Guide: Redirecting to HTTPS with .htaccess

If you've recently added an SSL certificate to enable HTTPS access on your website, chances are that you will need to redirect anyone visiting the old HTTP URL to the new HTTPS URL.

Skill level: Intermediate (for potential to temporarily break website functionality)
Requires: .htaccess file / Apache web server
Where to find the .htaccess file: The document root of your website

To protect against typos or unexpected issues, backup your .htaccess file before editing it.


The solution

Place this code above all other lines in .htaccess file in your sites document root:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

What does the solution code do?

  1. The first line enables mod_rewrite if it isn't already enabled.
  2. The second line sets a condition that the third line will only apply if the site is accessed without HTTPS encryption.
  3. The third line redirects to the same path on the same domain. (Technically the redirect will use HTTP status code 301, and no further rules will be processed by the web server before redirecting, on this page load.)

Notes:

  • Typos or errors in your .htaccess file may break your website. Please edit with caution. Backing up the file or it's contents before editing is strongly suggested.
  • You may need to clear your browser cache or restart your web browser after making changes to the file.
  • If your site has a backend configuration setting for it's domain name, you will likely need to update the setting to ensure links are generated correctly.
  • Files starting with a dot, such as .htaccess are hidden by default in Linux operating systems. You may need to set your file management app to show hidden files before you can see them.
  • If the file is missing, an empty text file named .htaccess can be created in the document root of your website. Do not give the file an extension. (.htaccess.txt would be wrong)
  • Be sure to visit your website after making the change to ensure it works as expected and doesn't create any problems.
  • .htaccess files typically apply to all directories within and "below" their current directory. If other websites are stored within subdirectories of your site, they may be impacted by this change and should be checked for proper functionality too.
  • The code can be removed if it causes problems or you not longer want the redirect.
  • If problems arise, restore your backup of the .htaccess file to it's state before editing it.

Resources:

Author image
Life time nerd with 15 years experience in coding, web development, and web hosting. These days I run an automotive business, but still help people learn to manage their own websites.
top