Autoredirect to https


#1

Hello

I wonder if anyone might possibly be able to help me. I signed up for (and purchased) a secure ssl certificate thingy through Dreamhost. It’s all nicely set up correctly, but when I casually enter my website domain (on different devices/browsers) most of the time it wont make it secure and take me to the https address.

I did stumble upon a script that I added to the .htaccess, but then I found it sometimes redirected me to the https before the certificate was ready and would throw up a warning about my site claiming to be secure when it isnt (but actually is).

Is there any way to do this properly so that 100% of the time it redirects the user and doesnt prematurely warns them I dont have a certificate?

Im not sure if I should also mention my site also has a unique IP address.

Any help would be greatly appreciated. Thank you for your time and enjoy the rest of you weekend.


#2

You do need an .htaccess redirect for this. There are (many) multiple possibilities tho. Which one were you trying?


#3

I tried the one I found on here.

https://puzzling.org/technology/internet-technologies/2016/04/make-your-dreamhost-site-https-only/

And it worked fine, but as I mentioned it sometimes would redirect before the certificate was ready (if thats possible?) and a big nasty warning would pop up. Which of course would be the last thing I want my customers to see when visiting my site.

Do you think there might be another option for me? Thank you for taking the time to reply. Very kind of you.

edit: oh I think I didnt add the “Header set Strict-Transport-Security “max-age=31536000” env=HTTPS” " bit, I wonder if that was my problem.


#4

“And it worked fine” — apparently not.

I don’t see issues with that re-direct, but I’m not htaccess expert.

“it sometimes would redirect before the certificate was ready (if thats possible?)”

it’s not possible. What we need to look at is the EXACT warning message you are getting.

If I were to “guess” what’s happening (and that’s all it is at this point… a guess…) I would guess that you’re getting a “mixed content warning” and it only occurs on specific pages of your site. This is caused by an object on that specific page that is loading from HTTP as opposed to HTTPS, such as <img src= "http://… >.

if you can provide links and/or the exact error message that you are seeing we can be more helpful…