SSL not displaying across website / Alternate Domains not displaying SSL


#1

Aloha,

I used SSLforfree.com to establish an SSL for my Wordpress site on Linux with CPanel, hosted by Godaddy. I created one certificate to include alternate domains which for now, are redirects (I plan to switch to Wordpress’s multisite option).

My domain is melissadanielle.com. Alt domains (redirects) are doulainparadise.info, motherworthlove.club, pcoshealthcoach.info, pcospregnancy.info, truthanddesirelab.com, www.melissadanielle.com

When I go to melissadanielle.com, the SSL displays. If I click on a link in the nav menu, the SSL displays. If I enter it manually, it doesn’t, e.g. melissadanielle.com goes to https, while melissadanielle.com/all-the-things goes to http.

The only alternate domain that redirects to https is truthanddesirelab.com. The other redirects will send to http instead of https.

What did I miss here?

Mahalo for your time.


#2

How did you set up the redirects? (I mean, did you use a Wordpress option or plugin, or something within CPanel, or something in GoDaddy’s interface, or your Apache configuration, or …?)


#3

In cPanel, they are either entered as addon domains and/or redirects.


#4

Hi,

Those redirects normally need to edit .htaccess file.

Please check the tutorial here (that’s coming from a competitor, NameCheap)
https://www.namecheap.com/support/knowledgebase/article.aspx/9770/38/how-to-force-https-using-htaccess-file-in-cpanel

Thank you


#5

Thank you for this resource!

Unfortunately, it didn’t work.

I moved the domains from addons to alias and no https.

I turned my wordpress site into a multisite network and the subdomains are also not reflecting https :frowning:

I’ll continue to search for a fix.

Thank you much!


#6

Hi @melissadanielle

did you change your .htaccess? Something like

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

should redirect the complete traffic. The .htaccess is a file in your webroot.

Some links you may fix manual:

https://melissadanielle.com/all-the-things/ has http://melissadanielle.com/platejoy as http-link.

Additional, you may add the HSTS (Strict Transport Security) header:

Strict-Transport-Security: max-age=31536000; includeSubDomains

So a browser loads one https - page - then switch to https, if the page is from the same domain, but http.


#7

Thank you!

Where do I put the HSTS in the htaccess file?

This is the message I receive for the subdomains

This server could not prove that it is pcospregnancy.melissadanielle.com ; its security certificate is from *.prod.phx3.secureserver.net . This may be caused by a misconfiguration or an attacker intercepting your connection.


#8

And yes, I placed that Rewrite code into the .htaccess file.


#9

This is a http header, so you may use Apache, WordPress or .htaccess:

Header add Strict-Transport-Security "max-age=31415926;includeSubDomains;"

If you have such a message, then you should reduce your ReWrite Condition.

RewriteCond %{HTTPS} !=on

sends the complete http traffic to https, but that requires that you have correct certificates. So reduce that:

RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^melissadanielle\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.melissadanielle\.com$
RewriteRule ^(.*)$ https://melissadanielle.com/$1 [R=301,L]

If the request uses port 80 (= http) and if the domain name is melissadanielle.com or www.melissadanielle.com, then the page is redirected to https://melissadanielle.com

So you redirect only this domain. Later, you may add additional rules redirecting other domains.


#10

Adding this to .htaccess triggered a 403.

I just noticed in cpanel that I have two .htaccess files. Is this creating a conflict?

There’s one in the root and one in the public/html.


#11

Hi,

I don’t get why it’s not going to work…
Where did you placed the .htaccess file?

It should be placed under public_html (your document root)

Thank you


#12

There is a missing last ".

Strict-Transport-Security “max-age=31415926;includeSubDomains;”

is correct.


#13

PS: If HSTS via .htaccess doesn’t work: You can add in your vHost-configuration a line:

<VirtualHost>  
 Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"  
 </VirtualHost>  

Then it’s not a global rule, only a rule inside this vHost.


#14

It didn’t work with the correction.

I am going to set up an additional SSL with the subdomains. This feels like the simplest way to resolve this.

Thanks everyone for all of your time and attention!


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.