• Home
  • Uncategorized
  • Installing SSL certificate on WordPress site in i-mscp, and forcing HTTPS/SSL in WordPress Subdomain

Installing SSL certificate on WordPress site in i-mscp, and forcing HTTPS/SSL in WordPress Subdomain

Installing the SSL certificate in i-mscp control panel was too easy. You need to enter the certificates in the panel:

User control panel>Manage domains>View certificates, under the SSL certificates tab.

Now enter the .key, .csr and intermediary certificate in the respective tabs.

Once done, you need to modify the .htaccess with rules to make it force SSL for everything. Note that this is optional. WordPress has options to force SSL for just login. However I prefer having SSL for everything.

My .htaccess looks like this:

#
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{SERVER_PORT} !443 
RewriteCond %{HTTP_HOST} ^supernova.droidzone.in$ [NC]  
RewriteRule ^(.*)$ https://supernova.droidzone.in/$1 [R=301,QSA,L]

RewriteEngine On
RewriteCond %{SERVER_PORT} !443 
RewriteCond %{HTTP_HOST} !^note2.droidzone.in$ [NC]  
RewriteCond %{HTTP_HOST} !^blog.droidzone.in$ [NC]  
RewriteCond %{HTTP_HOST} !^forum.droidzone.in$ [NC]
RewriteCond %{HTTP_HOST} ^droidzone.in$ [NC]  
RewriteRule ^(.*)$ https://droidzone.in/$1 [R=301,QSA,L]

RewriteRule ^downloads/([^/]+)$ wp-content/plugins/download-monitor/download.php?id=$1 [L]

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]

Note that the rules are read from top to bottom. So the first rule states that for urls matching anything beginning with supernova.droidzone.in, redirect it to an HTTPS url.

Next we set up SSL for the naked domain, excluding several subdomains from being included in the rule. This is so because the Class 1 certificate I received for free from StartSSL does not allow wildcard subdomains.