Aloha,
I used SSLforfree.com to establish an SSL for my Wordpress site on Linux with CPanel, hosted by Godaddy. I created one certificate to include alternate domains which for now, are redirects (I plan to switch to Wordpress’s multisite option).
My domain is melissadanielle.com . Alt domains (redirects) are doulainparadise.info, motherworthlove.club, pcoshealthcoach.info, pcospregnancy.info, truthanddesirelab.com , www.melissadanielle.com
When I go to melissadanielle.com , the SSL displays. If I click on a link in the nav menu, the SSL displays. If I enter it manually, it doesn’t, e.g. melissadanielle.com goes to https, while melissadanielle.com/all-the-things goes to http.
The only alternate domain that redirects to https is truthanddesirelab.com . The other redirects will send to http instead of https.
What did I miss here?
Mahalo for your time.
How did you set up the redirects? (I mean, did you use a Wordpress option or plugin, or something within CPanel, or something in GoDaddy’s interface, or your Apache configuration, or …?)
In cPanel, they are either entered as addon domains and/or redirects.
Hi,
Those redirects normally need to edit .htaccess file.
Please check the tutorial here (that’s coming from a competitor, NameCheap)
https://www.namecheap.com/support/knowledgebase/article.aspx/9770/38/how-to-force-https-using-htaccess-file-in-cpanel
Thank you
Thank you for this resource!
Unfortunately, it didn’t work.
I moved the domains from addons to alias and no https.
I turned my wordpress site into a multisite network and the subdomains are also not reflecting https
I’ll continue to search for a fix.
Thank you much!
Hi @melissadanielle
did you change your .htaccess? Something like
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
should redirect the complete traffic. The .htaccess
is a file in your webroot.
Some links you may fix manual:
All the Things with Melissa Danielle - Melissa Danielle & Co. has http://melissadanielle.com/platejoy as http-link.
Additional, you may add the HSTS (Strict Transport Security) header:
Strict-Transport-Security: max-age=31536000; includeSubDomains
So a browser loads one https - page - then switch to https, if the page is from the same domain, but http.
1 Like
Thank you!
Where do I put the HSTS in the htaccess file?
This is the message I receive for the subdomains
This server could not prove that it is pcospregnancy.melissadanielle.com ; its security certificate is from *.prod.phx3.secureserver.net . This may be caused by a misconfiguration or an attacker intercepting your connection.
And yes, I placed that Rewrite code into the .htaccess file.
This is a http header, so you may use Apache, WordPress or .htaccess:
Header add Strict-Transport-Security "max-age=31415926;includeSubDomains;"
If you have such a message, then you should reduce your ReWrite Condition.
RewriteCond %{HTTPS} !=on
sends the complete http traffic to https, but that requires that you have correct certificates. So reduce that:
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^melissadanielle\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.melissadanielle\.com$
RewriteRule ^(.*)$ https://melissadanielle.com/$1 [R=301,L]
If the request uses port 80 (= http) and if the domain name is melissadanielle.com
or www.melissadanielle.com
, then the page is redirected to https://melissadanielle.com
So you redirect only this domain. Later, you may add additional rules redirecting other domains.
Adding this to .htaccess triggered a 403.
I just noticed in cpanel that I have two .htaccess files. Is this creating a conflict?
There's one in the root and one in the public/html.
Hi,
I don’t get why it’s not going to work…
Where did you placed the .htaccess file?
It should be placed under public_html (your document root)
Thank you
There is a missing last ".
Strict-Transport-Security "max-age=31415926;includeSubDomains;"
is correct.
PS: If HSTS via .htaccess doesn’t work: You can add in your vHost-configuration a line:
<VirtualHost>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</VirtualHost>
Then it’s not a global rule, only a rule inside this vHost.
It didn’t work with the correction.
I am going to set up an additional SSL with the subdomains. This feels like the simplest way to resolve this.
Thanks everyone for all of your time and attention!
1 Like
system
Closed
October 20, 2018, 9:54am
15
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.