I have set up my web sites with Letsencrypt SSL cert, however when I go to the website it says it is not secure but when I enter https it shows as secure where is the .htaccess file for each website and or how do I configure one for each of my websites?
You’ll need to look to make sure you’re being served the certificate you expect (click on the lock and “more information” or whatever your browser calls it), that it is not expired, etc.
You’ll probably also want to look at the error_log when restarting Apache to see if there are any errors related to certificates.
The .htaccess file is in the root of the directory of the public Web site (typically public_html). You will have to enable view for hidden files (“dotfiles”) to see it in most applications. There may also be .htaccess files in other directories, but for this you want the one in the web root.
There are a number of ways to redirect all requests to https. One is to place the following code in the .htaccess file, usually (but with some rare exceptions) at the top of the file:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
There are other ways, as well.
If you’re also aliasing other sites to your domain and want them to open on your main domain, you can combine the https redirect with the entries to alias the other domains. For example:
I was able to find the .htaccess file in the editor folder and I am wondering if this needs to be placed in the the public_ntml folder. below is thefile
deny everything
<FilesMatch “.*”>
Require all denied
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
IndexIgnore /
NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
Is this a WordPress site by any chance? Also, did you find this (or any .htacess file at all) in public_html ?
In any case, for the specific purpose of redirecting to https, all you have to do is place the following code at the top of the .htaccess file in public_html :
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
That’s generic and will work regardless of the domain name.
If there is no existing .htaccess file in public_html , then a new file containing only the above code will work. Don’t forget the blank last line. If there is an existing .htaccess file in public_html , then add the above code to the top of the file, before whatever else may be in there, and save it.
There is no need to modify .htaccess anywhere else to achieve https redirection. You can leave those files alone.
Thank you to all who have responded. Your help has been very helpful. I do have one other question I am trying to setup an Opencart website all works correctly until I add a Letsincript SSL certificate and then things get all weird, any ideas?