Find us on social media

Client area
SSLHTTPSSecurity4 min read

Configure SSL and force HTTPS

AutoSSL, Let's Encrypt, force HTTPS via .htaccess, fix mixed content and HSTS.

What is SSL/TLS?

SSL (Secure Sockets Layer) encrypts communication between the browser and your server. It is mandatory for SEO, user trust and regulatory compliance. At Baires Host, all plans include free SSL certificates via AutoSSL.

Activate AutoSSL

  1. Log in to cPanel
  2. Go to SecuritySSL/TLS Status
  3. Verify that your domain appears in the list
  4. If it does not have a certificate, click Run AutoSSL
  5. Wait a few minutes for the certificate to be issued

Requirement: The domain must point to the server (DNS propagated) for AutoSSL to work.

Force HTTPS via .htaccess

Once SSL is active, redirect all traffic to HTTPS:

apache
# Add to the beginning of .htaccess in public_html
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Force HTTPS from cPanel

  1. Go to DomainsDomains
  2. Next to your domain, enable Force HTTPS Redirect

Fix mixed content

If your site loads resources over HTTP within an HTTPS page, the browser blocks them.

Identify mixed content

Open the browser console (F12) and look for "Mixed Content" warnings.

Solutions

WordPress:

sql
-- Update URLs in the database
UPDATE wp_options SET option_value = REPLACE(option_value, 'http://yourdomain.com', 'https://yourdomain.com');
UPDATE wp_posts SET post_content = REPLACE(post_content, 'http://yourdomain.com', 'https://yourdomain.com');

General (.htaccess):

apache
# Upgrade insecure requests
<IfModule mod_headers.c>
  Header always set Content-Security-Policy "upgrade-insecure-requests"
</IfModule>

Configure HSTS

HSTS (HTTP Strict Transport Security) tells the browser to always use HTTPS:

apache
# In .htaccess
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

Important: Only enable HSTS when you are sure HTTPS works correctly across the entire site.

Automatic renewal

AutoSSL renews certificates automatically before they expire. If renewal fails:

  1. Verify that DNS still points to the server
  2. Check that no .htaccess rule is blocking validation
  3. Run Run AutoSSL manually from cPanel

Verify the installation

bash
# Verify certificate
curl -vI https://yourdomain.com 2>&1 | grep -i 'expire\|subject\|issuer'

# Full test
# Visit: https://www.ssllabs.com/ssltest/

Recommendations

  • Always force HTTPS on all domains and subdomains
  • Enable HSTS after verifying everything works
  • Periodically check the certificate expiration date
  • If using Cloudflare, set SSL mode to "Full (Strict)"
Was this guide helpful?
← Back to Web Hosting