From time to time we are asked how you can force your website visitors to view your website over https. For example, if a visitor access http://domain.com, you can force them to https://domain.com so that they are always using the SSL certificate.
NOTE:For SSL certificates on WordPress you should consider a SSL plugin to force content to HTTPS such as Really Simple SSL instead.
The following instructions gives you code to add to an .htaccess file. If your .htaccess file has existing code, then you should place the following code examples above the existing code of your .htaccess file so that the newly added code is executed first.
How to force your visitors to use your Dedicated SSL certificate
If you try to setup a Dedicated SSL redirect using the same steps above, cPanel will fail with an error message, similar to:
Redirecting to https://www.example.com/ will cause a redirection loop because 'http://example.com/'
which is located at /home/whhsup5/public_html/
is above 'https://www.example.com/'
which is located at /home/whhsup5/public_html/
The following changes to the .htaccess file will require that you make use of the edit options available within the cPanel. You will need to edit the .htaccess file to force the re-direct. Depending on your situation, you may need to re-direct all website traffic, only a specific domain, or a folder to use HTTPS.
Redirect All Web Traffic
To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website's root folder.
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Redirect Only Specified Domain
To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace www.example.com with your actual domain name.
Redirect Specified Folder
If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:
NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L]
Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.
How to force your visitors to use your Shared SSL Certificate
To force your visitors to use your Shared SSL certificate:
log into your cPanel and access the redirects section
Set Type to Permanent (301)
Next to http://(www.)? choose the domain name you are working with
Next to redirects to, enter your website's url using the Shared SSL Certificate
We recommend having Redirect with or without www. selected, so that the user will be forced to use SSL whether they use domain.com or www.domain.com
Ensure Wild Card Redirect is selected
Click Add
When testing, we were redirecting example.com to https://secure21.trejj.net/~whhsup5/
You can see below how the rewrite was setup before we clicked "Add"
force_https_cpanel
When you save this redirect, cPanel actually sets up the redirect by editing your .htaccess file. You don't need to do anything further from here (other than test). If you were actually looking for the .htaccess code to perform this type of redirect, cPanel added the following code to the .htaccess file:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteRule ^(.*)$ "https\:\/\/secure21\.trejj.net\.com\/\~whhsup5\/$1" [R=301,L]
If you need further assistance please feel free to ask a question on our support center http://trejj.net
