Force Secure HTTPS Through The .htaccess FileI really have two objectives here:
1.) To show you how to set up SSL for your site.
2.) To show you how to force your site from HTTP to HTTPS.
At Loyalty Hosting, it is very simple to do this with one-click. If you are using a different hosting provider, it should be similar, maybe with some slight differences.
To create a SSL at Loyalty Hosting, you simply do one of two things: Either you will create it while creating the subdomain, or if the subdomain has already been created, you can get the SSL for that subdomain at that time. For domain names, you must get the SSL after, and is similar to the latter of how to obtain one for an already created subdomain.
A domain name is similar to yoursite.com, while a subdomain is similar to subdomain.yoursite.com.
For starters, you'll log into the control panel at either cloudlogin.co or loyaltyhosting.com.
As in the above image, you'll simply click on Hosted Domains, which can be seen by hovering your mouse over the My Domains tab.
You now click on the Create Subdomain tab in the right sidebar, as is also seen in the above image.
As you can see in the next image, below, a popup will appear that is titled, Add A Host.
Simply enter the subdomain you wish to use & choose the domain name you are going to link the subdomain to.
Click the Advanced Settings link, and go to Secure Sockets Layer (SSL). Click that dropdown & choose Request Let's Encrypt SSL. Now go up to where it says IP Address & choose the IP address under Available Shared IPs for SSLs. Once both of these have been chosen, you may click on Add A host.
The above instructions are for when you are ready to create the host (Subdomain), but the next instructions will tailor to either a domain name or subdomain. These are both called hosts.
As in the above image, you'll notice two things, the plus & minus symbols next to the domain name, & the gear icon that has the dropdown info that says Edit Domain.
All domain names that have subdomains attached will have a plus symbol with the number of domains on the left of that. If you are editing the subdomain, you'll want to go to that area. Either way, you will click on the gear icon next to either the domain name or subdomain. You will see a popup that will be similar to when creating a subdomain, only without the Add A Host section or button.
Go to where it says Secure Sockets Layer (SSL). Click that dropdown & choose Request Let's Encrypt SSL. Now go up to where it says IP Address & choose the IP address under Available Shared IPs for SSLs. Once both of these have been chosen, you may click on Edit host.
You are now finished creating or editing your domain or subdomain. This usually takes a few minutes to completely add the SSL to your site after clicking the button, Add or Edit.
Now to force the HTTPs on your site. If you are using HTML, you will have to add this piece of script to the .htaccess file, or even add the .htaccess file. If you are using PHP, I would still add this to the script, but it's not always required, as you can do that through the config or settings file or feature of the script (you'll have to refer to your scrip[t manual for more info on this).
We here at Loyalty Hosting have made it extremely simple. Instead of adding the code to this page, we did all the work for you. So long as there is not currently a .htaccess file for the site, you could simply download & upload the file to the main folder of your site.
This would look similar to https://us.cloudlogin.co/filemanager/#/www/yoursite.com or https://us.cloudlogin.co/filemanager/#/www/subdomain.yoursite.com. (This is how our server has the site set up, it will look different in every other hosting provider's control panel set up.)
Once you have opened up your folder, you could download our .htaccess file which should work on every website & subdomain, as we coded it for that purpose.
The file is at https://loyaltyhosting.com/htaccess. By the way, the .htaccess file is in a zip file, and we recommend 7-Zip to open all zip files.
I hope this helps you set up your site to be secure.
Here's to your success,
James R. Henry