Frequently asked questions

These pages attempt to answer some of the most common questions that are asked after HTTPS is enabled on a web hosting package. If you want to enable HTTPS on your web pages, see here for information.

Overview

• Automatic forwarding to the HTTPS pages
• Missing green lock on HTTPS pages
• HTTPS in Wordpress

Automatic forwarding to the HTTPS pages

Note: Make sure that the HTTPS version of the web pages works properly before setting up an auto forwarding as described under.

Automatic forwarding from HTTP to HTTPS can be enabled from the control panel:

1. Go to My domains
2. Select the appropriate domain name you want to enable automatic forwarding for. The domain must have HTTPS enabled.
3. Click on the Webhotel-tab
4. Click on View/Change to the right of HTTPS
5. Check the check box to the right of Force HTTPS and click Change

The change will come into effect after about 10 minutes. All visitors to the HTTP (non-encrypted) variant of your web pages will then be forwarded to the HTTPS pages.

If you experience a forwarding loop ("redirect loops") after activating forced HTTPS, this is probably due to malfunctioning software where the software itself attempts to redirect visitors back to the unencrypted version of the web pages.

---

Technical users with Apache rewrite module competence may elect to control HTTPS redirects in .htaccess.

Example:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Header add Content-Security-Policy upgrade-insecure-requests

---

Missing green lock on HTTPS pages

In some cases (particularly in Wordpress installations) you may find that you are not seeing the characteristic green lock in your browser on your web pages. In Firefox you will see a yellow warning triangle:



In Google Chrome it may look like this:



The reason for this is that the web page is still loading resources over HTTP, also known as Mixed Content. A green lock will only be obtained when all resources (such as images, javascript and CSS stylesheets) on your web pages are loaded over HTTPS.

All modern browsers have developer tools that may be used to see exactly which resources are loaded over HTTP so that this can be corrected in your software.

---

HTTPS in Wordpress

In most cases, enabling "Force HTTPS" (above) is enough to get the green lock for your Wordpress site, however sometimes is necessary to change the WordPress Address (URL) and Site Address (URL), from http:// to https://This is done after logging into Wordpress under Settings → General:



In other cases, if you are using certain "uncooperative" themes/plugins, it may also be necessary use a Wordpress plugin to update all references in the database from http://www.example.com (HTTP) to https://www.example.com (HTTPS).