HTTPS Redirect in Plesk

After installing an SSL certificate, you should redirect all HTTP traffic to HTTPS to ensure visitors always use the secure version of your site. This guide covers how to enable HTTPS redirect in Plesk and alternative methods.

Why Force HTTPS?

Redirecting HTTP to HTTPS is essential because:

• Security: All data is encrypted between the visitor and your server
• SEO: Google uses HTTPS as a ranking signal and prefers secure sites
• Trust: Browsers display "Not Secure" warnings on HTTP pages
• Compliance: PCI DSS, HIPAA, and other standards require encryption
• Data integrity: Prevents tampering with data in transit

Method 1: Plesk Built-in HTTPS Redirect (Recommended)

Plesk has a built-in option to force HTTPS — this is the simplest and most reliable method.

For Apache-Based Hosting (Linux)

1. Log in to your Plesk control panel
2. Go to Websites & Domains
3. Click on the domain you want to configure
4. Click Hosting & DNS > Hosting Settings (or click the domain name for settings)
5. Ensure SSL/TLS support is enabled and the correct certificate is selected
6. Check the box Permanent SEO-safe 301 redirect from HTTP to HTTPS
7. Click OK or Apply

This creates an automatic 301 redirect from http:// to https:// for all pages.

Tip: The "Permanent SEO-safe 301 redirect" option is the best choice for SEO. It tells search engines that the HTTPS version is the canonical URL and transfers ranking power.

For IIS-Based Hosting (Windows)

1. Log in to Plesk
2. Go to Websites & Domains > select the domain
3. Go to Hosting Settings
4. Enable SSL/TLS support and select your certificate
5. Enable the Permanent SEO-safe 301 redirect from HTTP to HTTPS option
6. Click OK

Method 2: .htaccess Redirect (Apache/LiteSpeed)

If you prefer manual control or need custom redirect rules:

Basic HTTPS Redirect

Add the following to your .htaccess file in the document root:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect with www Normalization

To redirect to https://www.example.com:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]

Redirect Without www

To redirect to https://example.com (no www):

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

Tip: If using the .htaccess method, disable the Plesk built-in redirect to avoid double redirects or redirect loops.

Method 3: Application-Level Redirect

Some CMS platforms have built-in HTTPS settings:

WordPress

1. Go to Settings > General
2. Change both WordPress Address (URL) and Site Address (URL) from http:// to https://
3. Save changes
4. Use a plugin like "Really Simple SSL" for comprehensive HTTPS enforcement

Joomla

1. Go to System > Global Configuration > Server
2. Set Force HTTPS to Entire Site
3. Save

Verifying the Redirect

After setting up the redirect:

1. Open a new browser tab (or incognito window)
2. Visit http://yourdomain.com (without https)
3. You should be automatically redirected to https://yourdomain.com
4. Check the browser address bar for the padlock icon
5. Test both with and without www prefix

Using curl to Verify

You can verify the redirect type using the command line:

curl -I http://yourdomain.com

Look for:

HTTP/1.1 301 Moved Permanently
Location: https://yourdomain.com/

Troubleshooting

• Redirect loop (ERR_TOO_MANY_REDIRECTS): This usually means both Plesk and .htaccess are trying to redirect. Use only one method. Also check if your CMS has its own HTTPS redirect enabled.
• Mixed content warnings: Your site loads over HTTPS but some resources (images, scripts, CSS) are loaded over HTTP. Update all internal URLs to use https:// or protocol-relative //.
• Redirect not working: Clear your browser cache. Check that the .htaccess file is in the correct directory (document root). Verify that mod_rewrite is enabled.
• SSL certificate not valid: The redirect works but the certificate is expired or for a different domain. Renew or reinstall the correct certificate.
• Some pages not redirecting: If using .htaccess, ensure there are no conflicting rules. Check for page-specific redirect overrides.
• WordPress login loop after HTTPS: Update WP_HOME and WP_SITEURL in wp-config.php to use https://.

Related Articles

• Installing SSL in Plesk
• Creating Backups in Plesk
• SSL Certificate Types Explained

Need help with HTTPS redirect? Contact {{COMPANY_NAME}} support at {{SUPPORT_EMAIL}} or open a ticket at {{SUPPORT_URL}}.