Cpanel

Comprehensive Step-by-Step Guide to Forcing HTTPS on Your Domain Using .htaccess: Full Details

July 16, 2025 No comments yet

Forcing HTTPS on your domain ensures all traffic is encrypted, enhancing security and improving SEO rankings. The .htaccess file, located in your website’s root directory (e.g., public_html), allows you to configure Apache web server settings, including HTTPS redirection. This guide provides a complete, step-by-step process to force HTTPS using .htaccess, including prerequisites, editing instructions, and troubleshooting. This assumes you have an SSL certificate installed (e.g., via Let’s Encrypt or a third-party provider) and cPanel access.

Prerequisites

Before starting, ensure the following:

  • An SSL certificate is installed on your domain (check via Security > SSL/TLS in cPanel).
  • cPanel access via https://yourdomain.com:2083 with your username and password.
  • The domain is propagated and accessible via HTTPS.
  • A backup of your website files and database (via Backups in cPanel).
  • Basic understanding of file editing (no coding experience is required).

Step-by-Step Process to Force HTTPS Using .htaccess

Step 1: Log in to cPanel

  1. Open a web browser and navigate to https://yourdomain.com:2083 or the IP provided by your host.
  2. Enter your cPanel username and password to log in.
  3. If two-factor authentication (2FA) is enabled, complete the verification.

Step 2: Access File Manager

  1. In the cPanel dashboard, go to the Files section.
  2. Click File Manager.
  3. In the pop-up, select Web Root (public_html/www) and check Show Hidden Files (dotfiles) to display .htaccess.
  4. Click Go to enter the public_html directory.

Step 3: Locate or Create the .htaccess File

  1. Check for Existing .htaccess
    • Look for a file named .htaccess in the public_html directory.
    • If it exists, proceed to edit it (see Step 4). If not, create it.
  2. Create .htaccess (if missing)
    • Click the + File button in the toolbar.
    • Name the file .htaccess (ensure no extension like .txt is added).
    • Click Create New File.
    • Right-click the new .htaccess file and select Edit.

Step 4: Edit the .htaccess File to Force HTTPS

  1. Open the Editor
    • In the editor pop-up, click Edit Anyway if a warning appears.
  2. Add the HTTPS Redirect Rule
    • Paste the following code at the top of the .htaccess file to force HTTPS:
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    • Explanation:
      • RewriteEngine On: Enables the rewrite module.
      • RewriteCond %{HTTPS} off: Checks if HTTPS is not active.
      • RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]: Redirects all HTTP traffic to HTTPS with a permanent (301) redirect.
  3. Save Changes
    • Click Save Changes in the top-right corner.
    • Click Close to exit the editor.

Step 5: Test the HTTPS Redirect

  1. Clear Browser Cache
    • Clear your browser cache or use an incognito window to avoid cached redirects.
  2. Visit Your Domain
    • Open a browser and enter http://yourdomain.com.
    • You should be automatically redirected to https://yourdomain.com.
    • Test subpages (e.g., http://yourdomain.com/about) to ensure consistent redirection.
  3. Verify SSL
    • Click the padlock icon in the browser address bar to confirm the SSL certificate is valid.
    • Use an online SSL checker (e.g., SSL Labs) for a detailed report.

Step 6: Troubleshoot and Finalize

  1. Check for Errors
    • If redirection fails, revisit the .htaccess file for typos.
    • Ensure the SSL certificate is installed correctly (via SSL/TLS > Certificates in cPanel).
  2. Handle Mixed Content
    • If some elements load over HTTP, use a tool like “Why No Padlock?” to identify insecure resources.
    • Update URLs in your website code (e.g., in WordPress, go to Settings > General and set both WordPress Address and Site Address to https://yourdomain.com).
  3. Restart Apache (if needed)
    • If changes don’t apply, restart Apache via WHM (Service Status > Restart Services > HTTP Server (Apache)) or SSH: service httpd restart.
    • Note: This requires root access, so coordinate with your host if needed.
  4. Monitor Logs
    • Check Apache error logs (/var/log/apache2/error.log or /var/log/httpd/error_log via WHM or SSH) for redirection issues.

Additional Details and Tips

  • Alternative Redirect Code
    • For specific domains or subdomains, use:
      RewriteEngine On
      RewriteCond %{HTTP_HOST} ^yourdomain.com [NC]
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://yourdomain.com/$1 [L,R=301]
    • Replace yourdomain.com with your actual domain.
  • Exclude Subdirectories (Optional)
    • To exclude a subdirectory (e.g., http://yourdomain.com/shop from HTTPS):
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteCond %{REQUEST_URI} !^/shop/ [NC]
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • WordPress-Specific Redirect
    • If using WordPress, add this to .htaccess after # BEGIN WordPress:
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • Safety Precautions
    • Backup: Download a copy of .htaccess before editing.
    • Test: Use a staging site or subdirectory to test the redirect.
    • Syntax: Ensure no duplicate RewriteEngine On lines to avoid conflicts.
  • Troubleshooting
    • Redirect Loop: Remove the rule and check for conflicting redirects in other .htaccess sections or server config.
    • 500 Error: Verify syntax and ensure the Apache mod_rewrite module is enabled (ask your host).
    • No Redirect: Confirm SSL is active and the domain is correctly configured.
  • Alternative Methods
    • cPanel Redirects: Go to Domains > Redirects, set a 301 redirect from http://yourdomain.com to https://yourdomain.com. Note this is less flexible than .htaccess.
    • WHM: Use SSL/TLS > Install SSL Certificate and enable “Force HTTPS Redirect” if available (requires root access).

Conclusion

You’ve now successfully forced HTTPS on your domain using .htaccess in cPanel. This enhances security and user trust. Monitor your site for a few days to ensure all pages redirect correctly and address any mixed content issues. For further assistance or specific configurations, let me know, and I’ll guide you further!

Leave a Reply

Your email address will not be published. Required fields are marked *