS.
Unless you have a specific requirement for custom primary/alias domain HTTP/HTTPS configuration we recommend using this new method.
Alias domains inherit their redirection status from their parent domain. The alternative method to force HTTPS by editing the .htaccess file is still included should you require it.
Click Domains from within the DOMAINS section in cPanel.
Simply click the slider switch under the Force HTTPS Redirect column next to the domain you want to enable.
You'll see a confirmation message in the top-right hand corner and the switch will toggle to On.
All traffic for this domain will now be forced to HTTPS.
To force SSL connections to a site edit the .htaccess file in the folder containing the site. You can do this through cPanel File Manager or via FTP (download the file, edit it and upload again).
Add the following lines to the top of the .htaccess file
After saving the file, try visiting your website using an http:// URL - you'll find that it gets redirected to the https:// version
*
*
This article shows you how to have the webserver force all connections to your site over SSL, this means all connections will be made using https:// instead of http://. Keeping your information safe from hackers.
This article does not detail how to ensure all your content is available over https:// - you need to ensure your site is configured correctly. We have a separate article on fixing mixed content issues.
Prior to completing these steps, you need to ensure that a valid SSL certificate is in place for the domain you want to force SSL on.This can be a purchased (Extended Validation or EV) SSL certificate or a free Let's Encrypt (Domain Validation or DV) certificate. We have a separate article on how to configure Lets Encrypt on your domain.
With version 80 cPanel introduced a much simpler way to configure a domain to force all traffic over HTTPS.
Unless you have a specific requirement for custom primary/alias domain HTTP/HTTPS configuration we recommend using this new method.
Alias domains inherit their redirection status from their parent domain. The alternative method to force HTTPS by editing the .htaccess file is still included should you require it.
Using Force HTTPS within cPanel Domains
Click Domains from within the DOMAINS section in cPanel.
Simply click the slider switch under the Force HTTPS Redirect column next to the domain you want to enable.
You'll see a confirmation message in the top-right hand corner and the switch will toggle to On.
All traffic for this domain will now be forced to HTTPS.
Configuring Force HTTPS by editing .htaccess
To force SSL connections to a site edit the .htaccess file in the folder containing the site. You can do this through cPanel File Manager or via FTP (download the file, edit it and upload again).
Add the following lines to the top of the .htaccess file
RewriteEngine OnRewriteCond %{HTTPS} offRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
After saving the file, try visiting your website using an http:// URL - you'll find that it gets redirected to the https:// version
*
*
Updated on: 24/01/2024
Thank you!