Force HTTPS with the .htaccess File

Title image Force HTTPS with the .htaccess File

Force HTTPS connections with the .htaccess to make sure every connection is a secure one. Your website’s visitors should be accessing your site using an SSL-encrypted connection for added security, accessibility, or PCI compliance. If you’re unfamiliar with SSL, our article, “What is SSL and why is it important?” will get you up to speed. Just having an SSL is not enough if someone can accidentally reach your site with an unsecured connection. Read below to see how to force HTTPS connections on your site.

Why Force HTTPS for a Secure Connection?

InMotion Hosting includes a free SSL Certificate for all Business Class Hosting Plans. It’s easy to activate this SSL in your Account Management Panel (AMP) under My Account > Manage Free SSL.

We highly recommend that you require all visitors to your site to access it through a secure connection. At this point, a large majority of sites are running through SSL, and search engines may penalize you if you are not on SSL. More importantly, Google now seems to prioritize search results with secure connections over those without.

Forcing visitors to use SSL can be accomplished through a variety of plugins, or by manually editing your .htaccess file using mod_rewrite.

Forcing HTTPS with .htaccess

The .htaccess file is a configuration file used on Apache servers. It is a ‘dot file,’ as the period at the beginning of the file name means that it is hidden from view by default. If you cannot see it, be sure that you can view hidden files in cPanel’s file manager.

NOTE: For WordPress sites, consider an SSL plugin such as Really Simple SSL instead.

Redirect All Web Traffic

To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder.

WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On 
RewriteCond %{HTTPS} !on 
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ 
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect Only One Specified Domain

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website’s root folder:

WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

If this doesn’t work, try removing the first two lines.

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

NOTE: Make sure to replace example.com with the domain name you’re trying to force to https. Additionally, you need to replace www.example.com with your actual domain name.

Redirect Specified Folder

If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:

WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L]

NOTE: Make sure you change the folder reference to the actual folder name. Then, be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.

If you’re setting up an SSL for a WordPress site, be sure to check out our guide to setting your SSL up on a WordPress site. If you want advanced information on the .htaccess file, take a look at the official Apache .htaccess documentation. If your browser does not seem to indicate that you have an SSL even after you set this up, be sure to check our SSL ‘lock’ troubleshooting guide.

Go Unlimited with Exceptional Shared Hosting

Upgrade your Shared Hosting today and take your business to the next level! Get unlimited NVMe SSD storage, cPanel, professional email and over $400 in savings.

check markFree Domain check mark24/7 Human Support check mark100% Money-Back Guarantee

Shared Hosting

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

256 thoughts on “Force HTTPS with the .htaccess File

  1. Note is confusing and is not applicable for all traffic version.

    ============================

    Redirect All Web Traffic
    To force all web traffic to use HTTPS, insert the following lines of code in the .htaccess file in your website’s root folder.

    WARNING: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

    Copy
    RewriteEngine On
    RewriteCond %{HTTPS} !on
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    NOTE: Be sure to replace www.example.com with your actual domain name.

    ****MOVE NOTE BELOW. NO “www.example.com above”.***

  2. Question: I’m getting dinged for 2 redirects using your code (above) to force https as well as WordPress’ dynamically created code for permalinks. Can you either give me a code snippet to 1) do what your code does for SSL validation in a mod_rewrite format or 2) do what the dynamic WordPress code does in a non-mod_rewrite format? Basically, I’m trying to condense these two sections into one so as to only have one redirect. Is this possible? Your code in a mod_rewrite format is probably preferable as I can make the WordPress code static and block WordPress’ ability to rewrite that section. Thanks in advance!

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    1. Hi davelabz,

      Thank you for your question. We don’t have such a code snippet available at this time. I recommend contacting our Technical Support team to see if they can provide a possible solution to this issue.

      Best Regards,
      Alyssa K.

  3. Hi all, I’, trying to do website redirection but not successful due to my rewritecond input = ‘www.example.com’ but host in browser debugger showing ‘example.com’ how do I change the input or http_host? Where does it refer to? I’m expecting my website to redirect from https://example.com to https://www.example.com

    1. Hello and thanks for contacting us. You may need to do the redirect from within the website (if you’re using a content management system like WordPress) or from the server depending on your hosting plan. I recommend you contact our Live Support with more information for further assistance.

  4. Did I added this at right place????


    # BEGIN WordPress
    # The directives (lines) between `BEGIN WordPress` and `END WordPress` are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.

    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^sophiatravels\.com [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.sophiatravels.com/$1 [R=301,L]

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # END WordPress

  5. I followed the ‘Route All Traffic’ code, but encountered an interesting situation when I was testing my page speed on Google PageSpeed Test. It’s claiming the following redirects are causing performance issues because it’s more than needed:

    *changed the URL for security reasons

    (Initial: https://www.example.com/)
    0 ms
    https://www.example.com
    630 ms
    https://example.com
    480 ms

    Is it possible to modify the redirect code so it goes straight to https://example.com without going to www first?

    Here is the code I’m using:
    RewriteEngine On
    RewriteCond %{HTTPS} !on
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  6. I want to redirect my site https://hikingannapurna.com to https://www.hikingannapurna.com without redirecting to https://hikingannapurna.com. Is it possible?

  7. My webmaster has use this code, is this correct?

    RewriteEngine On
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
    RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

  8. Hello want to redirect https://www.example.com to https://example.com

    What code should i use in .htaccess

    I’m using below code

    RewriteCond %{SERVER_PORT} 80 [OR]
    RewriteCond %{HTTP_HOST} ^www.urbanhalal.com [NC]
    RewriteRule ^(.*)$ https://urbanhalal.com/$1 [R,L]
    
    1. Hello Yatin324 – If you follow the instructions in the article, it will give you the proper code. (The code below is directly from the article).

      RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
      RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
      RewriteEngine On
      RewriteCond %{HTTP_HOST} ^example\.com [NC]
      RewriteCond %{SERVER_PORT} 80
      RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

  9. Hi, i am using angularjs application, i tried to redirect http to https,
    i am using below code, but its not working, plz suggest me for proper code.

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.pro-elearning.com/$1 [R=301,L]
    
    1. Hello which is easier when working on redirects, is it angualr js or php, i’m on a project about football betting and i’m designing a site that is similar to Soccervista zulubet and statarea i wanna handle the redirect issue for better understanding by my users

      1. Hello Israel, AngularJS is a framework based on JavaScript. PHP is a complete programming language. Your question is more suited for an experienced programmer and depends on needs of your coding project. If you’re building the entire site, I’d recommend PHP, but be aware that it’s intended for back end development.

