Enable HTTPS Redirect in cPanel: Check SSL Certificate and Secure Domain

A modern website should be accessible via HTTPS. HTTPS protects the connection between the browser and the web server using encryption. This is particularly important for contact forms, login areas, shops, customer portals, and all pages where personal data is transmitted.

If a website is accessible via both http:// and https://, visitors should be automatically redirected to the secure HTTPS version. For this purpose, cPanel offers the option Force HTTPS Redirect in the domain management settings.

What is the difference between HTTP and HTTPS?

HTTP is the unencrypted transmission protocol for websites. HTTPS is the encrypted version. HTTPS uses an SSL/TLS certificate to secure the connection and technically verify the identity of the domain.

Browsers frequently label unencrypted pages as "Not Secure". This can worry visitors and is especially problematic for business websites. Therefore, HTTPS is the standard today.

What is an SSL certificate?

An SSL certificate confirms that a domain can use encrypted connections. At CURIAWEB, depending on the hosting configuration, AutoSSL is frequently used. AutoSSL can automatically issue and renew matching certificates, provided the domain points correctly to the hosting and can be technically validated.

An SSL certificate only works for domains and subdomains that are included in the certificate. Therefore, if you use yourdomain.ch, www.yourdomain.ch, and shop.yourdomain.ch, each of these hostnames must be correctly secured.

Check SSL Status in cPanel

Before enabling the HTTPS redirect, you should check whether the domain already has a valid certificate.

Step-by-Step: Checking SSL/TLS Status

1. Log in to your cPanel account.
2. Open the SSL/TLS Status feature in the Security section.
3. Search for the desired domain or subdomain.
4. Check if a valid certificate is available.
5. If no certificate is present, check if the domain is included for AutoSSL.
6. If necessary, run AutoSSL if this feature is available in your hosting package.
7. Wait for AutoSSL to complete and check the status again.

Enable HTTPS Redirect in cPanel

Once a valid SSL certificate is in place, you can activate the HTTPS redirect. As a result, visitors accessing http://yourdomain.ch will be automatically redirected to https://yourdomain.ch.

Step-by-Step: Enabling Force HTTPS Redirect

1. Log in to cPanel.
2. Open the Domains section.
3. Find the desired domain in the domain list.
4. Check if a valid SSL certificate is available for the domain.
5. Enable the Force HTTPS Redirect toggle switch.
6. Finally, test the domain with http:// and https://.

What to do if the HTTPS redirect does not work?

If the redirect does not work as expected, there could be various causes:

• no valid SSL certificate available,
• domain still points to another server via DNS,
• domain was not correctly created in cPanel,
• existing redirects in the .htaccess file,
• WordPress or CMS settings overwrite the redirect,
• browser cache is still showing old results,
• an external proxy or CDN affects HTTPS.

It is best to test in a private browser window and additionally check the domain via a different network, such as mobile data.

HTTPS and WordPress

If you use WordPress, not only should cPanel redirect HTTPS correctly, but WordPress itself should also be set to the HTTPS address. In WordPress, under Settings → General, check whether the WordPress Address and Site Address begin with https://.

If WordPress still uses http:// internally, mixed content or redirect loops can occur. In such cases, database entries, theme files, or plugins must be checked.

What is mixed content?

Mixed Content occurs when the website itself is loaded over HTTPS, but individual images, scripts, fonts, or stylesheets are still embedded via HTTP. Browsers may block such content or display warnings.

Typical causes are:

• old image URLs with http://,
• hardcoded links in the theme,
• external scripts without HTTPS,
• old CMS settings,
• database entries not updated after a migration.

After activating HTTPS, the website should be fully tested, especially the homepage, contact form, shop, login area, and important subpages.

Checklist: Activating HTTPS Cleanly

1. Domain is created in cPanel.
2. DNS points correctly to the CURIAWEB hosting.
3. Domain and www variant are correctly set up.
4. SSL certificate is valid in SSL/TLS Status.
5. AutoSSL did not report any errors.
6. HTTPS redirect is enabled in cPanel.
7. Website loads without security warnings.
8. No mixed content warnings are present.
9. Contact forms and logins work properly.
10. WordPress or CMS uses HTTPS internally.

Frequently Asked Questions about HTTPS Redirection

Is HTTPS the same as a redirect?
No. HTTPS is the encrypted connection. The HTTPS redirect only ensures that visitors automatically use the HTTPS version.

Can I enable HTTPS before the SSL certificate is available?
This is not recommended. Visitors might see security warnings.

Why does the browser display "Not Secure"?
Possible causes include a missing or invalid certificate, mixed content, or a domain that does not point correctly to the server.

Does the certificate also apply to subdomains?
Only if the respective subdomain is included in the certificate or a matching certificate has been issued for it.

Can CURIAWEB check the SSL status?
Yes, CURIAWEB support can check whether DNS, cPanel domain, AutoSSL, and HTTPS redirect are correctly set up.