Magento2 SSL – How to Force HTTPS

httpsmagento2sslssl-certificate

I'm using Magento 2.3.1, I have let's encrypt SSL installed, I want to force HTTPS in the admin area and the storefront end

in the admin panel, I go to

Stores > Configuration > General > Web

I put yet to "Use Secure URLs on Storefront" and yes to "Use Secure URLs in Admin"

That only enforces https in the admin area. I modifying .htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

That doesn't work, I can't really play with apache that much, because I might break varnish which doesn't play well with HTTPS, tried that.

Is there an easy way to enforce HTTPS?

Best Answer

to force HTTPS, change your base url to https:// for unsecure too:

bin/magento setup:store-config:set --base-url="https://myshop.com/" --base-url-secure="https://myshop.com/" --use-secure=1 --use-secure-admin=1
bin/magento cache:flush

also if you have some redirect issues, you can add this to apache or .htaccess config:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_METHOD} !=POST
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Best Answer

Related Solutions

Magento – Chrome and SSL: problem with login and cart

Magento – How to Force HTTP instead of HTTPS in Canonical tag – Magento 2

Related Topic