    2. If you’re using an Angular app, your problem will be ensuring HTTPS and url rewrites as everything must be proxied through Index.html. I used this:

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
      RewriteCond %{REQUEST_FILENAME} -f [OR]
      RewriteCond %{REQUEST_FILENAME} -d
      RewriteRule ^ - [L]
      RewriteRule ^ /index.html [L]
      

      BUT I’m getting an infinite redirect loop for some reason. Does anyone know what I’ve done wrong in the above? I need to ensure the HTTPS and also make sure to rewrite all routes through index.html (if I do both of these redirect commands on their own they both do what I need, but using together is an issue).

      1. Hello Robert,

        Typically, we do not provide too much support on coding issues as they tend to be specific to a situation and there can be many approaches to provide a solution. In looking at your code, the issue looks like it’s the end where you are using the [L] option. You can see more information on the actual apache.org page for the mod_rewrite function. You can also test it by removing parts of the code and seeing how it affects your results. We recommend speaking with an experienced web developer for more in depth assistance.

  10. Hello Good Day, The code above works but I have a problem. Why does it adds index.php at the end? Please help me.
    Desired Result: https://siteurl/
    Current Result: https://siteurl/index.php

    Here is my htaccess

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^example\.com [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
    RewriteCond $1 !^(index\.php|assets|images|js|css|uploads|favicon.png)
    RewriteCond %(REQUEST_FILENAME) !-f
    RewriteCond %(REQUEST_FILENAME) !-d
    
    1. Your code is putting out the “index.html” because of the rewrite rule creating the URL with the “$1” – basically this instructs the code to include the folder path AFTER the .com (or whatever your domain ends with). You can try removing it (the “$1”) and see if that’s what you want to force. This is typically regex coding which we don’t provide. However, check out that link for additional information.

  11. Below my .htaccess code how can I redirect to “https” I tried all above codes and my domain is Kindly help me.
    …………………………………………………………………..

    RewriteEngine  on
    RewriteBase /
    RewriteCond %{THE_REQUEST} /(.+?)\.php[\s?] [NC]
    RewriteRule ^ %1 [R=301,L,NE]
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{DOCUMENT_ROOT}/$1.php -f
    RewriteRule ^(.+?)/?$ $1.php [L]
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
    IndexIgnore *
    1. Forcing https:// use with your website is heavily influenced by the software you used to build your website. However, if you would like to force it using your .htaccess file, simply update this line of your code:

      RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

      to add the ‘s’ in “https://”, like so:

      RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
  12. 2019-01-10 6:19 pm Reply Hi jhon,

    i don`t know how to replace http to hhtps please give me easist way guide me through video link / screen shots . you have access in my websit c-panel also you can do it please because i am using same inmotionhosting.

    Thanks

    Moin

     

    1. I appreciate your feedback and am glad we can help! I recommend contacting your host to inquire what kind of SSLs they have available that will satisfy the requirements for browsers to not display insecure warnings.

  13.  

     

    Hi John-Paul,

    show this error: in my website how to fix this please help me and please give me your email address how to talk you directly through email.

    https://www.whynopadlock.com/results/41677241-85de-4c0f-b6bd-8e80f737e66e

    Mixed Content – Errors
     

     

    The Mixed content tests failed. Please be sure that you can connect to your site over SSL and try again.
    Error Returned: Navigation Timeout Exceeded: 30000ms exceeded
     
     
    Thanks
     
    Moin
  14. Hi John-Paul,

    please help me i am trying http to https this way also but still not show SSL pad lock please check and contact me via email please.

    https://www.youtube.com/watch?v=KRCcNjSlt9M

    #Redirection code starts
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    #Redirection code Ends

    Thanks

    1. Hello.

      I recommend using the website WhyNoPadLock.com to run a scan of your website, to determine why it is not showing the padlock. This will help you identify the security implementations that are required for the padlock to display for your website. I hope this helps!

      Sincerely,
      Carlos D.

  15. My website www.*******.com is not show SSL pad lock please tell me how to fix this issue i already post this issue in this link below  also if you have any shortcut to fix this issue please help me i am also using your hosting please you can do fix this issue please 

    https://magento.stackexchange.com/questions/256812/magento-1-9-ssl-issue

    @Moinuddin try right-click on your site and “View page source”. And on the source page hit ctrl-f and search for “https://” (without the quotes) to identify what you need to update. Looks like you are loading Google fonts and also some jpg and png image files over http. Google font is probably in your layout xml file. Jpg and png may be loaded in template files and/or CMS pages/blocks.

     

    1. The solution will differ based on how your site was built. If you are using a CMS such as WordPress, Drupal, or Magento you should first set up the SSL/https in the Dashboard or Admin section. If that doesn’t help there may be a plugin or addon module for accomplishing this.

      In some cases you may have to do a “Find and replace” in the database. Replacing all instances of https:// with https://

      Thank you,
      John-Paul

    1. The .htaccess file is a hidden file. You may need to adjust the File Manager settings to show the hidden files in order to locate it.

    1. Please follow the directions provided in the article above to force your site to https. If you’re having problems, then please explain the issues that you are having.

  16. Hi Inmotion, 

    Just wanted to say THANK YOU sooooo much for saving this girls web life 🙂 

    After having watched several youtube video tutorials, and after having read several articles on the topic – your little code snippets regarding the .htaccess file were all it took to redirect my examplesite.com to the https://www.examplesite.com/ like a charm! 

    I only have 1 question : On the address bar, to the right ( next to the star on Chrome ) – I now see a “shield” with a tiny red mark on it. When I click on it, it states the following :

    Insecure Content Blocked
    This page is trying to load scripts from unauthenticated sources. 

    This is really strange, because all I have running on my server is an CSS/ HTML / JS  “Coming Soon Page” which contains NO IMAGES whatsoever ( aside from my favicon ) and runs on JQuery + Ajax. This is quite perplexing to say the least…

    Is there anything I can do to resolve this ? Any advice/suggestion you can offer is greatly appreciated. 

    Thank You once again for the script 🙂

    1. Hello.

      I’m glad that we were able to assist! In regards to the insecure content message, I recommend checking out the website Why No Padlock?. There, you can enter your URL you are seeing this happen on and the report should provide insight into how to correct the insecurity detected.

      I hope this helps!
      Sincerely,
      Carlos D.

  17. I like you code and I use it!
    A little problem more:
    I use it to force http to https
    I’d like also to force e.g. www.example.com into example.com
    How can I do both?

    Thanks

    fp

  18. Really Simple SSL is not free, you must pay.

    Try Force HTTPS plugin (free one)

    https://wordpress.org/plugins/force-https-littlebizzy/

    1. The process of verification for your domain depends heavily on how you created your website. For instance, you could use Jetpack Site Verification Tools, if your website was built on WordPress.

      Let us know how you built your website and we may be able to assist you further.

