BlogContact 24/7+34 91 182 27 67Client access
EN
Client access
Go back

How to redirect HTTP to HTTPS with an SSL certificate

Responsibility
Friday, October 24th, 2025
By:
How to redirect HTTP to HTTPS with an SSL certificate

Switching your website from HTTP to HTTPS is one of the simplest and most effective steps to improve your site’s security, trust, and ranking.

In this guide, we explain how to redirect HTTP to HTTPS with SSL step by step, with practical examples in Apache, Nginx, hosting panels, and services like Cloudflare.

✅ Goal: ensure that all versions of your website (with or without «www», HTTP or HTTPS) point to a single secure address, without redirection errors or SEO loss.

Why is it important to redirect to HTTPS?

User security and trust

HTTPS means that data travels encrypted between your server and the visitor’s browser.

This is achieved thanks to the SSL certificate (Secure Socket Layer), which authenticates your domain’s identity and prevents third parties from intercepting the information.

A site with HTTPS displays the security padlock next to the URL.
That simple signal generates trust: users stay longer on the web and complete more forms or purchases.

If you want to understand it in depth, we recommend reading what an SSL certificate is and why you need it.

Impact on SEO and Google ranking

Since 2014, Google considers HTTPS a ranking factor.

A secure website not only improves its ranking but also avoids duplications between http:// and https:// versions, consolidating all authority in a single URL.

But today the difference is even greater. Google has stopped showing or prioritizing in its results pages that do not use HTTPS. Sites marked as «not secure» progressively lose visibility and may even be left out of the top results, especially in searches made from Chrome or Android devices.

Additionally, users are increasingly sensitive to security. They tend to click more on results with the security padlock, which improves your CTR (Click Through Rate) and reduces the bounce rate.

In summary: more security, more visibility, and more traffic.

Compliance with regulations and browsers

Using HTTPS is not optional if you handle personal data. The GDPR and other European regulations expressly recommend encrypting information.

On the other hand, browsers like Chrome or Firefox show alerts or block functions on websites that still use HTTP.

Adopting HTTPS not only protects but also demonstrates digital responsibility and professionalism.

Methods to redirect HTTP to HTTPS

There are several ways to redirect HTTP to HTTPS, depending on the type of server or tool you use. Here is a visual comparison:

Method Difficulty Ideal for Example / Tool
Apache (.htaccess) 🟢 Low cdmon hosting and websites on Apache .htaccess file with RewriteRule rule
Nginx 🟠 Medium VPS or dedicated servers outside cdmon server block with return 301 directive
Cloudflare / CDN 🟢 Low Websites with active CDN or international traffic “Always Use HTTPS” option and Full (strict) mode
CMS / Plugin 🟢 Very low Users of WordPress, Joomla, or PrestaShop Really Simple SSL plugin or integrated HTTPS configuration
Hosting panel 🟢 Low Users managing certificates from cdmon Automatic installation of Let’s Encrypt SSL and manual redirection

Redirection in Apache (.htaccess)

If your website is on a server that works with Apache, you can easily redirect HTTP to HTTPS by editing the .htaccess file from your file manager or FTP. All cdmon servers work with Apache, so this method is valid for any type of hosting contracted.

Add this code at the beginning of the file:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • What it does: forces a permanent 301 redirection from HTTP to HTTPS.
  • Why use it: it’s fast, reliable, and doesn’t require server access.
  • Where to do it: you can edit the file from your file manager, FTP, or the file manager of your cdmon panel.

Redirection in Nginx

If your server uses Nginx, you can redirect HTTP traffic to HTTPS by adding this configuration:

server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}

Then restart the service with:

sudo systemctl restart nginx

Redirection with Cloudflare or other CDN

If you use Cloudflare, you can force HTTPS from its panel at:
SSL/TLS → Edge Certificates → Always Use HTTPS.

But it’s important to understand how Cloudflare’s SSL/TLS encryption modes work, as they affect communication between Cloudflare and your origin server (e.g., cdmon):

Cloudflare SSL/TLS Mode Description Compatibility with cdmon
Off (no encryption) No encryption between the browser, Cloudflare, or the origin server. All traffic travels in HTTP. ❌ Not recommended due to insecurity.
Flexible Encrypts traffic between the browser and Cloudflare, but not between Cloudflare and the origin server. ⚠️ May cause errors or redirection loops.
Full Uses HTTPS between the browser and Cloudflare, and also to the server, without validating the origin certificate. ⚠️ Acceptable only if the server’s certificate is self-signed. Not recommended in production.
Full (strict) Same as «Full», but validates the server’s SSL certificate with a recognized CA (like Let’s Encrypt or Cloudflare Origin CA). ✅ Recommended. Compatible with cdmon SSL certificates.
Strict (SSL-Only Origin Pull) Cloudflare always connects to the origin via HTTPS with validation, even if the user accesses via HTTP. ✅ Advanced. Requires technical configuration and a valid public certificate.

🔧 Important: if you use Cloudflare, you must point your DNS to Cloudflare’s servers. This can interfere with the automatic validation of cdmon’s SSL (Let’s Encrypt), which is done via DNS. In that case, you will have two options:

  • Temporarily disable Cloudflare’s DNS every 3 months to reissue the cdmon SSL certificate.
  • Or use a paid SSL certificate that does not depend on DNS validation.

