Installing an SSL certificate means securing your website with an encrypted HTTPS connection. This does not mean that the insecure HTTP connection disappears from your site. You have to make your website switch from HTTP to HTTPS. Otherwise, your visitors will continue to land on the insecure version of your website. We point out some ways you can force your visitors to surf to your secure HTTPS website.
Force HTTPS via our control panel
Going from HTTP to HTTPS by turning on just one button? You do that by enabling “Force HTTPS” in our control panel. That’s the easiest way to automatically redirect visitors headed to your insecure HTTP version, to the secure version with HTTPS.
“Forcing HTTPS” is done via these steps in our control panel:
- Go to “My products” > “Web hosting” > Your domain name.
- In the menu on the left, choose “Domain names & SSL”.
- On the right, click “Manage website” and choose “SSL settings” in the dropdown.
- Tick HTTPS forcing.
From HTTP to HTTPS by modifying your code
If you have technical knowledge, you can also dive into your code to force HTTPS. Where in your website’s code to make that adjustment depends on which hosting you use. Linux (the most commonly used) or Windows hosting:
HTTPS forceren op Linux
Is your website running on Linux? Then add this code to the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Forcing HTTPS on Windows hosting
Are you using Windows hosting? Then you need to update your web.config file. This example shows how to do this edit:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Tip: Is your website working on HTTPS, but your browser still marks it as insecure?
Then check for mixed content and remove if necessary.
If you are using WordPress, all you need to do is install and activate the Really Simple SSL plugin. This will solve the problem of mixed content.