Forcing your Website’s visitors to use the shared SSL

Occasionally our technical support is asked how to direct your website visitor’s to view your website over HTTPS. Let’s look an example:

If a visitor goes to your website using, you can force them so they will always use the  shared SSL certificate. Shared SSL’s are included on all Shared Hosting plans. If you’re not familiar with SSL certificates, please view our article. If you have a dedicated SSL and want to force all of your website traffic to use your dedicated SSL we have a great tutorial on that as well.

Forcing your visitors to use the Shared SSL

To force your visitors to use the shared SSL certificate that InMotion Hosting provides:

  1. Log into cPanel
  2. Go to the “Redirects” section
  3. Set the “type” to “Permanent (301)
  4. Next to “https://(www.)” choose the domain name you want to do this for
  5. Enter your websites URL using the Shared SSL next to the “redirects to” field
  6. We recommend using the “Redirect with or without WWW” selected so that any visitor will be forced to use the SSL whether they use or
  7. Ensure “Wild Card Redirect” is checked
  8. Click “Add

During this example, we used the domain and redirected it to


If you need further assistance please feel free to ask a question on our support center website.

Carrie Smaha
Carrie Smaha Senior Manager Marketing Operations

Carrie enjoys working on demand generation and product marketing projects that tap into multi-touch campaign design, technical SEO, content marketing, software design, and business operations.

More Articles by Carrie

10 thoughts on “Forcing your Website’s visitors to use the shared SSL

  1. I followed the instructions, but when I try to access a WordPress site through the shared SSL URL, I get a screen with the InMotion logo and my IP address.  What am I doing wrong?  How do I view the website??  Thanks!

    1. chuckz, because of the way that WordPress functions, you would need to set your site URL to be the equivalent of “”, but with your server, and username. Typically, this is not desired, as this will change the primary URL for your entire site, and not just HTTPS. In this case, it is recommended that you instead obtain an SSL for your site’s domain, and force HTTPS on your domain.

  2. Nice tutorial. I have a wildcard certificate for my domain, so how would I get my own domain URLs to always be under SSL rather than redirected to



  3. Thanks for the tutorial but still have a question with the line redirects to 

    Do I write exactely like the example?  ?????

    What do I write after……..



    1. Hello Vero,

      Thanks for the question. The redirects to field is for the URL of the website where you want your website visitors to be directed to.

      If you look at your account’s technical details in the Account Management Panel (AMP), you will see YOUR secure shared server path. This path is the alternate path to get to your website without having to use your primary domain’s URL. So for example:

      If your domain’s name is and the technical details show that your secure server path is, then you would enter the if you were trying to use the shared server’s secure path. The example used in the article above is only an example, it’s not the actual path you should be using. Go to the technical details of your account (if you’re an InMotion customer) and use the shared secure server path in place of the example provided above.

      NOTE: If you are using a software that requires your primary URL to be used for the SSL, then you cannot use this type of re-direct. Some ecommerce programs create the website paths for other pages within the site. Using the temporary URL would not be an option in those cases unless the application allows you to make configuration changes that would permit the re-direct. Also, although the article provides this solution for using the shared server SSL, please remember that if you are trying to maintain your search engine search results based on your domain name, then you will want to invest in purchasing an SSL certificate for your domain. A 301 re-direct is basically telling search engines that the website is no longer going to be at the initial domain name that you provided. InMotion does provide an option for purchasing SSL certificates from AMP.

      Finally, if your website was setup in a sub-directory UNDER the primary domain name, then you would add the directory name AFTER your shared server’s URL. So for example: https://secure101.inmotion/~acctusername/subfolder_directoryname.

      I hope that clarifies the issue for you! If you have any further questions or comments, please let us know.

      Arnel C.

  4. I’m curious about the impact of this solution on the website visitor’s experience.

    I would like to implement “Google has said it wants all ?website owners to switch from HTTP to HTTPS to keep everyone safe on the web”.

    I’m trying to decide whether to go with this “free” way to implement that for the time being, or whether I need to go to the expense of getting my own SSL certificate(s) and dedicated IP address(es) – I have a few dozen domain names, with a lot of aliasing among them (e.g.,,,, etc. are “parked” domains). I am not doing e-commerce yet, so I don’t need PCI compliance at this time.

    It appears that the URLs that visitors will see in their browser’s address bar wil show that long prefix (e.g. for every web page. Is that correct?

    Does this method slow the visitor’s response time by requiring extra data exchanges for following the redirects on every page access?

    Is there anything else I need to know in order to make an intelligent choice between shared and dedicated SSL when I’m on a shared server?


    1. Hello Bob,

      Thank you for contacting us. These are good questions. Yes it is true, the URL visitors will see is the the Shared SSL address. For example:

      It will not slow the response times, since it is just accessing the files directly from your server address. It should not require redirects since you will essentially change the URL of your CMS.

      If your visitors don’t mind seeing the Shared SSL address in their browser, it may not be a big deal. This really depends on the nature of your websites.

      If you have any further questions, feel free to post them below.

      Thank you,

  5. I’m curious how, or if this is different from using .htaccess as described in the ‘Force a dedicated SSL’ support page. Just to be clear, the end user is directed to “securexx…” from “” without any links in the webpage needing to be rewritten? Thanks!

Was this article helpful? Join the conversation!