How to force your site to use SSL (https) using cPanel

269ac00f765508cb74b25d006dbf5bb2

Written by Dennis Nind

Last published at: February 8th, 2019

First of all, you will need to install an SSL certificate to your site - a guide on how to do this can be found here...


Install a free SSL via the LetsEncrypt plugin in cPanel

Installing an SSL certificate in cPanel is easy! Best of all, its free with Brixly. 

Important

Installing a certificate does will not force your browsers to visit the site via https:// - to do this, you would need to see our 'How to force your site to use SSL (https) using cPanel' guide.

Locating the plugin

Find the “Let’s Encrypt™ for cPanel” icon in the “Security” category, or by searching for “Let” or “ssl” in the top search bar:

The very first time you visit this page may take a few seconds, as it will register an anonymous account key with the Let’s Encrypt™ CA.

The Interface

The interface is split into two sections. The first section will list all of your domains that have “Let’s Encrypt™” certificates issued, their expiry, and options to remove, reinstall and view them:

The second section will list all of the domains configured in your account that are eligible to have a certificate issued for. Please note, redirected domains are unable to have a certificate issused.

Issuing a new certificate

Prerequisites

There are two important prerequisites to be met in order for a certificate to be able to issued:

Info

  • The domain name(s) you want signed must be pointing to this cPanel server already
  • The Let’s Encrypt™ CA must be able to visit http://your-domain/.well-known/acme-challenge/xxx successfully.

These directories/files will be created automatically, but you should take care that you do not have any .htaccess rules that prevent access. Most users will fulfil these requirements automatically.

Issuing Process

First, click the + Issue button to the right of the domain you wish to issue a certificate for. Please note, any you will be able to select any extra domains to include on the certificate in the next screen.

Ensure that all of the domains you wish to include in this certificate are selected as included and click ‘Issue’. The process may take anywhere from 10 to 45 seconds, so do not navigate away from the page. At completion, the keys and certificates should be installed on the server, with a success message:

If you receive an error message, please check Troubleshooting.

Renewing certificates

Certificate renewal is automatic in the background. Your certificate will be attempted to be renewed every day from the point it is 30 days from expiring. The prerequisites listed above for issuing must still be met during the renewal attempts, or the attempts will fail. 

Reinstalling certificates

The certificate can be reinstalled at any time through the “Reinstall” action. Possible reasons for reinstalling can be enabling SSL for mail servers post-issuing, or if the certificate was removed from the SSL/TLS manager. The status column will show the current status of the certificate on the system. If for any reason the certificate was removed from the SSL/TLS manager without being removed from the Let’s Encrypt™ plugin page, this status column will display “Uninstalled”.

Removing certificates

To uninstall a certificate, it is best to press “Remove” on the Let’s Encrypt™ for cPanel plugin page, rather than doing through the SSL/TLS Manager that comes with cPanel. This is because our uninstall process also removes the key and certificate from the manager, in one click. Please note that uninstalling a certificate will not revoke it at the Let’s Encrypt™ CA. You may wish to back up the private keys before you perform any uninstallations, as they are irretrevable, and you will require them if you want to use any of your previous certificates again.

Configuration file

All configuration and certificates are stored in ~/.cpanel/nvdata/letsencrypt-cpanel. We recommend you keep a backup copy of this file.


Once your certificate is installed, you will need to redirect from 'http://' to 'https://' - this can be achieved in a number of ways...


Using our CloudNS plugin

From within cPanel, go to...

  1. Nginx Cluster Control -> CLOUDNS
  2. Next, select the domain drop the dropdown list and click 'Configure'
  3. Click 'APPLICATION SETTINGS'
  4. Scroll down until you see a section for 'Redirections'
  5. 'Enable' the redirect_to_ssl option
  6. Click 'Submit'

That's it! You are done - now, your site will be forcing the https:// protocol instead of using http://


Force https:// via a .htaccess file

To force all web traffic to use HTTPS insert the following lines of code in the .htaccess file in your website's root folder. Important:If you have existing code in your .htacess, add this above where there are already rules with a similar starting prefix.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Be sure to replace www.example.com with your actual domain name. To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Make sure to replace example\.com with the domain name you're trying force to https. Additionally, you need to replace www.example.com with your actual domain name. If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R,L]

Make sure you change the folder reference to the actual folder name. Then be sure to replace www.example.com/folderwith your actual domain name and folder you want to force the SSL on.


Force https:// using a WordPress plugin

There are tons of plugins available for this purpose, however, the one we recommend is called 'Really Simple SSL' - this can be downloaded in WordPress via the Plugins section of your Dashboard. One thing you will need to also do when setting https:// for your WordPress site is ensure your 'Site URL' in Settings -> General also have 'https://' in.