Force your site to load securely with an .htaccess file

  • Home
  • cPanel
  • Force your site to load securely with an .htaccess file

After you have added an SSL certificate to your domain, DreamHost automatically redirects the URL visitors use to view your site from HTTP to HTTPS. The S ensures that your connection is encrypted. For example:

  • https://example.com

There’s nothing on your end you must update in order to force your site to use the secure URL. However, in some special cases, it may be necessary for you to create your own custom configuration file to force the redirect from HTTP to HTTPS.

 

What to change in the examples below?

The examples below can be entered into your .htaccess file exactly as shown.

Only if the example contains a URL in bold should you change that to your actual URL. For example, if you see the domain example.com, change this to your own domain name.

Forcing the domain to serve securely using HTTPS (for any site)

The following forces any http request to be rewritten using https. For example, the following code forces a request to http://example.com to load https://example.com. It also forces directly linked resources (images, css, etc.) to use https:

 

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

If this isn’t working for you, first check your line endings. Copy/paste from your web browser into a text editor may not work right, so after pasting into your text editor you should delete each line break and add it back in (line break = return key).