How to force all traffic to HTTPS

Documentation HTTPS and SSL
1

After you’ve enabled SSL for your website, you’ll probably want to redirect all traffic on your website to the https version of your site. There are multiple ways to do that. Let’s compare some commonly used ways.

Using script configuration

Some scripts (including Wordpress) have a setting which allows you to set your website URL. By changing this URL from http://example.com to https://example.com, the script will probably redirect visitors to the https version of your site. Even if your script does not redirect people, it’s still highly recommended to check if your script has a setting for the URL because it will prevent other problems with links on your page.

Using .htaccess

Probably the most common way to force traffic to https is by redirecting requests using .htaccess. The .htaccess is a simple text file simply called ‘.htaccess’ which contains additional settings passed to the web server to support some more complicated functionality. If you are using a script created by other people (including CMS like Wordpress), you can probably find a .htaccess file already in the htdocs folder of your website. If you don’t have a .htaccess file yet, you can create a file using the File Manager with the file name .htaccess. Using the File Manager is recommended, some systems (especially Windows) don’t work well with .htaccess files.

After you’ve found or created your .htaccess file, you can edit it in the File Manager or using any text editor (like Notepad). You need to add the following lines to the file:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:CF-Visitor} !{"scheme":"https"}
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Using Cloudflare settings

If you’re using Cloudflare on your website, you can let Cloudflare enforce HTTPS for you. Simply login to Cloudflare’s website, go to the Crypto settings for your domain, and enable “Always use HTTPS”.

Final notes on forcing HTTPS

If your website doesn’t work anymore after applying any of these settings, there are a few common issues you should check for.

If your website does not display any content at all or shows a 500 - Internal Server Error and you’re using the .htaccess method, that means there is an error in your .htaccess file. Please make sure you copied the content exactly as shown above. If you’re sure it’s correct, you can try getting help in the forum. If you do, be sure to include the contents of your .htaccess file in the message.

If your website does show content but is missing styles, scripts or images, those files are probably linked to with http:// urls instead of https:// urls. Most browsers block requests to http:// content on https:// pages for security reasons. Check your script settings (if applicable) or update your pages to ensure only https:// urls are used on the page.

