HTTP to HTTPS on 3.0.1

Support
1

I recently purchased a SSL certificate for my website. I was given this code

# SSL Certificate
RewriteCond %{HTTP_HOST} !^www.(.)$ [NC]
RewriteRule ^(.)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} !on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

and told to add it to the .htaccess file which I did. My hosting provider has told me my SSL Certificate isn’t configured properly. How do you change a website from http to https?

This is my full .htaccess code

# MODX supports Friendly URLs via this .htaccess file. You must serve web
# pages via Apache with mod_rewrite to use this functionality, and you must
# change the file name from ht.access to .htaccess.
#
# Make sure RewriteBase points to the directory where you installed MODX.
# E.g., "/modx" if your installation is in a "modx" subdirectory.
#
# You may choose to make your URLs non-case-sensitive by adding a NC directive
# to your rule: RewriteRule ^(.*)$ index.php?q=$1 [L,QSA,NC]

RewriteEngine On
RewriteBase /

# Prevent rewrite the .well-known directory used by LetsEncrypt by rules below of this rule
RewriteRule "^\.well-known/" - [L]

# Prevent dot directories (hidden directories like .git) to be exposed to the public
# Except for the .well-known directory used by LetsEncrypt a.o
RewriteRule "/\.|^\.(?!well-known/)" - [F]

# Rewrite www.example.com -> example.com -- used with SEO Strict URLs plugin
# RewriteCond %{HTTP_HOST} .
# RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
# RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
#
# or for the opposite example.com -> www.example.com use the following
# DO NOT USE BOTH
#
# RewriteCond %{HTTP_HOST} !^$
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteCond %{HTTP_HOST} (.+)$
# RewriteRule ^(.*)$ https://www.%1/$1 [R=301,L] .

# SSL Certificate
RewriteCond %{HTTP_HOST} !^www.(.)$ [NC]
RewriteRule ^(.)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Force rewrite to https for every host
# RewriteCond %{HTTPS} !=on [OR]
# RewriteCond %{SERVER_PORT} !^443
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# SSL Certificate (continued)
RewriteCond %{HTTPS} !on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Redirect the manager to a specific domain - don't rename the ht.access file
# in the manager folder to use this this rule
# RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
# RewriteCond %{REQUEST_URI} ^/manager [NC]
# RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

# The Friendly URLs part
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

# For servers that support output compression, you should pick up a bit of
# speed by un-commenting the following lines.
# php_flag zlib.output_compression On
# php_value zlib.output_compression_level 5
2

You don’t have to change anything in MODX.
MODX is not involved at all with the handling of SSL certificates. The browser does that.

The rewrite rules you added to the .htaccess file only make sure, that a potential HTTP request gets rewritten to HTTPS (and www gets added if it is missing).

3

Thanks a million Harry. I appreciate the help. So with the code they provided, I should be fine then.

4

You could just test if everything works like expected:
Make a request to http://www.yourdomain.com. You should be redirected to https://www.yourdomain.com. (In the developer tools of your browser → tab “Network”, you should see a 301 redirect.)

Then also make sure, that on your website all internal links (for example in the navigation menu) use https as well:
If you have only one context and the line <base href="[[!++site_url]]"> in your template, you usually don’t have to make additional changes.
If you have multiple contexts, check the context settings.

5

I tested that Harry. HTTP to HTTPS works. And I only have the <base href="[[!++site_url]]">. My host confirmed my SSL Cert is working. Strange considering I did nothing with it.
Thanks for your help. Any recommendations on how to increase the speed of a website?