From time to time we are asked how you can force your website visitors to view your website over https. For example, if a visitor access http://domain.com, you can force them to https://domain.com so that they are always using the SSL certificate.

Please note, if you use the Premium Website Builder to create your site, please see our article on How to Force your Premium Website Builder site to use SSL.

The following instructions gives you code to add to an .htaccess file. If your .htaccess file has existing code, then you shoud place the following code examples above the existing code of your .htaccess file so that the newly added code is executed first.

How to force your visitors to use your Shared SSL Certificate

To force your visitors to use your Shared SSL certificate:

  1. log into your cPanel and access the redirects section
  2. Set Type to Permanent (301)
  3. Next to http://(www.)? choose the domain name you are working with
  4. Next to redirects to, enter your website's url using the Shared SSL Certificate
  5. We recommend having Redirect with or without www. selected, so that the user will be forced to use SSL whether they use domain.com or www.domain.com
  6. Ensure Wild Card Redirect is selected
  7. Click Add

When testing, we were redirecting example.com to https://secure21.webhostinghub.com/~whhsup5/

You can see below how the rewrite was setup before we clicked "Add"

force_https_cpanel

When you save this redirect, cPanel actually sets up the redirect by editing your .htaccess file. You don't need to do anything further from here (other than test). If you were actually looking for the .htaccess code to perform this type of redirect, cPanel added the following code to the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteRule ^(.*)$ "https\:\/\/secure21\.webhostinghub\.com\/\~whhsup5\/$1" [R=301,L]

How to force your visitors to use your Dedicated SSL certificate

If you try to setup a Dedicated SSL redirect using the same steps above, cPanel will fail with an error message, similar to:

Redirecting to https://www.example.com/ will cause a redirection loop because 'http://example.com/'

which is located at /home/whhsup5/public_html/

is above 'https://www.example.com/'

which is located at /home/whhsup5/public_html/

The following changes to the .htaccess file will require that you make use of the edit options available within the cPanel. You will need to edit the .htaccess file to force the re-direct. Depending on your situation, you may need to re-direct all website traffic, only a specific domain, or a folder to use HTTPS.

Forcing a specific domain to use HTTPS

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^abcd\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.xyz.com/$1 [R,L]

In the .htaccess code above, if abcd.com website is accessed, it will re-direct to https://xyz.com You will need to replace abcd\.com with the domain name you're forcing to https and also replace www.xyz.com with the domain name to where the website traffic will be re-directed. Here's an example:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^test-site\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.some-website.com/$1 [R,L]

In the example above, any one typing in http://test-site.com will automatically be re-directed to https://some-website.com.

Forcing all website traffic to use HTTPS

In order to force all web traffic to use HTTPS, use the following code in your .htaccess file. If you are hosting multiple websites on your account, it is possible to have an .htaccess file for each website. Make sure that you are editing the .htaccess file that is in the root folder where you want the re-direct to occur.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Be sure to replace www.yourdomain.com with your actual domain name.

Forcing SSL on a specific folder

If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

If you need further assistance please feel free to ask a question on our support center website.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Comments

n/a Points
2018-01-23 12:32 am

 

The article says “use the following lines of code in the .htaccess file in your website's root folder”. I wish I knew which folder is the root folder. And I assume the .htaccess will need to be created since I didn't find it anywhere. I was at my /home/sitename folder and tried to create it there but I could not see it.

 

Staff
1,017 Points
2018-01-23 9:34 am
By default, the website document root is the public_html directory, but for subdomains and addon domain it will be the subdirectory for that domain. This can be changed in the domain settings in cPanel.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.