Force website to use only HTTPS

I am trying to force my domain only to HTTPS.

can any one please advise the steps…


hi, most simple solution would be to use .htaccess file for this…

RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$$1 [R,L]

Be sure to replace with your actual domain name.

Or you can try this:
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteCond %{HTTP_HOST} ^(?:www.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

This will redirect http://www.domain and http://domain to https://www.domain.

No need to change any line with your domain, it will work regardless what domain you are using.

Thanks for the quick response.

I am new to VPS and maintaining Control panel…

do we have this option in virtualmin or I have to do it termanal??

Please provide the process steps if possible…

Many thanks

Use htaccess file and insert one of this two suggestions but not both. If you dont know what is htaccess then you should learn at least some basics or pay someone to manage your server. No point to ask such help on forum.

You can download and edit .htaccess by going to webmin-webmin-filemanager-var-www-html (unless its the default webmin url which is found in webmin-webmin-filemanager-home…etc) and edit it on your computer. then upload it backup to webmin.

Thank you for response…
sorry for simple questions. As informed I am new to VPS hosting… I am learning day by day

i was not able to find .htaccess file in both locations mentioned by "adamjedgar ". hence i created .htaccess file (one file in one location at a time) and added both type code (one at a time) provided by you guys…
unfortunatly… no change happened with the server… I restarted apache also…


.htaccess is often a hidden filetype. Have you ensured you can see hidden filetypes in virtualmin?

Also, where is your website, in the webmin directory or a virtualmin virtual server? (Thus will have an impact on where your .htaccess is to be found or created)

Have you ever used https for any website before? If not, you need to read up on how to create and use ssl certificates and implementing their use in a website. Just telling webmin/virtualmin to use ssl doesnt do diddley squat without an ssl certificate for your website.

Lookup/research “letsencrypt” for example.
Is your website a wordpress one or other cms like it? If so there is an additional process required from inside the cms itself to get ssl woeking properly.

Also, if your website is a static html one that has no customer accounts, i would argue ssl is a waste of time…there is no need for encryption between your website and a browser unless private data is being stored. Even with ecommerce, if you are passing off transactions to paypal, it uses paypals own gateway and ssl for payment not yours. We are getting to a stage in internet use however where ssl is being used with everything. To me this is largely paranoid thinking…but it is what it is. If people really understood how vulnerable they really are, mobile phones would be treated like leprosy was in days of old.

NO NO NO… it is ALWAYS good to ask on the forum!!!

You say above that “you should learn” and that is how many people learn, by asking questions on the forum.

We love forum questions!!

Nope, there is a lot of literature online and for free what anyone should read before asking questions otherwise is just laziness and counterproductive. Person asking this kind of questions will never learn and people answering will waste their time instead of helping someone else who got stuck even after learning/reading (e.g. no one knows everything). So the lazy one gets the help without investing one minute of his life to at least try to understand and learn.

When it comes to htaccess this is so basic thing that anyone should know it before they even order unmanaged hosting.

I am sorry… I am not ready to accept I am lazy…

I search in web and forums before posting any questions here…
some time It might be difficult to understand technical terms… or the answer is old/not working or the steps in the documentation might not be same because of software or template update.

I liked virtualmin, their focus towards opensource, all its features and support.

As informed earlier, never worked on server side configuration, Initially I just got confused with the user interface which distinguish between webmin server and virtualmin server and its basic configuration.

I was using shared hosting with Cpanel and any technical issues I was requesting technical team. I only used c-panel earlier and was able to find easy might be because I was use to it or more easy icon oriented and grouped together on similar tasks.

come to your last point.
I posted this question (or basic question) by assuming that some where in virtualmin there might be an option to tick or untick which will directly force website to use only https… I was not aware that it is related to .htaccess file - I was not even aware what “.htaccess” file is and its functionalities until I read post here. once I got response from you guys I started searching more about it.

my recommendation/request would be - when we ask questions and if there is an answer or documentation/knowledge-base already exists - please divert us to the link instead re-answering it…

with my interest on learning more serverside, I decided to try unmanaged VPS… (i am not hosting any production website here at this point)

I appreciate your patience and thanks for understanding.


You got two perfectly fine answers to your question from unborn and myself. But the fact that you dont know where and how to deal with htaccess file just confirms what i said in my previous post. Its hard if not impossible to help someone managing the server if that person doesnt have at least some basic knowledge and that you get by learning from huge amount of available (and free) documentation, you know - like we all did in school from books.

Either way both answers you got are good and you can use any of them with or without some modifications. All comes down what you want to achieve. To learn more about htaccess file its enough to type it in google and you will get tons of documentation to read. If you stuck with something i’m sure you are more than welcome to come here and ask questions, or even better look for dedicated communities e.g. forum for centos,ubuntu, apache, bind… and of course this one in case you need help with Virtualmin.

Please keep it friendly, Diabolico.

Questions are always welcome, even seemingly simple ones. If it’s not a question you’re interested in, just move on to another topic. There are tons of tougher questions to keep it interesting (there’s always a few that stump me, too, and I often hope someone else with experience can help out in those threads).

Appreciate your help. Can you kindly suggest the right code to redirect an http to https for all except one directory on public_html ei
/.Well-known/acme-challenge as thats the dir created by SSL certif issuer. Can we put that dir to exceptions? Reason is when you renew
the certificate letsencrypt stores and loads a test file on port 80 using http. IF we have forced http to https it gives an error.
Is there any way? Please advise. Thank you for help.

Can anyone kindly suggest the right code to redirect an http to https for all except one directory on public_html ei /.Well-known/acme-challenge as thats the dir created by SSL certif issuer. Can we put that dir to exceptions? Reason is when you renew the certificate letsencrypt stores and loads a test file on port 80 using http. IF we have forced http to https it gives an error. Is there any way?
I use this code to redirect to https : RewriteRule ^(.*)$$1 [R,L]

I need to add code so that letsencrypt is not forced to https as it works with http Do you think this code will add an exception to letsencrypt?

RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/

Answer from some other topic :stuck_out_tongue_winking_eye:

Virtualmin --> Services --> Configure Website --> Edit Directives

RewriteEngine On

under paste

RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R]

Restart Apache


Answer 3 has always good for me, weird even when you search ‘Force website to use only HTTPS’ you cannot find this thread.

Is not time to use better software??

Confirming #16 worked a treat for me.
Just make sure to remove the 4 rewrite conditions that are there (in my case there was 4 lines) otherwise you will get a bunch of too many redirect errors.

Virtualmin --> Services --> Configure Website --> Edit Directives
look for
RewriteEngine On

then paste directly under that: RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R]

Restart Apache and you will be good to go.


1 Like

According to apache, rewriterules are not the preferred way to do it.
Warning here:

The preferred method is to use a redirect. Here is the example to redirect an entire non-ssl site to the ssl version.

NameVirtualHost *:80
<VirtualHost *:80>
Redirect /

The virtualmin way to do it:

I cannot paste images, so hopefully this makes sense for the options you need to fill out. Understand that https://website.url needs to be modified to suit your domain name.

Source URL: / Destination: https://website.url Include sub-paths? Yes Enable redirect for: Non-SSL website only

Yes, Yes and Yes! that’s the way to go

Also who made diabolico king?