Force SSL for all websites

Jeroen Maas

• June 20, 2017 08:08

Is it possible to force all cpanel hosted websites to run on HTTPS only? I know i can do it on a website basis using custom .htaccess. But is there a "global" way using WHM? Regards, Jeroen Maas

• 

  cPanelMichael

  • June 20, 2017 13:35

  Hello Jeroen, You could setup a custom Mod_Rewrite rule that redirects non-SSL requests to the SSL version of the website and then ensure it's applied to all virtual hosts using the instructions for "Apply to all virtual hosts on the system" and "Without SSL" on the following document: Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation Thank you.

  0
• 

  Jeroen Maas

  • June 20, 2017 13:56

  Just tried it out. That works really well! Thank you

  0
• 

  cPanelMichael

  • June 20, 2017 14:47

  I'm happy to see it works as intended. Thank you for updating us with the outcome.

  0
• 

  delia

  • February 13, 2018 17:21

  Hello Jeroen, You could setup a custom Mod_Rewrite rule that redirects non-SSL requests to the SSL version of the website and then ensure it's applied to all virtual hosts using the instructions for "Apply to all virtual hosts on the system" and "Without SSL" on the following document:

  
  Okay, so that is a wow! Please confirm that if you want all sites to use SSL that you choose the without SSL. That is counter intuitive to me! Are there any gotchas in this? There are sites already doing a forced redirect with the addition of force non to www. I'm having so much trouble getting these to work using cPanel redirects that I'm a bit hesitant to play with it server wide but this could be a major solution for me as long as I don't have sites going down all over the place.

  0
• 

  cPanelMichael

  • February 13, 2018 17:25

  Please confirm that if you want all sites to use SSL that you choose the without SSL

  
  Right, you'd use the "Without SSL" instructions to apply the rules in your custom include file to access attempts made using "http" and not "https". There's always a potential for custom Mod_Rewrite rules to conflict with the website's script. You may want to test the rules on individual virtual hosts first to make sure they don't lead to any issues accessing the websites. Thank you.

  0

Please sign in to leave a comment.