  19. Hello…This is my website..After installing SSl and editing the .htaccess fill it redirects to https://www.********.com/ But the post URL is opening on https and http both…You may check.

    https://www.********.com/seo/top-10-tips-for-keyword-research-you-must-know/

    I can’t understand what is the actuall problem…Please help..otherwise Google may penalize my site…as it will be considered two different URL.

    1. Since it seems your site is running on WordPress, adding .htaccess rules directly can sometimes cause issues with existing rules. Due to this, I recommend using a WordPress plugin to force https.

      Thank you,
      John-Paul

  20. Thanks for the Tutorial but my websites still have 2 versions. HTTP and HTTPS.

    Which WP Plugin can I install to fix it ?

  21. Hi-

    I have a desktop site and a mobile site. The mobile site is accessed via a script in the html code anytime some visits on a mobile device. When I changed the .htaccess file to force https, only the desktop site loads regardless of device.

     

    How do I get the mobile site to load on mobile devices and force https for the desktop site?

  22. I used a redirect in .htaccess, but now when I try to update my xml sitemap,

    my completed crawled sitemap only includes the index page of my site???

    Do I need to update manually all my links on my webpages to https?

    RewriteCond %{HTTP_HOST} mysite\.co\.uk [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.mysite.co.uk/$1 [R,L]
    1. Hello,

      Thanks for your question about the XML site map updates after implementing HTTPS. It appears that you will have to update your XML sitemap to include the HTTPS links. This may depend on the tool that you are using. Check out this article on updating XML site maps. They say that you need to go into the sitemap and update the links. If you are using a tool then you may want to see if their support or documentation identifies how you can get the sitemap to be update using https.

  23. From my understanding of that question, he wants to redirect all 404 errors/pages to the index page. If you’re using wordpress, get a plugin names 404 redirect and you’re covered.

  24. Thank you for the code at the top “Forcing HTTPS with .htaccess directing all web traffic.  It works great!

    I would like to add a condition to the .htaccess code you provided that if the file doesn’t exist to he redirected (404 error).  I’ve tried different ways to add the statement to the .htaccess: “ErrorDocument 404 https://www.example/index.html” without success.

    Any help would be appreciated.

    1. Sorry to see you’re having trouble with redirecting the 404 error. The correct syntax would be:

      “ErrorDocument 404 https://example.com/404/” replacing example.com with your actual domain. From your comment, it appears you are missing the “.com” portion of the domain which may be preventing it from working properly.

  25. Hi,

    I want to force ssl on only one specific folder but that folder is my main root folder which is the full name of the website so it ends with the website URL instead of a folder name and does not work – what folder name can I use instead of the website URL?

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} www.example.com
    RewriteRule ^(.*)$ https://www.example.com/example.com/$1 [R=301,L]

    1. What you’re saying is a little confusing. The defined root or “document root” of the website is the folder in which the website files are being served. If you have a folder outside of that main, I would highly recommend that you move it within the document root folder. That way, you reference the folder properly to force https for that folder. You complicate the issue if your folder is outside of the root. If the files need to be accessed through the website, then that folder should be in the document root. Simply placing them outside of the root will not protect them if these files need to be accessed from the website in the first place. You can also define a folder outside of the root with a subdomain. For example,you could create a subdomain called folder.domain.com, where the folder path is defined the location outside of the document root.

      example of folder placement

      So, the easier (and recommended) solution is to simply move the folder into your website’s document root folder. Otherwise you will need to make a definition of that folder using a subdomain option as provided in the cPanel.

    1. Please clarify the steps you are taking. We would need to have more explicit information about your website in order to determine what’s happening. If you want the matter handled privately, then please contact our live technical support team for further assistance.

  26. After doing this all implementations I found few url like https://www.example.com/blog is not opening in good interface. For this what we do.

    1. I recommend checking the software documentation you are using for the site in the “/blog” directory. You may need to configure the software to use the https:// protocol for the resources it uses to load properly.

      If this is custom code, then you may need to review the code to ensure that resources for the website are being coded with https:// included, rather than https://. I hope this helps!

    1. The one redirect to www should take care of that, but if it’s still resolving to the domain by itself then perhaps the .htaccess file is not being processed properly or the syntax of the redirect rule is wrong. I advise contacting Live Support for further assistance.

  27. Help! I added the code to force https. After saving the edit, I realized I forgot to change the www.example.com to my domain. So I replaced it with mine and saved it again. Now, when I type my domain, my website shows up, but if I try to access it without typing the www it goes to www.example.com.

    After getting frustrated and deciding to forget the whole thing, I went back into the file and removed the new code, so that the only thing in there now is this:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    But I still have the exact same problem. How do I fix this so my website appears whether or not someone types www?

    Thanks

    Kristal 

  28. Hi All, 

    If I am using a WP site, and I want to redirect all domains addresses to https://www.domain.com/

    Do I need to a condition and rule for each possible scenario?

    Example: 

    RewriteCond %{HTTP_HOST} ^example.com [NC]
    RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]

    Is there one universal rewrite rule that will redirect all possible domain scenarios instead of manually typing each one? I want everything to point to a domain with https and www.

  29. The code works like a charm.. External links redirect everithing works fine.

    BUT:

    To be seo friendly.

     

    Do I need a 301 from all http subpages to all https subpages?

    It’s necessary to change all the EXTERNAL links to be seo friendly?

    THXS

    1. Hello.

      According to this third party tool, the code presented in our guide appears to identify a 302 redirect. However, you can modify the redirect code to force a 301 redirect. This is accomplished by adding =301 after [R in the last line of the code.

      For example:

      • 302 Redirect of https://example.com to https://www.example.com
        RewriteEngine On 
        RewriteCond %{HTTP_HOST} ^example\.com [NC]
        RewriteCond %{SERVER_PORT} 80 
        RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
      • 301 Redirect of https://example.com to https://www.example.com
        RewriteEngine On 
        RewriteCond %{HTTP_HOST} ^example\.com [NC]
        RewriteCond %{SERVER_PORT} 80 
        RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

      This will work for all your pages under that domain. A 301 redirect tells Search Engines that the content has permanently moved from https:// to https://. A 302 redirect tells Search Engines that the authority of the content should remain as the originating domain, rather than the domain that the redirect ends at. With a 301 redirect, you should not need to add redirect codes for each page to adhere to SEO best practices. I hope this helps!

      Sincerely,
      Carlos D

  30. Hi,

    The code you guys have given works, but doesn’t work (in the following scenario) if one has a parked domain with the same domain name, and the primary domain name is a HTTPS.

    Code refering above is the below one;

    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    Scenario;

    eg: me.com and me.net.

    If me.net is parked and redirected using the redirect option in inmotion to https://me.com > the re-direct works fine. 