21 Likes
How to make your website use HTTPS (SSL)
How to get Free SSL (HTTPS) on InfinityFree
SSL not working on chrome mobile
Ssl lock not showing before url
Why do I have two different models with my website?
HTTP to HTTPS automatically
I've bought and uploaded my SSL certificate, but my website is still "not unsecured"
SSL Issue
The website is different than in my preview ie the code is not expected to behave like this
Connection Not Private Error frequently while valid SSL certificate
My website shows SSL errors
The certificate you have entered does not match the current private key
Why is the title not showing in https
My website said its not secure even after SSL installation
.htaccess Error please help! [ERROR 404]
My website is not secure
SSL certificate is not properly installed
I think Infinity Free is bugged
Ssl problem , what should i do?
Ssl not showing on my domain
Download button on my website is not working which is of JS DOM
Ssl_error_internal_error_alert
SSL not found in Wordpress
My website is not secure
I need help with this domain and website
Cannot see my mp3 file in the htdocs
Domain apex not redirecting to https
This site can’t provide a secure connection
I installed auto SSL but it does not work despite there is green information about SSL in my profile
.htaccess with basic auth an HTTP redirect requieres Login Twice
Request for assistance to enable me to access my dashboard
SSL keeps failing Website keeps going on not secure
Order new Free SSL Certificate The domain does not match the format
Database connection
Redirect from http://my_website.com to https://my_website.com
SSL Not working
My browser returns a connection error (Took to long too respond)
I installed and activated infinityfree SSL and ever since my site looks broken
Website not loading on some devices
HTTPS on free domains
SSL NET::ERR_CERT_AUTHORITY_INVALID error
Moodle Update 4.3.3 (Build: 20240212) ERROR
Err_ssl_protocol_error
Site not secure
No SSL when sharing on Facebook
SSL Certificate takes longer then said in description!
SSL certification
PHP Form in HTML
Cannot to login to my website's admin panel after changing http to https
I am website is not sending data to server & saying site is not secure
SSL certificate issue
How to change website from http to https
Not Secure
Please help - Problem Enabling https
I've bought and uploaded my SSL certificate, but my website is still "not unsecured"
Why can't I add ca_bundle in infinityfree
"Your Key and Certificate directories are not properly protected"
Url Shortener Redirects to 404 page
Certificado ssl
Certificate verify failed
"Not Secure" with SSL
WordPress error when saving: "There was an error. You are probably offline."
Ssl certificate / site insecure
Connection Not Private Error frequently while valid SSL certificate
My website is unsafe without typing https:// in the address bar
SSL certificate issue
SSL certificate issue
Need Some Privacy info
Colocar ssl
I'm Back
How do I redirect my domain tomy HTTPS domain?
Unable to install wordpress , stuck at 95%
When login with direct website it show unsecure even if ssl certificate active
My website is not ssl certified in microsoft edge
Urgent Help Needed: Website Suddenly Showing 404 Not Found Error on All Devices and Browsers
Unable to make https work for subdomain
SSL certificate installation
Redirect from Http to Https doesn't work
Self signed cerificate issue
Mixed content
Distorted Wordpress Site
Please help - Problem Enabling https
My cloudflare is not working
SSL verschlüsselung und Dateien über 10 MB.
Force https
Ssl error help!
Flashed message during SSL install
SSL Certificate
Ssl error help!
Custom Error Pages does not support HTTPS
My website didn't redirect http to https
Removing old http to use https
Domain not resolving to https
SSL installation from InfinityFree
Several ssl certificate no https website not working free hosting
How do I force browsers to enter my website with HTTPS? It automatically enters with HTTP!
Self-Signed SSL Error
SSL not ready yet
Frustrating with the SSL issue
Ssl
Why can't some browsers load my website?
Https
HTTP to HTTPS (And redirection to other website)
I installed SSL on my Site. when I open it on my Android phone it opens on "http". Please help me
I installed SSL on my Site. when I open it on my Android phone it opens on "http". Please help me
Ssl error
Dns_probe_finished_nxdomain
Mywebsite.gq have ssl but mywebsite.gq/blabla not have ssl
Mywebsite.gq have ssl but mywebsite.gq/blabla not have ssl
I`m not able to login through wp-admin, but my website is
I’m abdulhadi i have a problem i am add certificate on my website but when i open mmy website its op
A site doesn't work with new ssl certificate with new https address
Unable to enter the website after installing the SSL plugin
Why is my website only secure when the url has a trailing slash?
Not able to installed ssl
SSL Issue
SSL certificate is installed but it is not showing
20000 forum users - Awesome Special Event!
Ssl certificate issue
SSL Certificate issued but site still shows "not secured"
Favicon Not Showing On HTTPS on HTTP
Imagine won't load
How to make my web secure
CORS Policy Annoying Errors
SSL is installed but still showing not secure
Changed dns over 72 hours ago and site still not up
SSL Issued, but site doesn't show up with https://
SSL Certificate Implementation on InfinityFree Hosting
Http and https
My website is not working
Not secure
I need to get a webpage hosted. Can someone help me? This is my first time here at InfinityFree
How To delete SSL from the list
Please i need help
Cannot access website due to plug-in and SSL issues
Cannot access website due to plug-in and SSL issues
An advertisement appeared on my site, although I did not order it, and did not insert it into the co
Why the home page show mixed content when visiting the websites by moibile
Cannot to login to my website's admin panel after changing http to https
I need help
I cant open my website
I cant open my website
SSL Nor Working
SSL certificate revoke
Error after 3 days of trying to add domain
SSL certificate issue
Https not working
Needing help to secure my website
I have a question about SSL
Hii sir my post link is not working
I have a question about SSL
Indexing Problem
My website is going to " not secure connection… "
I have a little problem again, after my hosting at Infinityfree I was told that in about 72 hours my
I cant login to my wordpress dashboard
Secure host
Free SSL certificate stopped working
Still waiting for SSL after 5 days - My paint dried ages ago lol!
Cant Access Website from Whatsapp
Title: "Category 59: Malware - Need Help"
"I hosted my site and activated the SSL certificate, all with a free plan, but now my site has two v
Photos can not showing
SSL certificate not appearing on my site for no reason
Site is marked unsafe in Chrome
SSL does not work on a free domain
Not Secure error after installing a certificate
Err_too_many_redirects
SSL certificate installed but browser still shows Not Secure (Incomplete chain)
Hosting Support
Hacker's attack
My Site Not Secure
The free ssl its not working
"Your connection to this site is not secure..."
Account Suspension
Subdomain SSL Issue
Not secure page in some navigators
Problem certificatre ssl
Why my website is downgraded to http instead of https?
System wide ssl certificate not working on great-site.net
How to force away from / to www
SSL Certificate is invalid or missing intermediate (bundle) certificate
I want use a different name for my website on infinityfree
Images disappeared
How to get FREE SSL cuz its not working for me
Https isue
SSL is not working
SSL/security risk problem, but only for one domain (.page.gd)
My website has SSL certificate now
Site showing 403 access denied
403 Forbidden error
Google Chrome on my mobile see safe websites, but Google Chrome on my computer see unsafe
Even though I have installed SSL on my site the connection is not secure
Website doesn't work, FTP (Filezilla) doesn't work either
SSL certificate still pending
SSl certificate is installed but not showing in my site
Website not secured
My SSL certificate is not working please help
SSL Certificate installed but status remains "Not Found"
Ssl does not appear the padlock on my pages
Free domain does not have a ssl certificate
How can i fix that
Link to picture on File storage
My website cant provide a "secure connection"
Free SSL cert configured and installed, but still site dont work with https
SSL Certificate Issue – "Connection Not Secure" Warning
Suddenly become Dangerous Site
File transfers unsuccessful via FTP
File transfers unsuccessful via FTP
Cannot See Website
Free SSL certificate (error)
I don;t know why SSl certificate is not showing on my website
I need to roll back my website
Ssl
Neither canonical URL nor 301 redirect from HTTP homepage
Issue with Secure Connection on My Website
Ssl Sertifika
SSL problem on my website
The SSL certificate never installing
SSL Error
Domain not available
Website not functioning DNS PROBE POSSIBLE?
CSS not applied
2

