Hello

i am facing an unique problem

i have 70 domains on my cPanel server, easyapache4 with xvarnish around 20 of them have STRICT http to https redirection

but the remaining dont have STRICT redirect for some reason,

same server same configuration, i have tried wordpress, html, php all kinds of website but the issue is the same.

50 domains have this issue

DOMAINNAME -> http://DOMAINNAME - but no strict redirection to HTTPS

http://DOMAINNAME -> http://DOMAINNAME - but no strict redirection to HTTPS

https://DOMAINNAME -> https://DOMAINNAME - HTTPS is fully secure no issues

for 20 domains it is working perfect

DOMAINNAME OR https://DOMAINNAME OR http://DOMAINNAME -> https://DOMAINNAME - all of them get redirected to HTTPS no matter what PERFECT

if it was not working for all i can understand but it is working fine for some, this includes domain and subdomains as well, also different TLDS not the same

can anyone help me with this

Regards
Andy

Hello,

So by “strict”, do you mean that the http version redirects to the https version? Not to be confused with HTTP Strict Transport Security.

The first thing I would check is that .htaccess files of websites that are doing the redirect vs those that aren’t.

In my experience most cPanel-based websites use .htaccess rewrite rules on an individual website/directory basis to do HTTPS redirects - I’m not aware of anything that does this at a global server level.

Is this the case for you?

You’d first need to let us know what the source of the redirects is for the 20 working domains, to understand why it is not working for the 50 domains.

I’d guess that this question doesn’t really belong on this forum since the certificate itself does not have any impact on behavior like this. Your question might be suited to somewhere better like serverfault.com .

Hi @server4sites

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.