Quick answer: Force HTTPS with a permanent 301 redirect. On Apache use a RewriteRule in .htaccess; on Nginx return 301 in a port-80 server block; on IIS add a URL Rewrite rule. Most control panels offer a one-click force HTTPS toggle, which is simpler and less error-prone.
Installing a certificate does not send visitors to the secure version of your site - you have to add a redirect that forwards every HTTP request to HTTPS. Use a permanent (301) redirect so search engines transfer ranking to the HTTPS URLs. Here is the rule for each common web server.
Add this near the top of the site's .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
Add a dedicated server block that listens on port 80 and redirects everything to HTTPS:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
Reload after testing the config: nginx -t && systemctl reload nginx.
With the URL Rewrite module installed, add a rule to the site's web.config:
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
Most control panels offer a "force HTTPS" toggle that writes the correct rule for you. On cPanel it is Force HTTPS Redirect; on Plesk it is Permanent SEO-safe 301 redirect from HTTP to HTTPS. Use it if available - it is simpler and less error-prone than editing files.
Visit http://yourdomain.com and confirm the browser lands on https:// automatically. Check both the bare domain and www. Clear caches so an old non-redirected page is not served.
Why use a 301 rather than 302?
A 301 is permanent, so search engines transfer ranking to the HTTPS URLs.
Is there an easier way than editing config?
Yes - cPanel and Plesk both have a one-click force-HTTPS option.
On a SoftSys managed VPS our team sets the HTTPS redirect for every domain when SSL is installed, so visitors always reach the secure version without you touching a config file.