A post was split to a new topic: Https

4

A post was split to a new topic: .htaccess

5

3 posts were split to a new topic: Not loading correctly my website, giving error/ not secure connection…

6

A post was merged into an existing topic: Not loading correctly my website, giving error/ not secure connection…

7

A post was merged into an existing topic: Not loading correctly my website, giving error/ not secure connection…

8

I believe

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:CF-Visitor} !{"scheme":"https"}
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

is using the default AND condition

Wouldn’t this be better?

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https [OR]
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP:CF-Visitor} !{"scheme":"https"} 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

In this way, any of the conditions will cause the rewrite.

5 Likes
9

I don’t think so. If you use Cloudflare’s Flexible SSL, the second condition will always be false, so I think this code will then cause a redirect loop. The first and third conditions check for that. And if you don’t care about flexible SSL, you can just omit the first and third conditions entirely.

5 Likes
10

I believe domains/subdomains on CloudFlare do not need .htaccess https redirect.
Minimum of full mode plus correct CloudFlare settings will do the trick.
The redirect loop will then not happen

4 Likes
11

If you use Cloudflare, you can enable “Always use HTTPS” in Cloudflare’s setting. That removes the need for any .htaccess rules, and works perfectly with all SSL modes.

It also means that the HTTPS redirect is done by Cloudflare, not your website, so it should be faster (as Cloudflare is closer to your visitors than your website is), and save you a few hits on your account.

4 Likes
12

A post was split to a new topic: Website doesn’t work on HTTPS

Why SSL doesn't work on www subdomains and other free subdomain SSL issues