How to Redirect HTTP to HTTPS in Apache

Posted on by
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

If you’re running a website on Apache, it’s critical to make sure all your visitors are accessing your site via HTTPS. Not only does HTTPS protect user data, but it also improves SEO and builds trust with browsers and users.

This guide walks you through how to redirect all HTTP traffic to HTTPS using two popular methods: .htaccess (great for shared hosting) and Apache’s virtual host configuration (ideal for users with full server control).

how to redirect HTTP to HTTPS on Apache

Why Redirect to HTTPS?

Before we dive into configs, here’s why HTTPS matters:

  • Encryption: HTTPS encrypts data between the user and your server.
  • SEO boost: Google gives preference to HTTPS-enabled sites.
  • Trust signals: Modern browsers warn users about non-secure HTTP connections.
  • Compliance: HTTPS is a must for PCI-DSS, GDPR, and other standards.

Step-by-Step Apache HTTPS Redirect

If you’re using Apache, you can redirect via the main config file or an .htaccess file.

Option 1: .htaccess Redirect (for shared hosting)

Add this to the top of your .htaccess file in your site’s root directory:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Option 2: Apache Virtual Host Redirect (preferred for full server access)

Add a redirect to the block:

<VirtualHost *:80>
ServerName yourdomain.tld
ServerAlias www.yourdomain.tld
Redirect permanent / https://yourdomain.tld/

Important: Ensure you have a corresponding block with SSL certificates configured.
Steps:

  1. Open your Apache configuration file (typically found in /etc/apache2/sites-available/).
  2. Add or edit your port 80 VirtualHost block to include the redirect.
  3. Ensure a corresponding block exists and is properly configured with your SSL certificate.

Restart Apache to Apply Changes

Run the following commands to reload your Apache server and apply the changes:

sudo apachectl configtest
sudo systemctl reload apache2

Always test your configuration with apachectl configtest before reloading.

Common Pitfalls to Avoid

  • Missing SSL certificate: The redirect won’t work if HTTPS isn’t properly configured.
  • Redirect loops: Double-check that you’re not redirecting HTTPS back to HTTP elsewhere.
  • Caching: Browsers might cache redirects. Use private or no-cache headers while testing.

Bonus Tip: Test Your Redirect

Once configured, test your redirect using:

  • Browser (visit http://yourdomain.tld)
  • SSL Checker Tool
  • curl command:
    curl -I http://yourdomain.tld/

    Look for:

    HTTP/1.1 301 Moved Permanently
    Location: https://yourdomain.tld/

Final Thoughts

Setting up an HTTPS redirect in Apache is a one-time task that brings major benefits in security, trust, and SEO. Make sure to verify your SSL certificate is valid and use 301 redirects to tell search engines the change is permanent.

Need help setting up an SSL certificate? We’ve got options for every budget, from basic Domain Validation to full EV certs.

Buy a FastSSL Certificate – options for every budget.
Need help with setup? – Use our SSL Remote installation service

Also check out: How to Redirect HTTP to HTTPS in Nginx

Related posts:

  1. What is OCSP Stapling?
  2. How and Why You Should Enable HTTP2 on Web Servers
  3. How Do I Find My Comodo SSL Certificate Private Key?
  4. How to Install a Wildcard SSL Certificate on IIS 7 and IIS 8
  5. What is a SAN Certificate and How Does SAN SSL Work to Secure My Site?
  6. How to Install a Wildcard SSL certificate on NGINX
  7. HostGator Wildcard SSL: How to Install a Wildcard SSL Certificate on HostGator
  8. Why Is My Wildcard SSL Not Working on a Second Level Subdomain?