    And then we force a redirct in .htaccess to force https://me.com to https://me.com > again the re-direct works fine. (had to do this, since after inmotion set me up the server, .com domain and ssl, it didn’t auto redirect to https when entering the domain name in the browser)

    But the problem is, with the code above added to .htaccess, for both these re-directs, it will throw a 302 instead of a 301 permanent re-direct. Which is really bad. 

    I used the below code to force my primary http .com domain to https .com, and now both re-directs show up 301. 

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

     

    Kindly let me know if this is an issue and if what i did was correct, since the code here didn’t work for me.

    Thanks!

    1. Sorry for the problem with the 301 re-direct. It doesn’t sound like your site is using the code specified in the .htaccess file. Or maybe it’s being re-directed elsewhere. Without any specific site information we can’t investigate here. .htaccess code can be overridden by an .htaccess file that has a higher priority (usually done by position of the file). My advice would be to contact our live technical support team. They can look at the .htaccess file in real time with you and provide an immediate solution. If the .htaccess file is set to use 301 for its re-direct, then it won’t do anything else unless something else is overriding it.

  31. When doing the redirect from http to https, I get this message. What should I do to correct?

    The validation required 1 HTTP redirect, but the AutoSSL provider “cPanel (powered by Comodo)” does not permit HTTP redirects.

    1. This issue commonly happens when there is something in the .htaccess file that is forcing a redirect to https://, I would recommend commenting out any redirects in your .htaccess file and then re-running AutoSSL.

  32. How do I get the padlock to show up even if just www.example.com is typed in browser..my not redirect from www to https..even after i purchased ssl

    1. I recommend checking your .htaccess file as there may be other rules interfering with the redirect.

      Also, if you are using a CMS (such as WordPress, Joomla, OpenCart) I recommend using a plugin or extension to force ‘https’. We are happy to help you troubleshoot further if you can provide a link to the website.

      Thank you,
      John-Paul

  33. RewriteCond %{HTTPS} off

    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

     

    Hello, i have this code on my .htaccess but this method redirect to https only the homepage and not other post i write. How can i solve to force redirect on all pages?

    1. The instructions in the first example above provide the answer for your question. We do not provide for support for user-provided code. However, you should be able to use the code from above:

      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    1. You’re not disabling HTTPS unless you’re also removing the SSL certificate. If you want to force certain URLs to use the non-HTTPS urls, then you can do that with the .htaccess file. It’s just change in the code provided in the tutorial above. Note that disabling HTTPS from a website may also depend on the application you’re using for your webite (e.g. WordPress, Joomla). If you’re not using an application, then typically, you’re making references to HTTPS in your code and you have to remove it.

  34. This works perfectly.

    My setup is 4 domains, A, B, C, D
    A = unused domain
    B = email hosted at gmail app, used for website
    C = email hosted at gmail app
    D = email at hosting.

    Managed to force redirect all traffic to domain B via https.

  35. Thank you so much for this info. I recently upgraded to an SSL certificate. I had everything working in the redirects for the site itself. But I have a shopping cart in a folder and had no idea how to force that to the https version.
    Takara

    1. If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteCond %{REQUEST_URI} folder
      RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]

      Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folder with your actual domain name and folder you want to force the SSL on.

  36. I added the .htaccess edits to the root file and i added a .htaccess in the folder I want to force ssl and still it is not working.  My site still tells me there are 2 image files that are being called as http files.  The 1 specific file I am only using in 1 place on my site.  I replaced it with one with https link and it still gives me the same error.  I even went into file manager and physcially deleted the file.  It still tells me there is a call to that http file but not also tells me it calls to the file but file is deleted.  I just cannot figure out how to fix this. At this point I am afraid of making any other modifications and breaking my site. I have even tried force ssl plugins and mixed content fixers.  No luck.

    1. If you are using a CMS (such as WordPress, Joomla, etc.) try using a plugin or extension. Since many CMS’ rely on .htaccess rules, manually adding rules can sometimes interfere with the site.

      Can you provide a link to the site for us to test?

      Thank you,
      John-Paul

  37. I want to add the code in my .htaccess file to redirect http to https but on downloading the .htaccess file to notepad on my computer, i saw the following code in the .htaccess file:

    # BEGIN WordPress
    AddHandler application/x-httpd-ea-php70 .php
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    Pls where exactly should i paste the code I need to redirect http to https in the above OR should i just delete the above code and paste the http to https code
    in the .htaccess file. Please advice, am confused.

    1. It is best advised to leave the WordPress rules in there. They are integral to some of WordPress’s functions working properly. I advise leaving the .htaccess file as it is and using a WordPress plugin to do the https redirect.

  38. Dear Sir

    This article help me to redirect my new domain aglatax.com to https, I face https redirect problem from many days, but after following your guide i am successfully redirect my website.

    Thanks again

    1. You can find more information about CloudFlare in their Support Forums. If you’re trying to whitelist their IPs, then check out this post.

  39. Hello there,

    I wasn’t sure which code to use for my problem. Here is my issue.

    My website is indexed two weeks back. It has HTTPS or SSL certificate installed.

    Actually it looks like this: https://example.com/

    But it is indexed in Google in two versions, like this: example.com/ and https://example.com/

    Now, I don’t want example.com/ in Google Index. I’ve been waiting to see if it naturally goes off from the Google Index. But it is not.

    How can I redirect this (example.com/) to https://example.com/? In my sitemap also, I have this version – https://example.com/. Please help me solve this issue.

    1. The instructions to force HTTPS are at the top of this article. If you read through it and have specific questions let us know.

  40. Hi,

    I have SSL for a domain but not subdomain. I have a mobile site and if i use the code your code i get ssl error on the mobile site. masically i want all traffic to www.mydomain.com to redirect to https://www.mydomain.com but m.mydomain.com to remain http.

    I´m using the code bellow, is this the correct code or you have a better solution. 

     

    RewriteCond %{HTTPS} off

    RewriteCond %{HTTP_HOST} www.mydomain.com

    RewriteCond %{REQUEST_URI} !/robots.txt

    RewriteRule (.*) https://www.mydomain.com/$1 [R=301,L]

    1. Hello,

      I don’t see anything wrong with that but I do not see any redirects for the mobile site in that code. I would think the simplest solution would just be to force SSL on the main domain and then you redirect to the mobile site ensure the redirect is specifying http instead of https.

      Best Regards,
      Kyle M

  41. Watch out for this issue with cPanel and AutoSSL. cPanel will edit your .htaccess files unless you prevent it.

    https://features.cpanel.net/topic/ability-to-prevent-autossl-editing-htaccess-fles

    https://features.cpanel.net/topic/autossl-act-differently-based-on-apache-version

  42. Hi when I insert the code

    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    the site goes HTTPS but when you hover over a menu item the header and menu duplicate.

