How to Enable HTTPS on Your Website

Introduction
Enabling HTTPS on your website is essential for ensuring secure communication between your site and your visitors. HTTPS encrypts data exchanged between users and your website, protecting sensitive information like passwords and payment details. It also boosts your site's credibility and can improve search engine rankings. This guide will walk you through the steps to enable HTTPS on your website after installing an SSL certificate.

Step-by-Step Instructions

1. Ensure SSL Certificate is Installed
   Before enabling HTTPS, make sure you have an SSL certificate installed on your domain:

   • You can install an SSL certificate via cPanel, either manually or using the AutoSSL feature.
   • If you haven’t installed your SSL certificate yet, refer to our How to Install an SSL Certificate in cPanel guide for step-by-step instructions.

   Once the SSL certificate is installed, your website will be ready for HTTPS.

2. Force HTTPS Using .htaccess
   To ensure all visitors access your website over HTTPS, you’ll need to set up a redirect from HTTP to HTTPS using the .htaccess file. This file controls important aspects of how your web server delivers content.

   • Access File Manager: Log into cPanel via the client area.

   • Navigate to File Manager and open the public_html/ directory (or the root directory of your website).

   • Look for the .htaccess file. If you don’t see it, click on Settings (top-right corner of File Manager) and check "Show Hidden Files (dotfiles)".

   • Edit the .htaccess File:

     1. Right-click on the .htaccess file and choose Edit.
     2. Add the following code at the top of the file to force HTTPS:
    

   RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   • Save the Changes: Once you've added the code, save the file.

   This will automatically redirect all traffic from HTTP to HTTPS, ensuring that every visitor accesses your site securely.

3. Update Internal Links and Resources
   After forcing HTTPS, ensure that all resources on your website (images, scripts, stylesheets, etc.) are also loaded securely over HTTPS. If some resources are still being loaded via HTTP, your browser might show a "Mixed Content" warning, which could make your site appear less secure to visitors.

   • Update URLs: Check your website’s code (HTML, CSS, JavaScript) and update any hardcoded URLs from http:// to https://.
   • Use Relative URLs: Whenever possible, use relative URLs (e.g., /images/logo.png instead of http://yourdomain.com/images/logo.png) to avoid mixed content warnings.

4. Update CMS or Application Settings
   If you’re using a content management system (CMS) like WordPress, Joomla, or Drupal, you may need to update your site’s settings to use HTTPS.

   • For WordPress:
     • Go to the WordPress dashboard and navigate to Settings > General.
     • Update the WordPress Address (URL) and Site Address (URL) from http:// to https://.
     • Save the changes.

   You can also use a plugin like Really Simple SSL to automatically detect and update your website’s settings for HTTPS.

   • For Joomla:

     • Go to System > Global Configuration.
     • Under the Server tab, set Force HTTPS to Entire Site.
     • Save the changes.

   • For Drupal:

     • Go to Configuration > System > Site Information.
     • Update the site URL to use https://.
     • Save the changes.

5. Verify HTTPS is Working
   After setting up HTTPS, check that your site is fully secure:

   • Type https://yourdomain.com into your browser’s address bar and verify that the browser shows a padlock icon, indicating a secure connection.
   • Use online tools like Why No Padlock or SSL Labs to scan your site for any remaining insecure elements (such as mixed content).

Handling Common Issues

1. Mixed Content Warnings
   If you see a "Mixed Content" warning, this means that some elements on your website (such as images, CSS, or JavaScript files) are still being served over HTTP. Here’s how to fix it:

   • Update URLs: Go through your website’s code and replace any remaining http:// links with https://.
   • WordPress Users: Use a plugin like Really Simple SSL or Better Search Replace to update all URLs in the database from http:// to https://.

2. SSL Certificate Errors
   If your browser shows an SSL certificate error, such as “Your connection is not private”, check the following:

   • Expired Certificate: Ensure that your SSL certificate is up-to-date. If it has expired, you will need to renew it.
   • Incorrect Installation: Verify that your SSL certificate has been installed correctly in the SSL/TLS section of cPanel.
   • Domain Mismatch: Ensure that the SSL certificate matches the domain name you’re using.

3. Redirection Loop
   If you encounter a redirection loop error (too many redirects), this usually happens if your .htaccess file has conflicting rules or if there’s an existing HTTPS redirect in your application’s configuration. To resolve this:

   • Double-check your .htaccess file and ensure there aren’t duplicate or conflicting redirects.
   • In WordPress, check for plugins that might be adding redirects and disable them to see if the issue persists.

Benefits of Using HTTPS

1. Increased Security: HTTPS encrypts the data exchanged between your site and visitors, protecting sensitive information such as login credentials and payment details.
2. SEO Boost: Search engines like Google give preference to sites that use HTTPS, which can improve your website’s search rankings.
3. Improved Trust and Credibility: Visitors are more likely to trust a site that displays a secure padlock in their browser, leading to better user engagement and conversions.
4. Browser Warnings: Most modern browsers display warnings for sites that are not using HTTPS, which could deter potential visitors.

Conclusion
Enabling HTTPS on your website is a critical step in securing your online presence and ensuring visitor trust. By following the steps above, you can seamlessly enable HTTPS using cPanel, accessed via the Client Area, and provide a safe browsing experience for your users.

If you encounter any issues or need assistance, don’t hesitate to contact our support team.