Force SSL for all websites

Jeroen Maas · Jun 20, 2017

Is it possible to force all cpanel hosted websites to run on HTTPS only? I know i can do it on a website basis using custom .htaccess. But is there a "global" way using WHM?

Regards,

Jeroen Maas

cPanelMichael · Jun 20, 2017

Hello Jeroen,

You could setup a custom Mod_Rewrite rule that redirects non-SSL requests to the SSL version of the website and then ensure it's applied to all virtual hosts using the instructions for "Apply to all virtual hosts on the system" and "Without SSL" on the following document:

Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation

Thank you.

Jeroen Maas · Jun 20, 2017

Just tried it out. That works really well! Thank you

cPanelMichael · Jun 20, 2017

I'm happy to see it works as intended. Thank you for updating us with the outcome.

delia · Feb 13, 2018

cPanelMichael said: ↑

Hello Jeroen,

You could setup a custom Mod_Rewrite rule that redirects non-SSL requests to the SSL version of the website and then ensure it's applied to all virtual hosts using the instructions for "Apply to all virtual hosts on the system" and "Without SSL" on the following document:
Click to expand...

Okay, so that is a wow! Please confirm that if you want all sites to use SSL that you choose the without SSL. That is counter intuitive to me! Are there any gotchas in this? There are sites already doing a forced redirect with the addition of force non to www. I'm having so much trouble getting these to work using cPanel redirects that I'm a bit hesitant to play with it server wide but this could be a major solution for me as long as I don't have sites going down all over the place.

cPanelMichael · Feb 13, 2018

delia said: ↑

Please confirm that if you want all sites to use SSL that you choose the without SSL
Click to expand...

Right, you'd use the "Without SSL" instructions to apply the rules in your custom include file to access attempts made using "http" and not "https". There's always a potential for custom Mod_Rewrite rules to conflict with the website's script. You may want to test the rules on individual virtual hosts first to make sure they don't lead to any issues accessing the websites.

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Force SSL for all websites

Jeroen Maas Registered

cPanelMichael Technical Support Community Manager
Staff Member

Jeroen Maas Registered

cPanelMichael Technical Support Community Manager
Staff Member

delia Member

cPanelMichael Technical Support Community Manager
Staff Member

Force HTML On Clients Websites

New Thread Force regenerate server's SSL certificate

Pending Publication [CPANEL-22169] Pure-FTPd: Preserve disabled ForcePassiveIP when NAT is active

Brute force wp-login.php modsecurity

Force email password change after 1st login

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Force SSL for all websites

Jeroen Maas Registered

cPanelMichael Technical Support Community Manager Staff Member

Jeroen Maas Registered

cPanelMichael Technical Support Community Manager Staff Member

delia Member

cPanelMichael Technical Support Community Manager Staff Member

Force HTML On Clients Websites

New Thread Force regenerate server's SSL certificate

Pending Publication [CPANEL-22169] Pure-FTPd: Preserve disabled ForcePassiveIP when NAT is active

Brute force wp-login.php modsecurity

Force email password change after 1st login

Share This Page

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member