After setting up https, www.mywebsite.org still defaults to http. How can I make https the default?

  • 0
  • 1
  • Problem
  • Updated 1 month ago
  • Solved
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Archiving inactive content

I have set up https for my website using Cloudflare.   Now https://mywebsite.org and http://mywebsite.org both work properly (one is a secure connection the other not).   Excellent.  However mywebsite.org and www.mywebsite.org still default to the non-secure version.   How can I change that?
Photo of Robert6001

Robert6001

  • 582 Points 500 badge 2x thumb

Posted 1 month ago

  • 0
  • 1
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,016 Points 10k badge 2x thumb
You need to go back and complete step 12 and 13 in the instructions for the Cloudflare set up.


12) Click on the Crypto button at the top.


13) In the top section you should now see the status as Active Certificate. On the right side of that section, make sure it shows flexible. You now need to tell all http requests to forward to https. Scroll to the middle of this long page and look for the section entitled "Always use HTTPS" Turn it on. Also scroll to the bottom and find "Automatic HTTPS Rewrites" Turn it on
Photo of Robert6001

Robert6001

  • 582 Points 500 badge 2x thumb
Perfect!   That worked like a charm.    Thanks so much, Elyzabeth.
Photo of Robert6001

Robert6001

  • 582 Points 500 badge 2x thumb
One more thing . . .

There's still one form of our website URL that is not being mapped to https -- the one that shows our website as a subdomain of homestead.com, namely:   http://mywebsite.homestead.com.   Is there a way to fix that?   I admit it's not very important in the grand scheme of things since we no longer publicize that version of our web address.    

Thanks
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,016 Points 10k badge 2x thumb
Unfortunately the .homestead.com site name cannot be secured. We tried, and our developers looked into it for a long time, but it just wasn't possible.
Photo of Robert6001

Robert6001

  • 582 Points 500 badge 2x thumb
OK, Elyzabeth.  Thanks for checking.   No worries.  

Actually, I already had a nearly complete workaround in place.   First, I put a line like this in the html header section for each page:

<base href="https://www.mysite.org/" src="href="https://www.mysite.org/">

so that a visitor is sent to the secure server as soon as they click on any page link.

Then I put a bit of JavaScript code in the onload option of our homepage that looks at window.location.href, and if it starts with "http://mysite.homestead.com", rewrites that initial portion with https in place of http.   Not perfect, since the screen flashes momentarily as the visitor is redirected to the secure server, but achieves the desired result.

This conversation is no longer open for comments or replies.