      

    1. Hello,

      Sorry for the problem with your menus. If you remove the code and look at your menus do you see the same duplication? This code has been in use for a long time without affecting other sites (or there would be many reports of a problem). Please review your site or at least provide a URL so that we can look at the issue as well.

      If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

  43. I installed SSL on my server and added the code on the guide. But still get this error

    An error occurred during a connection to (domain). SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    Thanks

  44. The article is incorrect for the recent changes to the auto ssl -> lets encrypt which writes its own code into the the htaccess file

     

    Since the httpd.conf file can not be relied on to function with distiller – as this does not function either – you need a top level redirect

     

    RewriteCond%{HTTPS}!=on
    RewriteRule^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


  45. Hi,

    I am using heroku with Cakephp 3

    My .htaccess code looks like this

    I can’t reach out to heroku they are not reachable.Tried every stack overflow but none of them worked.

    1. Hello,

      Sorry for the problem with using Heroku. If the .htacess changes are not working then you may need further configuration for the change. You will need to consult with their technical support as we are not familiar with their particular application.

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

  46. when i insert the code in htaccess the code is running but your connection is not fully secure error going on what i do for fully secure can you guide me step by step

    1. This is most often due to some links on the page connecting to http and not https. You will need to correct those in order for the page to be fully secure.

    2. This is better than the 302 redirect IMH example provides. I tested this in SEO Powersuite and they did not like the version without the 301 which seems correct.

      I would change this Inmotion to the example with the 301 in it.

      Thanks for the help though.

    3. This one seems to be correct with the 301. IMH you might wish to update your example.

      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

  47. Hi

    I am using the following for SSL

    #Rewrite everything to https
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    I have tried various options but can’t get any of them to work.

    Any suggestions?

    Many thanks

    1. Those do not appear to be the correct syntax. I advise copying and pasting one of the above snippets from this article.

  48. Hi,

    thanks for putting the time i to monitor this interesting thread.

    I am thinking of using this code to redirect login.php to https.

    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} ^/(login\.php) # Will force SSL on login.php
    RewriteRule ^(.*)$ https://www.mywebsite.co.uk/login.php$1 [R,L]

    Problem is I have a login.php, will this not redirect my admin login to the customer login page?

    Best fix? I may just have to rename my admin login page if not.

    1. The second example given should work for you. This should redirect anything with example.com (your domain) to https://www.example.com

      You may want to rename the current .htaccess file and test it with a new blank one. If it works, then remove that file and rename the original one back to .htaccess and insert it at the top of the file. Be sure to remove any other failed code prior to inserting the working one.

    2. You may want to put an .htaccess file in the /admin folder with just the redirect code in it. That should govern that specific file.

  49. Thank you for this little tutorial. I have a problem now:

    https:// traffic redirects to https://www.

    https:// traffic redirects to https://www.

    But https://www. traffic doesn’t redirect to https://www.

    Is there any way to fix this as well?

    I have to mention that I tried a lot of .htaccess codes, but every single one gave me a redirect loop and only the codes on this page have worked so far. I have a simple Let’s Encrypt certificate issued on its related page in cPanel, but I have not been able to install it on the SSL/TLS page. (Private Key problem)

  50. Dear sir I have a webhosting account of hostgator and I am using more than 5 domains in one account.

    1 is main domain and others are addon domains.

    whenever I have used any code which is like this 

    it gives the several redirections error

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    please suggess me if htaccess of main domain is infecting on addon domains.

    1. Abdul, I don’t see anything wrong with your current .htaccess code, but ultimately I’m not a website developer. I would, however, point out that .htaccess files are recursive. This means that any .htaccess file that you have in a parent folder will affect all the child folders.

  51. Just wanted to say thank you for this post… know it’s been up for a while, but for some reason I can’t get the htaccess rules to stick in my head. Use this post to jog my memory more than I am comfortable admitting :-/

  52. I need help, i forced ssl on all pages of my website but the layout is scattered… any advice? 

    1. Sounds like some of your resources are loading over HTTP. Make sure your CSS, images, and JS all load over HTTPS. Depending on how your website is built this can be accomplished many ways. If it’s a WordPress website, there’s a plugin to force HTTPS which works well.

  53. Hi Dorian,I use the code below and work great:

     RewriteEngine on
      #RewriteBase /
     RewriteCond %{HTTP_HOST} ^www.example.com [NC]
      RewriteRule (.*) https://example.com/$1 [R=301,L]
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    If not work remove the part #RewriteBase / .

    Check my website for example:gamesunblocked.us.

    Try all version in your browser.

  54. Hi,

    I have:

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    in my .htaccess, and all of my pages forward to HTTPS properly except when the URL includes the page file name.

    For instance, domain redirects to HTTPS, but domain/index.php does not.

    Anytime the page’s filename is included, it won’t forward. I’ve searched all over the web and can’t find a fix for this. Can you help, please?

    Thanks,

    D

    1. D, I used your exact code on a brand new site with only three files. A test index.php, a phpinfo.php file, and a .htaccess file that only had your code in it. My site redirected even if I put a filename at the end. This would indicate either a browser caching issue, or an issue with your web hosting setup. I recommend clearing your browser cache, and trying again.

  55. Great, easy-to-follow examples, thanks a lot. Have to say I’m pretty impressed by the inmotionhosting support pages – they’re very well written.

     

  56. My current .htaccess file currently has the following syntax:

    # BEGIN WordPress

    <IfModule mod_rewrite.c>

    RewriteEngine On

    RewriteBase /

    RewriteRule ^index\.php$ – [L]

    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteRule . /index.php [L]

    </IfModule>

    # END WordPress

     

    I would like to force the domain.com to go to the www.domain.com everytime. I want to add something like the following to the .htaccess above:

    Options +FollowSymLinks

    RewriteEngine On

    RewriteCond %{HTTP_HOST} ^domain.com[nc]

    RewriteRule ^(.*)$ https://www.domain.com/$1 [r=301,nc]

     

    The problem is that when I add this additional syntax to my .htaccess and then test the WordPress website, I get an error, “too many rewrite conditions.”

     

    Any ideas on how I should include the additional syntax into the existing .htaccess file?

  57. You really made my day, i was pulling my hair out as the ssl was installed properly but site was going to https:// instead of https:// and was showing connection not secure…

    After the .htaccess change, everything worked as a charm.

    By the way I am usinghost, domain and SSL all provided by godaddy…

     

  58. I am using OpenCart. I want call URL www.mydomain.com/api/common.php.

    I added this new line in the .haccess file, but it’s not working:

    RewriteCond %{REQUEST_URI} !^/(qb|qb/.*)$

    Please help me.

