Force https not working

Good day,

I transfred my site from godaddy to modx cloud, and got a new SSL. For whatever reason, the site is now pulling up as insecure and I’m starting to scratch my head. I’ve been playing with the htaccess to no avail, and I’ve been checking the old support comments. Any help or ideas would be great thank you.

From .htaccess

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

I checked the server protocol, and the base URL and have them both set to https.

Can you reach out to us through support@modxcloud.com so we can take a look?

MODX Cloud uses NGINX, which doesn’t honor .htaccess and we also offer free SSL certificate, so no need to buy them, unless you need a wildcard.

Open up a ticket and we can take a look to get you up and running on HTTPS/SSL.

A browser indicating the site is insecure could also be caused by mixed content; i.e. some content in your site is requested via HTTP instead of HTTPS. View the source of your page and look for anything that starts with http:// and then correct that in your templating to https.

On nginx you can use the following rules (from https://support.modx.com/hc/en-us/articles/217295387-Web-Rules-Rewrites) to force http requests to be rewritten to https (but any hardcoded http references may still cause the insecure content warning):

# Tells the browser to always force SSL. 
# Do not uncomment this line if there is a chance you will turn off SSL
# add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; 

if ($host != "www.mydomain.com") {
    return 301 https://www.mydomain.com$request_uri;
}
if ($scheme != "https") {
    return 301 https://$host$request_uri;
}

Reached out, thank you