Categories
Web Development Web Server

Forcing a Website To HTTPS

With Dreamhost how providing free Let's Encrypt certificates, there's no reason not to set up a certificate and start running your site on a secure connection.

To force incoming connections to use the secure https protocol, you set your .htaccess file to rewrite http:// to https://.

The .htaccess file should be found in the root of your website, it may be hidden. You may find that the RewriteEngine On directive is already there, in which case it can be omitted.

Note: If the .htaccess file is not visible, you need to make it visible.  In CuteFTP (adapt these instructions for other FTP clients) right-click the website root folder, Select Filter, enable server side filtering, the enter the remote filter -L-a.  Alternatively you can right click the site in the CuteFTP Site Manager and apply the filter there.

Add the following near the top of the .htaccess file:

RewriteEngine ON
RewriteCond %{HTTPS} !=ON
RewriteRule ^ <a href="https://%25%7bHTTP_HOST%7d%25%7bREQUEST_URI%7d">https://%{HTTP_HOST}%{REQUEST_URI}</a> [L,R=301]

If you're having trouble with the secure padlock icon on your site, visit https://www.whynopadlock.com/ for some tips on how to clear up any issues blocking full encryption on your site

Reference: http://wiki.dreamhost.com/DreamPress#How_do_I_use_SSL_on_DreamPress.3F (Though this info didn't work without modification)