    Thanks

    1. Dao, as this has to do with making custom changes to the coding of your site or sites, it is outside of the scope of support that we are able to provide. You will want to work with an experienced web developer, if you don’t have one already, to assist you in resolving this. Alternatively, you may wish to have a look at https://code.tutsplus.com/tutorials/the-ultimate-guide-to-htaccess-files–net-4757

  59. add [R=301,L] to the end of the last line; it’s sets the redirect to Permanent (for Google and/or for my mom–cuz I moved out of her bsmt for good.)

  60. Thanks for your response… I do use WordPress… I noticed though, that Google started showing me search results with my new HTTPS URL where my old one used to be, so I hope that I’m good.  I did register the HTTPS account in GWT, as you also advised.  Thanks again!

  61. Does the code above transfer Page Rank to the HTTPS site too?  I know I’m supposed to do a 301 redirect, but when I tried to do a 301 on top of this, the page would stop loading due to too many re-directs.

    1. If you are using a CMS like WordPress or Joomla, there are already existing .htaccess rules that can be causing the conflict. If that is the case, you may want to consider using a plugin to switch to https. In most cases, a sophisticated search engine should be able to tell it is looking at the same site with https instead of http. However, you can adjust your preferred protocol in something like Google’s Webmaster Tools and then wait for Google to re-crawl the site.

  62. I inserted the following code into my .htaccess file on the root directory.  I placed it at the top lines, above the lines of code that were already there.  Despite doing this, when I type in my website name it doesn’t work.

    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.gunneria.com/$1 [R,L]
    1. Hello Tallyho,

      We would need to see what else is in the file in order to assess the issue. Additionally, make sure that you don’t have another .htaccess file that might be overwriting this one. Please first start that check and let us know if you require any further assistance.

      If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

  63. My website is static website. and I want to clear my all canonical issues. Only one URL should come up or it should show. How I need to do?

    1. You need to force either WWW or non-WWW and force either HTTPS or HTTP. This can be accomplished via the htaccess file.

  64. htconfig files exicute server-side, then send the “final-product” to the client; so, Search Engines will index the final URI.  So if your htaccess says your home page is https://mysite.com, then it is so.  The caviot is that if you write an internal link to http://mysite.com and Google ends up at https://mysite.com then it will be aware that it was redirected; so, you must be careful about how you handle it.

    Generally, search engines don’t care about protocol redirects, but if you use your htaccess file to redirect to a new domain, such as https://mysite.com to https://anothersite.com, expect to get flaged.

    Lastly, if you want to use it to redirect between internal pages where you want to change your URL, but keep all of your SEO goodness that has already been indexed, such as https://mysite.com/wordpress to https://mysite.com/blog, make sure to use a 301 or 302 redirect.

  65. # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} folder
    RewriteRule ^(.*)$ https://www.****.co.uk/folder/$1 [R,L]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Thank you

    I am using the above code and its working well but when i open my wp admin panel then its redirect to the home page and i couln’t reach my dashboard so plz help me.

    1. Since WordPress relies on .htaccess rules, we do not recommend adding code directly to the file.

      Instead, you should enable SSL in your WordPress Site URL. This reduces the chances of a rule interfering with the functionality of WordPress.

      Thank you,
      John-Paul

  66. I am trying to use an MVC approach in my site programming, that has one entry file index.php. How would I redirect to https with this approach? This is what I have in my .htaccess file right now:

    RewriteEngine on
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php
  67. Thanks so much for your reply. However I just get an error when I use your code.

     

    This is what I have that works, I just want to combine it into a single redirect:

    # 301 to www

    RewriteEngine On

    RewriteCond %{HTTP_HOST} ^domain.com

    RewriteRule (.*) https://www.domain.com/$1 [R=301,L]

     

    # 301 to https

    RewriteEngine On

    RewriteCond %{HTTPS} !=on

    RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

    Thanks.

  68. Hello!

    We recently purchased SSL certificate for our website.
    We currently have 2 redirects

     

    For eg:

    Original URL – https://www.example.com

    Now after purchasing SSL:

    https://www.example.com

     
    How do I redirect users accessing HTTP version of the website to HTTPS WWW version of the website?
     
    Currently I have 2 redirects – HTTP > HTTPS and then HTTPS > WWW as our website is using www preferred version.
     
    My question is can I directly setup HTTP to HTTPS WWW redirect?
     

    Kindly help

    Thanks!

    1. You will want to make sure that you redirect to the domain that is on the certificate, whether it is www or non-www.

  69. I am forcing https as above without issue. However, some subdirectories have .htaccess files that use authorization via AuthType Basic. The authorization is happening pre-rewrite (in the clear, http). Is there a way to rewrite to https before authentication therefore securing the transfer of the user/pw within the https context?

  70. Hi, some really useful examples here. Could you please help me out?

    I have a website and the customer wants everything to redirect to example.com/en/ by default.

    Is there a single rule that will forward, https:// and https://www to https://www.example.com/en/ ?

    I am asking for a single rule as my understanding is the fewer redirects the better for Google? Thank you!

    Adam

    1. Adam, you should be able to use the following:

      RewriteEngine on
      RewriteCond %{HTTP_HOST} ^fromcrimsontowool\.com [OR]
      RewriteCond %{REQUEST_URI} !^/en
      RewriteRule ^(.*)$ https://www.fromcrimsontowool.com/en/$1 [L,R=301,NC]

  71. Hi,

    I want to redirect  https://www.example.com/notice  to ( my another server )
    https://info.example.com/notice

    Both have SSL installed, https://www.example.com is wordpress site.

    what should i write to .htaccess ?  i have several redirection same way, please help

    Thanks

    1. Thank you this post my website is working now.. i use this code
      RewriteCond %{SERVER_PORT} 80
      RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
      this one will replace all your links to https

  72. So i have ssl on a .co domain name and i also have a http .com domain that redirects to the https .co domain, if someone should put the https infront the .com domain, it will give a security error, anyway to fix or adjust that?

     

    Howard

    1. Hello Vinoth,

      You would need to use a Rewrite rule. This will rewrite the URL so that they see only what you want them to see.

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

  73. Hello,

    I have many pages that I would like to redirect to a new domain in a htts://www. version of my website. Could you please tell me the .htaccess code for each one of them? 

    conditions :

    if https://www.example.co.uk/page1 

    or https://example.co.uk/page1

    or https://www.example.co.uk/page1

    or https://example.co.uk/page1

    redirect (301) to

    https://www.example.com/page1

     

    —-Your reply with the code will be used many times, for each one of these pages (page1, page2, page3 etc)

    Thanks in advance

    1. Hello Andreas,

      Thank you for contacting us. We do not provide custom solutions, but you should be able to accomplish this by adjusting the examples above.

