How to Force HTTPS on Your Website
How to Force HTTPS on Your Website (AutoSSL Configuration)
In the current digital landscape, security is not merely a feature—it is a requirement. If your website loads over plain HTTP, browsers like Google Chrome will display a prominent "Not Secure" warning to your visitors. This significantly damages your brand's credibility and hurts your SEO rankings. At PalmHost, we believe in a secure-by-default approach, which is why all our web hosting plans include automated, free SSL (Secure Sockets Layer) certification via the AutoSSL system.
While the certificate is automatically installed, your website does not always force visitors to use the secure encrypted connection (HTTPS) automatically. To ensure 100% of your traffic is encrypted, you must "force" the redirection of all HTTP requests to HTTPS. This guide explains how to verify your AutoSSL status and implement the necessary server-side redirect.
Understanding AutoSSL
AutoSSL is a powerful, automated service integrated into your cPanel dashboard. It continuously monitors your domain, ensuring that a valid, signed SSL certificate is always present and active. When you complete your domain registration and point your DNS to our servers, AutoSSL typically detects the new domain and provisions a certificate within a few hours. This eliminates the need for manual CSR generation or paying high annual fees for standard domain validation certificates.
Verifying Your SSL Status
Before you attempt to force HTTPS, you must confirm that a valid certificate is actually active on your server.
Step 1: Open the SSL/TLS Status Tool
Log in to your cPanel dashboard. Navigate to the "Security" section and click on SSL/TLS Status. This tool provides a real-time report on the status of every domain and subdomain associated with your account.
Step 2: Review the Certificate Status
You will see a list of your domains. Domains with a successfully installed SSL certificate will display a green padlock icon. If you see a red indicator, the certificate has not yet been provisioned or is failing validation. In this case, click "Run AutoSSL" to manually trigger the provisioning process.
How to Force HTTPS Using .htaccess
Once you have confirmed that your SSL certificate is active (the green padlock is present), you need to tell your server to redirect all incoming traffic from HTTP to the secure HTTPS protocol. The most reliable method is to modify your website's .htaccess file, which controls how your web server handles URL requests.
Step 1: Open the File Manager
In your cPanel dashboard, click on File Manager. Navigate to the public_html folder (the document root for your main website). If you do not see a file named .htaccess, click "Settings" in the top right corner and ensure "Show Hidden Files" is checked.
Step 2: Edit the .htaccess File
Right-click the .htaccess file and select Edit. Copy and paste the following code block to the very top of the file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Click Save Changes. This code tells the server to detect if the connection is insecure and, if so, to permanently (301) redirect the request to the HTTPS version.
https:// before editing the .htaccess file directly, as this may cause a conflict.Troubleshooting "Mixed Content" Errors
After forcing HTTPS, you may notice that the padlock in the browser address bar is missing or shows a warning. This is usually caused by "Mixed Content." This happens when your website is served over HTTPS, but it is trying to load images, scripts, or stylesheets over an insecure HTTP connection. The browser blocks these elements to protect the user, resulting in a broken, non-secure page.
To fix this, you must update your website's internal URLs. If you are using WordPress, the "Better Search Replace" plugin is an excellent tool for automatically updating your entire database to swap all instances of `http://` to `https://`.
The Benefit of Managed Security
Managing SSL configurations, editing sensitive server files, and troubleshooting mixed content errors can be technically demanding for growing businesses. If you want to eliminate the burden of server-side security maintenance, our managed hosting solutions are designed exactly for this purpose. Our technical team manages your SSL provisioning, performs regular security audits, and ensures your site is optimised for high performance and strict security compliance.
We are here to support your growth. You can learn more about our secure server infrastructure on our about us page. If you are struggling with a persistent "Not Secure" warning or if a manual redirect is causing a loop error on your site, please do not hesitate to reach out. Navigate to our contact us page to open a support ticket, and our technicians will resolve the configuration issue swiftly.