With all the browsers moving to rejecting our sites if they are not fully presented in HTTPS://, it has forced us all into many different steps. The changes to the two configure.php files are well documented throughout the forum. What happens then when folks type in yoursiteDOTcom or www.yoursiteDOTcom? Many times the system will not recognize the lack of http prefix and present the site as insecure.

You can try it by entering your site's URL without the http:// or https://. Use either www. or not. If you find that no HTTP shows up and the lock is gone as well, you may need to add the following to your cart's root .htaccess file. You may not be able to see the .htaccess file until you select to view hidden files.

NOTE: The following is based on the assumption that there are no cpanel redirects for http or www. And, that you ARE wanting to remove www from the URL. Your SSL must be for the non-www version of your domain.

Code:
RewriteEngine On

RewriteCond %{HTTP_HOST} ^www\.YOURSITE\.com [NC]
RewriteRule ^(.*)$ https://YOURSITE.com/$1 [L,R=301]

# Redirect HTTP with www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]
# Redirect HTTP without www to HTTPS without www
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Redirect HTTPS with www to HTTPS without www
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule .* https://%1%{REQUEST_URI} [R=301,L]


## 301 Redirects
You will need to change the items in red to match your site.

Now, the following entries will all result in https://yoursiteDOTcom:



If adding this to an existing .htaccess, make sure there are no duplications. If no .htaccess file exists in the site's root, save this text as .htaccess and add it to the site's root.

If the lock is still missing, you should check the page to make sure there are no external links hard-coded to http://

Test, Test, Test