      Thank you,
      John-Paul

    1. Hello Daniel,

      You simply need to add the subdomain into the URL in the rule. This is not an “installation”.

      For example:

      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteCond %{REQUEST_URI} folder
      RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

  74. Wow! It works! YES… so easy, so simple. Thank you… Finally SSL without errors

    • domain.com to https://www.domain.com
    • www.domain.com to https://www.domain.com
    • https://domain.com to https://www.domain.com
    • domain.com/file.jpg to https://www.domain.com/file.jpg

     

  75. Hi I too need a force SSL option on my website via .htaccess. What will I need to redirect all http pages/posts to their https counterparts using a 301 redirect? I would like to pass the “link juice” along to the https version so it isn’t lost. Thanks.

  76. I installed SSL on my domain and changed http to https.now what my problem is if i want to view a page with https://mydomain.name/page.html it redirects to homepage.but https://mydomain.name/page.html means it shows correctly

    1. Hello Akilan,

      If your linkings are FORCING you to go to HTTPS, then HTTP may not be available. Make sure that your links are not forcing you to use HTTPS, then you should be able to use the non-HTTPS urls to access your site. Re-directs are found within the .htaccess file. Check this file to see if you have any re-directs/re-write rules that are affecting how you get to your HTTP URL.

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

  77. Please help me. After installing latest SSL in my website, i found out that old browsers can not access my website, though i have added this(RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] ) to force my site to https. So since because of that old browser issue, i want to make only my index.php page to beecome http so that i can notify my users to upgrade there browser before going to another page. please i need help.

    1. You can redirect https to a specific folder you would like to secure, like “example.com/store” or “/secure”, following the final steps of the article above. Use the code from the last example.

    1. It is possible there are other .htaccess files that are affecting each other. I advise checking your Home directory.

  78. If I use this in my .htaccess it tells me either that the page doesn’t work because it redirected me too many times or it gives me an internal server error

    1. It’s possible the file may be conflicting with rules in another .htaccess file in the same directory or nested elsewhere.

    2. Hello Joshua,

      Thanks for the question about forcing the SSL on your other pages. You should first make sure to follow the tutorial above. You should also go to any links that reference your other pages and make sure that they are using HTTPS. The re-write rule above should work for any domain or subdomain that has been covered by the SSL certificate. However, if you intend to keep all of your pages to use SSL, then your page links should using the SSL link and not HTTP.

      I hope this helps to answer your question, please let us know if you require any further assistance.

      Regards,
      Arnel C.

  79. I have a blog installed in a subdirectory with no SSL.

    In the root directory we have another WordPress installation which is membership based and has SSL.

    Sometimes the blog switch over to HTTPS and the blog’s CSS goes missing.

     

    Is there a way to reverse this, i.e. force the blog to display https:// instead of https:// ?

     

    Thanks

    Torkild

    1. Hello Torkild,

      You can use the last code provided in the tutorial above and change it to use HTTP instead of HTTPS.

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

  80. in first “example.com” you need to replace it with your full domain like this www.example.com in this way it worked for me.

    1. The code below should work fine:
      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

      You can also try:
      RewriteEngine On
      RewriteCond %{HTTP_HOST} ^example\.com [NC]
      RewriteCond %{SERVER_PORT} 80
      RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

      Be sure it is up at the top of your .htaccess file.

      Kindest Regards,
      Scott M

  81. iam usin this code
    RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://mydomin.com/$1 [R,L]
    and when i go to my domain this message appear
    The domain.com page isn’t working
    domain.com redirected you too many times.
     
     
    can u help me on that please

  82. Great tutorial.

    Work perfect on website.

    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

     

  83. Hi, i want to force https for my subdomain, where do i need to place above code? it is in root or htaccess in subdomain folder? i have try both, but didn’t work. When i place this code my page cannot be open and dislay this
    This site can’t be reached
     
    www.XXX.com’s server DNS address could not be found.

    1. Typically, you would put it in the document root of your subdomain.

      Keep in mind if you are using a CMS (such as WordPress, Joomla, Drupal, etc.) that they also rely on .htaccess redirect rules, and we recommend changing the setting in the dashboard instead of forcing it directly in the .htaccess file.

      Thank you,
      John-Paul

  84. You should change the code to R=301 so it becomes a 301 redirect. This will preserve people’s backlinks and rankings in google. 

     

    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
  85. Hi

    i have a problem with my 301 redirects. I have 1 going from non www to www and http to https.  So far so good. If I go non https version of home page either www or non www it directs to https://www as it should. It go to the non https of a page it doesn’t redirect. 

  86. Just installed SSl on my domain. To force all web traffic to use SSL, Where do i add this code:

    RewriteEngine On 
    RewriteCond %{SERVER_PORT} 80 
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    My current htaccess looks like like this...

    # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress

    1. WordPress relies on .htaccess rules, which can cause issues when you add code directly to your .htaccess file as described in the guide above.

      Since it seems you are using WordPress, you should enable HTTPS (SSL) in WordPress.

      Thank you,
      John-Paul

  87. Hello John-Paul,

    Thanks for that well thought out reply. Whynpadlock was very useful to test. Thank you. The TLS 1.2 I had requested this year, so be aware some of your reps don’t have perfect knowledge. Of course what this shows is that forcing into https does not alwasy work. At the end of the day you have to hard code all the links.

    But I appreciate your reply which has improved my confidence in inmrtion hosting. Thank you.

  88. This does not work. I have some pages that go to https and other that go to http. After hours with inmotion hosting they told me that I have to hard all my web pages, which is silly and I am confident is wrong. I mean why use this in that case? Maybe they should have qualified the statement that this will only work if you hard code it, whatever that means.

    So I hard coded (meaning put https to all the links) some of the pages to test their theory and what they say does not work. I suspect the SSL has been badly configured by inmotion which make mistakes like the time i asked for TLS 1.2 and they said they do not offer it. But after pushing them for a while I discovered they do indeed offer it in upgraded server. This is why proper training and knowledge is important.

    1. Hello Asela,

      Thank you for contacting us. Sorry to hear you are having issues forcing https on your website. I first checked your SSL with an SSL Checker tool, and it is installed correctly. Since we now know the SSL is not badly configured, we can rule this out.

      TLS 1.2 has been available on our shared servers since December 2015, it was available on VPS/Dedicated servers before since you have the ability to change your server settings. If you asked for TLS 1.2 on shared servers prior to December 2015, it may not have been available yet.

      When I test your site, the example.com redirects to https://www.example.com, which seems to be correct. But, when I check the links in your site menu, many are pointing to http URL’s instead of https. For example:
      Home, all of the products (such as Tea, Powder, etc.), all of the “Benefits” links, Blog, and Cart.

      So, while it may force SSL on the main domain, these links seem to navigate visitors back to http (non SSL) pages.

