In this article, you will learn:
- What conditions you have to meet
- How to force connection over HTTPS
- Common issues
- Frequently asked questions
HTTPS Connection Prerequisites
In order for your Webhosting site to be able to use a secure HTTPS connection, you must first activate it in the customer administration panel in one of the following ways:
- quick setup according to Webhosting – Quick HTTPS Setup,
- manually using Webhosting – Manual HTTPS Setup, or
- using your own certificate according to Webhosting – Own SSL Certificate.
Force HTTPS
Simply turning on HTTPS on Webhosting does not mean that the site will automatically switch to secure mode. After successfully activating HTTPS and the certificate on the Webhosting, set the website to use a secure connection.
In your site’s administration or configuration file, edit the settings to use a secure connection. The settings may differ, for example:
- change website URL to contain https://
- force SSL or HTTPS in Settings
- install a security plugin
To find out the best solution for your system, consult your web developer/admin or CMS support.
If the above settings are not available or not enough, add HTTPS redirect rules to the .htaccess file (in the www folder). Copy and paste these rules immediately below the existing RewriteEngine On line:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
Header set Content-Security-Policy "upgrade-insecure-requests;"
Adding this code may cause our app installer to not work properly. If you encounter an error with the .htaccess file during installation, restore the default .htaccess temporarily and replace it with the automatically created backup after a successful installation.
HTTPS in Common CMS
- WordPress: Change both URLs in WordPress administration panel >> Settings >> General.
- Joomla: Open the configuration.php file and change the URL in the public $live_site variable. Update .htaccess with the above code.
- Prestashop: In the administration panel, go to Store settings >> General >> Enable SSL and select Enable SSL on all pages.
- Opencart: In the administration panel, go to System >> Settings and choose a store. Select the Server tab and check Enable SSL. Update .htaccess with the above code.
- Drupal: Update .htaccess with the above code.
Common Issues
Common issues with setting up HTTPS on your website include:
- An error displays instead of the website
- Parts of the website aren’t loading
- Google Search Console stopped working
Website Error after Forcing HTTPS
Issue: After setting up HTTPS, the website displays either 404 Not Found, or Not found on Accelerator.
Cause: HTTPS is not active on the Webhosting itself, or the activation of the certificate has not yet been completed.
Solution: Make sure that the domain is added to the certificate and that at least half an hour has passed since it became activein the customer administration panel.
Broken Web – Mixed Content
Issue: After setting up HTTPS on the site, CSS stopped working, images and other media are not displayed.
Cause: If the main page uses a secure HTTPS connection, the browser perceives all resources loaded via the HTTP protocol as potentially dangerous and blocks them.
Solution: If you’re using your own code, go through it and verify that you’re specifying absolute file addresses with HTTPS, not HTTP. For example, update http://domain.tld/image.jpg
to https://
.domain.tld/image.jpg
If you’re using a content management system, for example WordPress, look up in its documentation or ask support how to fix mixed content.
Google Search Console Error
Issue: After forcing HTTPS, I see a redirection error on GSC.
Cause: If your .htaccess file uses the code RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
, there is a redirect from the non-secure version of the page to the secure one with a 301 (permanently moved) return code. Some diagnostic and analysis tools may see this as a problem.
Solution: Try disabling the problematic code by placing the # character at the beginning of the line. Thoroughly test that this modification did not break HTTPS.
FAQ
Question: How do I check that HTTPS is working correctly?
Answer: Enter the address of your website with http (http://domain.tld) in the browser. If you have everything set up correctly, the address will automatically be corrected to the https version and typically marked with a lock icon. If this does not happen, carefully go through the steps of the guide again, including editing the .htaccess file.