http to https redirect not working on 1 website

Nexxterra.com

Verified User
Joined
Apr 22, 2006
Messages
212
Location
Miami Beach
I have set up a number of websites using letsencrypt on apache and they all work fine except one... ALL sites automatically redirect http to https as selected in the DA panel, but http://nexxterra.com does not... even with an added .htaccess entry telling it to do so!
Any other things I may be missing?
Thanks
 
Well... it might be your .htaccess is wrong or some other entry is preventing it to work correctly.
If I visit the site entering https://nexterra.com directly I do get the https and the green padlock.

Can you place the .htaccess you used?
 
Should this not take care of this issue? "Use a symbolic link from private_html to public_html - allows for same data in http and https"
I now have the same issue for http://lhrcrehab.com and that site does not use an htaccess file
The sites like http://pets4pals.com that have the very same configuration, redirect automatically, yet a few new sites do not...
 
Then you need to create a .htaccess file in the root directory of your website to force an HTTPS connection.
something like this:

Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
Should this not take care of this issue? "Use a symbolic link from private_html to public_html - allows for same data in http and https"
No, this only takes care that you don't have to place the https part of a site in the private_html and that you can use http as wel as https in public_html.

The sites like http://pets4pals.com that have the very same configuration, redirect automatically, yet a few new sites do not...
They are using some kind of redirect, maybe by a redirect made in their customer panel, but they did it wrongly, should have used a 301 redirect:
Result

http://pets4pals.com
302 Found
https://pets4pals.com/
200 OK

Problems found:
You use a 302 redirect. This means, that the actually content is temporary not reachable and will come back soon. To use a 302 redirection for generally moved pages is a bad idea. Search engine bot might not follow it or handle it as temporary. For SEO this is also a bad idea, because no link juice will be transferred to the linked page.

AWD is right, you should use a .htaccess or vhost redirect.
 
Last edited:
No, this only takes care that you don't have to place the https part of a site in the private_html and that you can use http as wel as https in public_html.


They are using some kind of redirect, maybe by a redirect made in their customer panel, but they did it wrongly, should have used a 301 redirect:


AWD is right, you should use a .htaccess or vhost redirect.

This is what I have had ....
----------------------------------------------------------------------------------------------------------------------------------------


# Https redirect
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Announcements
RewriteRule ^announcements/([0-9]+)/[a-z0-9_-]+\.html$ ./announcements.php?id=$1 [L,NC]
RewriteRule ^announcements$ ./announcements.php [L,NC]

# Downloads
RewriteRule ^downloads/([0-9]+)/([^/]*)$ ./downloads.php?action=displaycat&catid=$1 [L,NC]
RewriteRule ^downloads$ ./downloads.php [L,NC]

# Knowledgebase
RewriteRule ^knowledgebase/([0-9]+)/[a-z0-9_-]+\.html$ ./knowledgebase.php?action=displayarticle&id=$1 [L,NC]
RewriteRule ^knowledgebase/([0-9]+)/([^/]*)$ ./knowledgebase.php?action=displaycat&catid=$1 [L,NC]
RewriteRule ^knowledgebase$ ./knowledgebase.php [L,NC]

# OpenID Discovery Document (http://openid.net/specs/openid-connect-discovery-1_0.html)
RewriteRule ^.well-known/openid-configuration ./oauth/openid-configuration.php [L,NC]

---------------------------------------------------------------------------------------------------------------------------------

Does not work... this is why my original post...
 
It could be a setting in whmcs?
Can you try this?
Code:
## HTTP to HTTPS ##

RewriteEngine On

RewriteCond %{HTTPS} !=on

# This check to make sure the connection is not already HTTPS

RewriteCond %{HTTP_HOST} ^(www\.)?NEXXTERRA\.com$ [NC]

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 
First make sure mod_rewrite is enabled. It is enabled by default, but just to be sure.
Please set your original setting in .htaccess back as it is correct. The in the post before mentioned was just something to try.
Code:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Did you try to redirect HTTP to HTTPS through Apache Virtual Host? Same result?

Further I see that you have mixed content on nexterra.com. You need to correct that.
Code:
Mixed Content: The page at 'https://nexxterra.com/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://nexxterra.com/dologin.php'. This endpoint should be made available over a secure connection.

If it is not working, I´m afraid the custom website cause issues with the mentiones methods. So maybe you need someone to take a look into the code.
 
Last edited:
Getting absolutly nowhere...did you not read that this is occuring on EVERY new website I am setting up with DA and lets encrypt?
As for mixed content, I have NO custom site, my entire nexxterra.com website is a straight out of the box WHMCS site, with no modifications except for adding 6 html boxes on the index page...
However, that does not address the same issue I an having on about 12 more websites that are totally unrelated to this one.
 
Getting absolutly nowhere...did you not read that this is occuring on EVERY new website I am setting up with DA and lets encrypt?

No, your title of this Topic says: http to https redirect not working on 1 website

Later on you make mention of some other websites.

I am out of ideas, maybe someone else can bring something on?
 
An easy .htaccess redirect is:
Code:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

If you go on the https website and you got the mixed content warning you need to inspect the page and find the http call, because even if those are redirected are still considered unsecure because the call is made on HTTP and not HTTPS, doesn't matter if that gets redirected afterwards.

For WP a suggestion is to use the plugin "Better Search Replace" and apply those changes:
http://www.domain.tld
to
https://www.domain.tld

and
http://domain.tld
to
https://domain.tld

This will change every call made from the website for the same domain from HTTP to HTTPS (usually are images).

Hope it helps

Best regards
 
Back
Top