👉 More information: SSL configuration in Cloudflare (official documentation)

Redirection from CMS or plugin (WordPress, etc.)

If you use a CMS like WordPress, Joomla, or PrestaShop, you can apply the redirection to HTTPS via a plugin.
In WordPress, the most popular and simple one is Really Simple SSL, which automatically detects your certificate and implements all necessary redirections.

Basic steps:

  1. Install and activate the Really Simple SSL plugin from the WordPress repository.
  2. The plugin will check if the cdmon SSL certificate is active.
  3. Click on “Activate SSL” and the system will update the URLs and force the global redirection.

💡 Tip: this method is perfect if you manage the website from WordPress and don’t want to edit server files.

Redirection from the hosting panel

Some providers offer an automatic option to “force HTTPS” from their panel, but cdmon does not currently include that functionality. What we do is automatically install Let’s Encrypt SSL certificates, Wildcard, and Multidomain, for all domains with active hosting.

Once the certificate is issued, you can:

  • Redirect to HTTPS by editing the .htaccess (recommended).
  • Or do it from your CMS with a plugin like Really Simple SSL.

How to check that the redirection works

Once the HTTP to HTTPS redirection is configured, it is essential to verify that everything works correctly. This ensures that there are no configuration errors, loops, or insecure content that affect ranking or user trust.

There are several ways to do this, both with online tools and directly from your browser.

Online redirection test tools

Before finalizing the change, check the status of your redirections and the validity of the certificate. These tools will help you detect errors or unnecessary chains:

  • Redirect Checker → Shows if the redirection is 301 (permanent).
  • HTTP Status.io → Analyzes the redirection flow of each URL.
  • SSL Labs Test → Evaluates the quality and security of your SSL.
  • SSL Shopper → Allows you to easily check the installation, expiration date, and issuing authority.

Look for a result with HTTP 301 and destination at https://yourdomain.com.
Avoid multiple chains like http → https → www → https/www, as they slow down loading and can confuse search engines.

Verification in the browser

Open your website and check that the security padlock appears. Click on it to see the certificate: who issues it, to which domain it belongs, and its validity.

If a warning appears, check that the certificate is installed correctly.

Common problems and how to solve them

Redirection loop

A loop occurs when multiple redirections point to each other. For example, one in .htaccess and another in Cloudflare.

🔧 Solution:

  • Keep only one rule active.
  • Clear the browser and server cache.
  • Check with Redirect Checker that there is only one direct 301 redirection.

Mixed content

This happens when an HTTPS page loads resources (images, scripts, fonts) from HTTP. This breaks security and the padlock.

🔧 Quick solution:

  • Use relative paths or change “http://” to “https://” in your code or CMS.
  • In WordPress, use plugins like Really Simple SSL or Better Search Replace.

Pages that do not load correctly

Sometimes, after activating HTTPS, some URLs fail. Common causes: poorly installed certificates or outdated caches.

🔧 Solution:

  • Clear browser, CDN, and server cache.
  • Verify the certificate installation.
  • Check that your SSL has not expired.

Frequently asked questions about SSL redirections

Does switching from HTTP to HTTPS affect SEO?

Yes, but it improves your ranking. Google values security and consolidates all site versions into one.

Does traffic get lost when doing the redirection?

No, if you do it correctly with 301 redirections. Traffic and authority are transferred automatically.

Only one. Avoid multiple chains, as they slow down loading and can affect SEO.

Can I use a free certificate?

Yes. Let’s Encrypt encrypts just like a paid SSL, but the difference is in the validation and insurance. Premium SSLs validate the organization (OV/EV) and offer coverage against failures.
📘 Check the SSL certificate comparison to see the differences.

What happens if I don’t have SSL?

Your website will be marked as «not secure» and will lose trust, visibility, and conversions. It is essential to protect your brand and your users.

How long does it take for Google to recognize the change?

Usually between 48 and 72 hours after indexing the new HTTPS URLs.

Conclusion

Redirecting HTTP to HTTPS with an SSL certificate is an essential step to ensure your website’s security, trust, and growth. It does not require advanced technical knowledge and offers immediate benefits:

✅ Protects your users’ information
✅ Improves your ranking on Google
✅ Conveys professionalism and reliability

At cdmon we make it easy for you:
👉 Discover our security services and our SSL certificates or hire a hosting with free SSL included to have your website secure from the first click.

Marina Moreno

By:

Marketing and SEO specialist, always with a cup of coffee in hand. She loves languages, dogs, and finding new ways to improve your online visibility.

HostingSecuritySSL

We have solutions for everyone

New
With AI

Website Builder

Design and publish your website in minutes with our AI, and forget about the technical side.

Design for free

New
With AI

WordPress Hosting

Create your professional website in minutes with our AI, hassle-free and with top performance.

Try it for free

Test Platform

Experiment with your ideas in a safe and risk-free environment before publishing them.

Test your projects

Domains

Register a unique and memorable domain, with hosting and professional email to get started.

Find your domain

Web Hosting

Virtual Servers

Dedicated Servers

SSL Security

Domains

Professional Email