Force HTTPS for your site


#4

Glad to hear you found a fix! Although the example .htaccess code here includes some WordPress code for most apps it should still be reproduceable. In some cases you might have to add an .htaccess file if one doesn’t exist and then add the three lines to it to force https URLs. But every app is a bit different so glad to hear you were able to get it working.


#5

This is nice, just did it for a DoOO institution setup and it works well. I am also using the plugin SSL Insecure Content Fixer to clean image URLs, etc. Is that the one you recommend?


#6

Yep, that’s a great plugin for a quick fix. Long term if someone is really a masochist at heart they could do a search and replace in the database for http://yourdomain.com and replace it with the https version which should work (I use this tool and like it).


#7

This plugin is lightweight and works a treat Really Simple SSL — WordPress Plugins


#8

So…after doing that edit, or when I go https://(my domain), it takes me to a completely different site. My site’s address (pynchoninpublicpodcast.com) shows up in the address bar, but it’s not my site at all. What’s going on there?


#9

It looks like the cert hasn’t been installed for your site (it may be that the server hasn’t picked up on the domain yet, the cert installs happen on a daily cron but sometimes rate limits prevent it from grabbing every domain). Can you try installing the certificate by following the guide at Installing Free SSL Certificates and see if that works?


#10

Thanks for trying to help. I tried getting the cert earlier, but tried again just now, and I get an error message saying too many cert are being assign to Reclaim Hosting right now. Do I just need to wait?


#11

I was able to get it working. When the Let’s Encrypt plugin asks whether to include other domains you have to uncheck the reclaim.hosting URLs (those are development URLs and probably have hit rate limits with Let’s Encrypt’s service). Should be working now at https://pynchoninpublicpodcast.com


#12

Ah! Thank you ever so much.


#13

Tim, I must say… you are a master at tutorials!! I followed all the steps exactly as you described, and it was like magic!!! Thanks again! :slight_smile:


#14

In my wordpress blog, I was able to force ssl by simply replacing http://mysite.com by https://mysite.com in the general settings in the wordpress panel itself. It worked.


#15

Thanks for this tutorial! Worked like a charm.


#16

@timmmmyboy There seems to be a strange conflict between this approach to forcing HTTPS and the installation of Python. After installing Python via the Setup Python App on cPanel, I found that many of my pages no longer work; instead, my browser just displays a cryptic message:

It works!

Python 3.5.3 

Sure looks like a success message coming from a some Python based web server. The problem specifically affects directory links with no index.html file - like a WordPress blog. It also appears when trying to open a non-existent page, rather than a 404 Not Found message.

Looking in my .htaccess file, I found the following bit of code that was evidently placed there by the Python installer:

# DO NOT REMOVE. CLOUDLINUX PASSENGER CONFIGURATION BEGIN
PassengerAppRoot "/home/marksmat/python"
PassengerBaseURI "/"
PassengerPython "/home/marksmat/virtualenv/python/3.5/bin/python3.5"
# DO NOT REMOVE. CLOUDLINUX PASSENGER CONFIGURATION END

Removing the code that was surrounded by the all caps DO NOT REMOVE warnings seems to have fixed the problem. :slight_smile: My webpages, command line Python, and CGI scripts written in Python all seem to work fine but, naturally, I do wonder if there will be a problem later.


#17

If you’re running a WordPress blog at the root of your domain then you’d choose a different location for the Python App. The Passenger stuff gets added wherever the Base URL is specified in the app setup so if you choose the top level of the domain it will effect whatever is running there.


#18

When installing both the blog and the Python App, I was asked where to place them. The python app is in ~/python - completely outside of my public_html directory so I don’t know why the .htaccess file in my ~/public_html file would have been changed. The wordpress blog is in ~/public_html/clopen and there is a separate .htaccess file in there. I did not setup a subdomain for it.

Thanks!


#19

I recommend the Really Simple SSL plugin as well.


#20

I know this post is from a while ago but I found it extremely helpful! I’m just running into one problem. Every page of my site, except the homepage is showing the green “secure” notification in Google Chrome. Any ideas? My site is emilylaynedesigns.com. Thanks!


#21

Emily,

I would try installing this plugin and running it:

That should clean-up and images on the homepage not served over https

Let us know if issue persists.

Best,
Jim


#22

I have this installed and activated as well. Thanks!


#23

Emily,

Looks like a few hardcoded links might be the issue, I can still see a few images loading over http when I use the Chrome developer tools and go to JavaScript Console:

I would see if they are still anywhere in a post, menu item, etc. and update those links, they are definitely the issue.

Best,
Jim