Using AutoSSL (Self-Signed Certificate) and HTTPS Redirection


AutoSSL or self-signed SSL certificate is a cPanel feature that automatically installs and renews Let’s Encrypt SSL certificate for every assigned domain on a hosting account.

If your website hosting comes with a free SSL Certicate or AutoSSL, the cPanel will automatically installs and renews your Let’s Encrypt SSL certificate for your domain.

In most cases, the SSL certificate automatically assigns and installs itself to your new and existing domains, however, some web hosting providers may need customers to enable the certificate manually.

To check if your account has AutoSSL, log in to your cPanelSecurity SSL/TLS Status

On the SSL/TLS Status page, you can view the SSL status of all your domains. In our example, the AutoSSL is enabled on the cPanel so the assignment and renewal is automatic.

If in case you may need to run the AutoSSL manually, you can select the domain from the list and then click on the Run AutoSSL button. You can also exclude a domain from automatic renewal by clicking on the Exclude 1 Domain from AutoSSL button.

If you want to view the certificate details, you can click on the View Certificate link on your selected domain. You’ll be redirected to the Manage SSL Websites page and you can see the details of the SSL Certificate for your domains.

Forcing HTTPS redirection

AutoSSL does not automatically force a site to use HTTPS. You will need to manually change the redirection from HTTP to HTTPS.

To do this, log in to your cPanel and locate your .htaccess file.  This is often referred to as htaccess mod rewrite.

Add the following lines of code in the .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Click on Save Changes

Note: if you already have “RewriteEngine On” in your existing .htaccess file then you don’t need to duplicate it.

HTTPS redirection for WordPress

If you are using WordPress, you can do the following steps to change the HTTPS redirection.

Log in to your WordPress Dashboard

Go to SettingsGeneral

On WordPress Address (URL) and Site Address (URL), just change the URLs from http to https.

Click on Save Changes

Padlock icon not showing

If you are not seeing the padlock icon, after updating your WordPress URL Settings, it might be that some images are still using HTTP resource locations instead of the secure HTTPS.

To fix this all you need to do is update all HTTP pointers to HTTPS.  Having a secure padlock is not essential for the site to work but it is preferable.

In the example below we are using the Divi Theme. The main logo and the favicon are still using HTTP source URL.

Log in to your WordPress Dashboard

Go to DiviDivi Theme Options

Change the Logo URL from http to https then Save Changes.

Next go to DiviTheme Customizer

Click on General Settings Site Identity

Under Site Icon, upload or re-upload your favicon

When you visit your site again, you will now see the padlock icon.

Useful reference article

filiworker wide banner ad

Sign up now for our FREE Newsletter!