      Also, for a page to be secure, everything being called on the page must be from an https address. When I reviewed your site, many files are being called in insecurely. You can view these by reviewing your site on whynopadlock.com, which is a free tool.

      If you suspect the redirect rules are not working, I recommend reviewing the other rules in the .htaccess file as one may be interfering. You can also troubleshoot the .htaccess by renaming it, for example to .htaccess.old

      Thank you,
      John-Paul

  89. How would you exclude certain paths? Some Magento extensions do not work well with forced SSL in the admin area. Thanks in advance! 

    1. Hello Alex,

      We don’t really have a tutorial about that ourselves, but you can find regular expression tutorials through search that discuss it. Here’s one that may help.

      If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

  90. Why not use Server Name parameter ? this way you can copy and paste it to all the website’s you need. Or even put it as a global rule for apache.

     

    RewriteCond     %{SERVER_PORT} ^80$
    RewriteRule     ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

     

  91. Over the past month I have installed five SSLs on five sites. And this htaccess code has not worked on one. Not one. (All are WordPress sites.)

    I had to trouble shoot each site and each site had a different solution.

    I don’t want to hashout what did and didn’t work here. I could really care less. (Really, it is too frustrating.)

    But I DID FIND A WAY THAT SEEMS TO WORK FOR WordPress. I just installed a sixth SSL. Instead of all the plugin/htaccess mess I just went into phpmyadmin and changed the site URL and home URL from https://mysite.com to https://mysite.com.

    This appears to have done the trick. Is there anything wrong with doing this?

    Thanks.

    1. Hello Steve,

      The method you used is what was needed to enable SSLs for WordPress. We have a tutorial for WordPress HTTPS here. If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

  92. As I just mentioned above…. this will solve all of your issues and automtically add www. if your domain is set up that way.

    In your .htaccess, add:

    RewriteEngine On

    RewriteCond %{HTTPS} off

    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

  93. Hello i have the following error https://www.*****.co.za ” when i place this code
     

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.isolarsolutions.co.za/$1 [R,L]

     
    if i try to access my admin  i get the error below
     

    Not Found
    The requested URL /wp-admin/ was not found on this server.
    Apache Server at ******.co.za Port 443
     
    The website is made from wordpress
     
    Thanks

  94. Hello!
    Thank you for that, quite simple.
    But, if I try to access “domain.com/folder/page”, works perfectly. But if I try with the prefix “www.domain.com/folder/page”, my browser say it’s an insecure connection.
    Would you have any hints on that?
    Thank’s!

    1. Hello Lucas,

      Have you checked your pages source code to check what content is not being loaded via https://?

      Best Regards,
      TJ Edens

  95. Please clear me that how your code is different from below code (Jake mentioned too). What are the implications of using your code and below code?

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    Thanks!

    1. Our code is just one way to force the https. Glancing at the code you have, it appears it may do the same thing. You can use whichever one works best for you.

    2. You may want to try a more generic code like the one below:

      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  96. I have…wild card SSL

    1. wildcard SSL for site xyz.com

    2. hosted wordpress on subdomain abc.xyz.com

    but when I enable https on wordpress abc.xyz.com from General Settings (dashboard) and access the https://abc.xyz.com it redirects to https://xyz.com 

    Could you please help

     

    Thanks

  97. Hi,

    My website has minor problem only home page doesnt redirect to https but all other pages does redirects to https.

    If I click on any other page and then go back to home page then it stays on https. can you please help.

    below is the code in my .htaccess file

     

    # BEGIN WordPress

    <IfModule mod_rewrite.c>

    RewriteEngine On

    RewriteRule ^(.*)$ https://www.e-astrologer.com/$1 [L,R=301,NC]

    RewriteBase /astro/

    RewriteRule ^index\.php$ – [L]

    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteRule . /astro/index.php [L]

    </IfModule>

     

    # END WordPress

  98. What about domains that don’t use “www”. Actually, I need ssl for both the “www” and the non-www versions of my site.

    Should I add anything more to the code?

    1. Hello Steve,

      You should not have to add anything as long as your SSL is setup for the www version and non-www version.

      Best Regards,
      TJ Edens

  99. Hi,

    I want to redirect url without www to https://www using .htaccess or any. Please support me . It’ s urgent.

    Thanks.

    1. Hello Rajesh,

      Thanks for the question about redirecting without using WWW in the URL. Your question is a little confusing because you use “www” in the HTTPS url that you indicate. However, you can use the tutorial above by simply changing the rewrite to rewrite to the https:// with no WWW in the URL. The condition for the change would indicate the WWW version of the URL.

      I hope this helps to answer your question, please let us know if you require any further assistance.

      Regards,
      Arnel C.

  100. Yes it did perfectly worked for me…. Thanks a lot …. I was after this solution for about two days….

  101. This approach is better, automatically gets your URI:

    ===================================

    RewriteEngine On

    RewriteCond %{HTTPS} off

    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    1. Hello faiz,

      Thank you for contacting us. If you are using a CMS (such as WordPress, Joomla, Drupal, etc.) I recommend using a Plugin, or module to avoid conflicts.

      Are you getting any error messages?

      Best Regards,
      John-Paul

  102. Hi,

    my host is Siteground and the it wrote me this code that write in htaccess

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.sergiopinna.it/$1 [R,L]

     

    And it works perfect.

  103. This is the coding I had in my .htaccess file:

    ##### RewriteEngine enabled – BEGIN
    RewriteEngine On
    ##### RewriteEngine enabled – END

    RewriteCond %{HTTP_HOST} ^mydomainname\.com [NC]
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.mydomainname.com/$1 [R,L]

    And this is what was displayed in the browser window:

    “An error occurred during a connection to www.mydomainname.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG”

     

    Of course I substituted mydomainname with the name of my domain.

    Please advise.

    1. Hello Jim,

      The error message indicates that the redirect is working as it is an SSL error message. You will want to check the SSL itself to make sure it is a) setup at all and b) set up correctly.

      Kindest Regards,
      Scott M

    1. Hello Joe,

      Thank you for contacting us. Since you are using WordPress (which also relies on .htaccess rules), I recommend using a plugin instead of adding a .htaccess rule directly.

      This is to avoid a rule interfering with the functionality of your website.

      Thank you,
      John-Paul

  104. Hi

    I would like to interesting how can I set just 1 or 2 pages?

    sample : xxx.com/cart  and xxx.com/checkout

     

    thank you

    victor

    1. Hello Victor,

      Your SSL would still need to be for the domain, but then the code would be exactly the tutorial displays above for the folders:

      RewriteEngine On
      RewriteCond %{SERVER_PORT} 80
      RewriteCond %{REQUEST_URI} folder
      RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]

      If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

Was this article helpful? Join the conversation!