An SSL certificate encrypts the connection between your visitors' browsers and your website, protecting sensitive data like login credentials and payment information. Most INNOVATECH GROUP hosting packages include free SSL certificates through cPanel's AutoSSL feature. This guide explains how to confirm your certificate is active and how to force all traffic to use HTTPS.
Prerequisites
- An active hosting service with cPanel access
- Your domain is pointed to your hosting server (DNS is resolving correctly)
- You are logged in to cPanel (you can access cPanel from your service detail page in the INNOVATECH GROUP client portal by clicking Access cPanel)
Step 1: Check Your SSL/TLS Status
AutoSSL automatically provisions free Domain-Validated (DV) SSL certificates for domains on your hosting account. Before forcing HTTPS, confirm that a valid certificate is in place:
- In cPanel, navigate to Security → SSL/TLS Status.
- This page lists all domains on your account along with their SSL certificate status.
- Look for your domain in the list. A valid AutoSSL certificate will show an AutoSSL DV certificate icon and an Active status.
- If the status shows Unsecured or Has AutoSSL Problems, do not enable HTTPS redirection yet — see the troubleshooting section below.
Understanding the Statuses
- Active — a valid certificate is installed and working
- Unsecured — no certificate is installed for this domain
- Expiring Soon — the certificate is valid but approaching expiry (AutoSSL should renew it automatically)
- Has AutoSSL Problems — AutoSSL could not issue or renew a certificate for this domain; check the error details on the page
Step 2: Force HTTPS Redirect
Once you have confirmed that a valid SSL certificate is active for your domain, you can force all visitors to use the secure HTTPS version:
Option A: Using cPanel's Built-In Toggle (Recommended)
- In cPanel, navigate to Domains → Domains.
- Find your domain in the list.
- Locate the Force HTTPS Redirect toggle next to your domain.
- Set the toggle to On.
This is the simplest and most reliable method. cPanel handles the redirect rules for you, and you can disable it at any time by toggling it back to Off.
Option B: Using .htaccess (Advanced)
If the cPanel toggle is not available for your domain, or you need more control, you can add redirect rules to your .htaccess file:
- In cPanel, open File Manager and navigate to your domain's document root directory (usually
public_html). - Open or create the
.htaccessfile. - Add the following lines at the top of the file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- Save the file.
Important: If you already have RewriteEngine On in your .htaccess file, do not add it a second time. Place the two Rewrite lines after the existing RewriteEngine On directive.
Step 3: Verify HTTPS Is Working
After enabling the redirect:
- Open your website in a browser using
http://yourdomain.co.za(without the "s"). - Confirm that you are automatically redirected to
https://yourdomain.co.za. - Check for the padlock icon in the browser address bar — this confirms the connection is encrypted.
- Click the padlock to view certificate details and verify it shows a valid certificate for your domain.
Troubleshooting Common Issues
Mixed Content Warnings
After enabling HTTPS, your browser may show a warning that the page contains "mixed content". This happens when your website loads some resources (images, scripts, stylesheets) over plain HTTP instead of HTTPS.
How to fix:
- Update internal links in your website's content and configuration to use
https://instead ofhttp:// - If you use a CMS like WordPress, update the site URL in your settings to use
https:// - Check for hardcoded
http://URLs in your theme files, plugins, or custom code - Use your browser's developer tools (press F12, then check the Console tab) to identify which specific resources are being loaded insecurely
AutoSSL Certificate Not Issuing
If your domain shows "Unsecured" or "Has AutoSSL Problems" in SSL/TLS Status:
- Verify DNS: your domain must resolve to your hosting server's IP address. If you recently changed nameservers or DNS records, allow up to 24–48 hours for propagation.
- Check for CAA records: Certificate Authority Authorization (CAA) records in your DNS can restrict which authorities may issue certificates. If CAA records exist, ensure they include the AutoSSL provider. If unsure, contact support.
- Wait for the next AutoSSL run: AutoSSL runs periodically. If your domain was recently added, it may need time for the next scheduled check. You can see when AutoSSL last ran on the SSL/TLS Status page.
www vs. Non-www Mismatch
Ensure both yourdomain.co.za and www.yourdomain.co.za have valid certificates. AutoSSL typically covers both, but if one variant is unprotected, visitors accessing that version will see a security warning.
Browser Still Shows "Not Secure"
- Clear your browser cache or try an incognito/private window
- Ensure the redirect is working (check that HTTP URLs redirect to HTTPS)
- Verify there are no mixed content issues (see above)
When to Contact Support
Open a support ticket if:
- AutoSSL has not issued a certificate for your domain and it has been more than 48 hours since your DNS was correctly configured
- You see AutoSSL error messages that you do not understand
- Mixed content warnings persist after you have updated all URLs
- You need an Organisation Validation (OV) or Extended Validation (EV) certificate instead of the free DV certificate
- The Force HTTPS toggle is not available for your domain in cPanel