Get Your Web Server Secure

Even though we get a free SSL Certificate with our hosting package (The thing that tells web browsers the site is safe to visit), we have to make sure our web server is configured to utilize it. We do this in a hidden file on our web server called .htaccess.

The following tutorial will walk us through adding a bit of code to the top of our .htaccess file to force our http calls to  load https. I couldn’t have done it without the information gathered from:

https://www.inmotionhosting.com/support/website/security/ssl-lock-display

https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

View Your own .htaccess file

By default, the .htaccess file is hidden on your web server. We need to adjust the settings to be able to see hidden files.

  1. Login to cPanel
  2. Launch the File Manager in the Files area.
  3. In the upper-right hand corner, click on the Settings button.
  4. Check the Show Hidden Files Box

Download your .htaccess file

Now you can see all kinds of new files in your file manager.

  1. double + click your public_html folder
  2. look for the .htaccess file and double+click to download it
  3. Save the .htaccess file

I am extra careful, so usually move my original .htaccess file to a new folder so I can re-upload it in case something goes wrong.

  1. (optional) on a duplicate .htaccess file add the folllowing code to the top:

RewriteEngine OnRewriteCond %{HTTPS} !onRewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Replace the old .htaccess file on your webserver with the new one

Once you save your new .htaccess file, you need to upload it back to the public_html folder on your server.

  1. Open your File manager  in cPanel
  2. Click the upload button
  3. Browse to your new htaccess file (note the dot is gone from the file neame)
  4. upload the new file
  5. In your public_html folder, you will now see 2 htaccess files; one with a dot (original), and one without (new).
  6. right + click on the one WITH the dot, and delete it
  7. right + click on the one WITHOUT the dot and rename it (just add a dot in front of the name)

The Results

With any luck, you will be able to go to any non-cms site within your hosting account and the browsers will be redirected to https, ensuring browsers see your site as secure. If for some reason this doesn’t work for you, explore the links provided above at inmotionhosting.com and see what you can do.