CS · EN

Webhosting - HTTPS Website Setup

The simplified version of this guide can be found in the article Beginner – HTTPS.

In this article, you will learn:


Requirements for running the website over HTTPS

For your website on Webhosting to use secure HTTPS, you must first activate it in the Webhosting customer administration in one of the following ways:


Forcing HTTPS

Simply turning on HTTPS on Webhosting does not mean that the website will automatically switch to secure mode. After successfully activating HTTPS and the certificate on the Webhosting side, you still need to configure the website so that it uses a secure connection.

webhosting-whttps-obr1-8200435
Address with secure connection marked (padlock icon)

In the administration or configuration file of your website, adjust the settings so that it uses a secure connection. Options may vary and include, for example:

  • changing the website URL in the settings so that it starts with https://
  • forcing SSL or HTTPS in the settings
  • deploying a plugin for redirecting to https:// 

For the ideal approach, consult your webmaster or the support of the content management system.

If the above website settings are not available or are not sufficient, add redirect rules to the .htaccess file (folder www) to redirect to HTTPS. Copy and paste these rules immediately below the existing line  RewriteEngine On:

RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L]
Header set Content-Security-Policy "upgrade-insecure-requests;"

Adding this code may block our application installer. If you run into a problem with the .htaccess file during installation, temporarily restore it and, after a successful installation, copy back the automatically created backup.

HTTPS for common content management systems

  • WordPress: change both URL addresses in the WordPress administration, menu Settings General.
Sample HTTPS setup in the WordPress content management system
Sample HTTPS setup in the WordPress content management system
  • Joomla: change the URL address in the configuration.php file in the public $live_site variable. Apply the .htaccess rules above.
  • Prestashop: in the website administration, navigate to Store Settings  Main  Enable SSL and select the option Enable SSL on all pages.
  • Opencart: in the website administration, navigate to System  Settings and select the specific store. Choose the Server tab and check Use SSL. Apply the .htaccess rules above.
  • Drupal: Apply the .htaccess rules above.

Common problems

Common problems with HTTPS setup on a website include:

Website error after forcing HTTPS

Problem: After setting up HTTPS on the website, the error 404 Not Found, Not found on Accelerator, or another message about inactive HTTPS is displayed.

Cause: HTTPS is not active on the Webhosting itself, or the certificate activation has not yet fully propagated. In rare cases, it may be an error in certificate generation even though the system reports that everything is fine.

Solution: Make sure that your domain is correctly added to the certificate, and that at least half an hour has passed since it became active according to the administration.

If the certificate has been active in the administration for more than half an hour and the website still does not work, try reloading it without browser cache using the keyboard shortcut Ctrl+Shift+R. If that does not help either, contact support via the form ⧉. Please include the name of the website and the full text or a screenshot of the error message.

Broken website – mixed content

Problem: After setting up HTTPS on the website, CSS stopped working, images and other media are not displayed.

Cause: If the main page uses a secure HTTPS connection, the browser treats all resources loaded over HTTP as potentially unsafe and blocks them.

Solution: If you use your own code, go through it and make sure that you specify absolute file URLs with HTTPS, not HTTP. For example, correct http://domena.tld/obrazek.jpg to https://domena.tld/obrazek.jpg.

If you use a content management system, for example WordPress, consult its documentation or ask support how to fix the so-called Mixed content.

Google Search Console error

Problem: After forcing HTTPS, I see an error in GSC warning about a redirect.

Cause: If you use the code RewriteRule (.*) https://%{SERVER_NAME}/$1 [R=301,L] in .htaccess, it redirects from the insecure version of the page to the secure one with a 301 return code (permanently moved). Some diagnostic and analytical tools may see this as a problem.

Solution: Try disabling the problematic code by placing the # character at the beginning of the line. Thoroughly test whether this change has broken the proper functioning of HTTPS forcing.


Frequently asked questions

How do I check that HTTPS is working properly?

Enter your website address with http into the browser (http://domena.tld). If everything is set up correctly, the address will automatically be corrected to the https version and marked with a padlock icon. If that does not happen, carefully go through the guide steps again, including editing the .htaccess file.