Once you’ve installed your SSL/TLS certificate on Apache, it’s a good idea to redirect all incoming HTTP traffic to the secure HTTPS protocol. This way any existing links to your site beginning with http://, as well as all URLs typed by users into their browser’s address bar, will receive the HTTPS version of your website.
We’ll cover two methods here. The Virtual Hosts method is preferable if you have access to your Apache server’s configuration files.
Virtual Hosts Method
You can easily redirect an HTTP virtual host on port 80 to an HTTPS virtual host on port 443 by editing the website’s virtual hosts configuration as shown below:
<VirtualHost *:80> ServerName www.example.com Redirect / https://www.example.com/ </VirtualHost> <VirtualHost _default_:443> ServerName www.example.com DocumentRoot /usr/local/apache2/htdocs SSLEngine On # Configuration Continues... </VirtualHost>
Please refer to your server’s documentation for the location of your virtual hosts configuration files. On Ubuntu/Debian the default location is /etc/apache2/sites-available/. You will also need to restart Apache after changing the virtual hosts configuration.
mod_rewrite/.htaccess Method
This method requires that mod_rewrite is enabled on your server. If you do not have access to your Apache server’s virtual hosts files, use an .htaccess file to rewrite HTTP requests to HTTPS. Add the following lines to a file named .htaccess file in your domain’s root directory (create the file if it doesn’t exist):
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]