For IONOS Web Hosting and Managed Dedicated Server packages

Even if you have already secured your website with an SSL certificate, it is possible that visitors (possibly unknowingly) access your website through an unencrypted HTTP connection. You can prevent this by automatically redirecting corresponding domain calls to an encrypted HTTPS connection. This ensures that data exchange with your visitors is always protected by SSL encryption and thus remains private.

Which types of websites are suitable for using this guide?

This article is primarily aimed at customers who create their websites on their computer and then upload the files to their webspace for publishing.

If you instead manage your website with a content management system (CMS) such as WordPress, Joomla!, Typo3, Prestashop or Magento , we recommend that you use the functions offered by the respective system to convert to HTTPS. This is the only way to ensure that your website will continue to be fully functional after the conversion. Click here to find instructions suitable for your system.

Customers with an IONOS MyWebsite or IONOS Managed WordPress package do not need to do anything as their website will automatically switch to HTTPS when the SSL certificate is activated.


This tutorial assumes that you have already set up an SSL certificate for your website.

Setting Up Forwarding of http:// to https://

With the following steps, you can set up a so-called 301 forwarding in your webspace. This type of forwarding also ensures that the current search engine rankings and links stored in the search engine index are automatically transferred to the new website URL.

Note for Customers with Windows Hosting (ASP.NET Hosting):

These instructions also work with our Windows hosting packages as they have an extension that ensures compatibility with Apache mod_rewrite. Microsoft's URL rewrite extension, on the other hand, is not installed on our IIS web servers and therefore cannot be used as an alternative at this time.

  • Open a simple text editor, such as Notepad (Windows) or TextEdit (macOS).
  • Copy the code below and paste it into the text editor.
RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(.*)$$1 [R=301,L]
  • In the text editor, replace with your own domain.

  • Save the file under the name .htaccess.

  • Upload the .htaccess file to the root directory of your webspace. You can use WebspaceExplorer or FTP to do this.

Your website will now load automatically with HTTPS.


In this section, we have compiled helpful information in case you encounter a problem:

The redirect does not work

You have taken all of the necessary steps, but the automatic redirection to the HTTPS website still does not work? Then it is possible that your browser is loading the page from the cache (temporary storage), and therefore, the redirection is not working. To avoid this, please clear your browser's cache and then reload the website. Depending on your browser and device, you can also bypass the cache by reloading the page with CTRL+F5.
If this does not help, please check that the control file (.htaccess) is also in the correct location, i.e. the root directory of your website.

My website does not load anymore (error 500)

If you receive error 500 when you open your website, a spelling error or some other unwanted control character has probably crept in. The latter can happen if you did not create the .htaccess file with a simple text editor but instead with a "real" word processing program such as Microsoft Word. If you have problems, you can simply delete the .htaccess file in your webspace and check/correct your locally saved version.

My browser now displays a mixed content warning

If browsers continue to classify your website as insecure after the changeover and displays a mixed-content warning in the browser, further action is required.