Roots Discourse

How to force HTTPS?

#1

Hello,

I am currently using Bedrock with the following .htaccess file on my server (as specified in the docs) :

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

I have also specified an HTTPS URL in my .env file. However I can still access the website through HTTP. How could I force it to HTTPS ?

Thanks !

0 Likes

#2

As far as I know, the URL in the .env file is mostly used internally for WordPress URLs, so it won’t affect server configuration. Bedrock is a tool for managing WordPress and its dependencies, it’s not really a tool for server configuration, which is what forcing HTTPS would be. Several of these results look promising: https://www.google.com/search?q=force+https+apache

1 Like

#3

I’ve always had success with adding the following from html5boilerplate into my .htaccess (outside of the BEGIN/END wordpress):

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

but note the following:

If you’re using cPanel AutoSSL or the Let’s Encrypt webroot method it will fail to validate the certificate if validation requests are redirected to HTTPS.

So if that’s the case you would need to add:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
+  RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+  RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[\w-]+$
+  RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
1 Like

closed #4

This topic was automatically closed after 42 days. New replies are no longer allowed.

0 Likes