You may also wish to force HSTS (Strict-Transport-Security) which is going to depend which version of apache you are running, assuming you are running apache 2.4 make the following directory:

mkdir -p /usr/local/apache/conf/userdata/ssl/2_4

Now create 2 more directories:

cd /usr/local/apache/conf/userdata/ssl/2_4
mkdir -p $username/$domain

$username is the cPanel username and $domain is the domain you wish to enable HSTS
Now create a file hsts.conf and include the following

<IfModule mod_headers.c>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

Rebuild httpd.conf and restart apache:

service httpd restart

Now all traffic to this domain will be forced to https://

To Disable HSTS,

Header always set Strict-Transport-Security "max-age=0; includeSubdomains; preload"


Leave a Reply

Your email address will not be published. Required fields are marked *