Version 19 (modified by Jamie McClelland, 5 years ago) (diff)



Configure your web site to use https

By default, your web site does not communicate with the world using an encrypted connection. When you connect, it uses the "http" protocol instead of the "https" protocol.

We strongly encourage all members to change this setting so all communications is encrypted. Even if you don't think it is necessary, consider that all information you send to the site, which may include usernames and passwords, are sent in the clear unless you are using https.

Fortunately, the process of using an https enabled web site is fully handled in the members control panel:

  • Log in via:
  • Choose the "Web Configuration" section
  • Remove any domains from ServerAlias or ServerName that are a sub-domain of (e.g. You should only have your own personal domains listed (this is temporary until #12045 is resolved).
  • Edit your web configuration and change the "Port" field to "auto"

How does it work?

You have several options when choosing to configure your web sites.


The best option is to use "auto." When your web site is configured to use auto, then:

  • A letsencrypt certificate will be automatically generated at no cost for all the domains in your web configuration (both Server Name and Server Alias).
  • This certificate will be automatically updated every three months
  • All requests sent via http will be automatically redirected to https


If you prefer, you can opt instead to have an http-only site by choosing http.


You may also wish to use your own certificates, in which case select "https" and specify the SSLEngine On, SSLCertificateKeyFile, and SSLCertificateFile parameters in your configuration that point to the appropriate files. Use this option if you don't want an http site at all.

Both http and https

You can also choose to have a different web configuration for http and https or control the redirecting in a more fine-tuned way.

What if I already have an https web site?

You can easily convert your site from an https web site to an auto web site.

If you have both an http and an https web configuration, you must first delete the http one.

Then, edit the https site, remove the SSL lines, and change it to auto.

Attachments (1)

Download all attachments as: .zip