After you have activated the SSL certificate for your domain, you can switch your website completely to SSL encryption.

To ensure that your visitors only use SSL-secured connections, set up automatic forwarding to the HTTPS address using the .htaccess file in your webspace:


The domain must be secured with an SSL certificate.

For your website to use HTTPS, you must have connected your domain to an SSL certificate. Activate an SSL Certificate Now

Find out more here: Set Up an SSL Certificate Managed by IONOS

  • Log in to your IONOS and open the WebspaceExlorer.

    The content of your webspace is displayed.

  • Open the directory of your Typo3 website.

    If you installed your Typo3 website through the IONOS, the website directory is located in the clickandbuilds folder.

  • Click Edit File to the right of the .htaccess file under Actions.

    A new window opens in which you can edit the content of the .htaccess file.

  • Copy and paste the following code into the .htaccess file:

RewriteEngine On
RewriteCond % {HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]
  • Click on Save.

Your website now loads automatically with HTTPS.

The website loads with HTTPS, but the browser still does not show a lock icon in the address bar:

If you go to your website with https://, but the browser displays a warning or hint icon instead of the lock, your site still contains unsafe content (also called mixed content). Mixed content occurs when a website accessed in encrypted form (HTTPS) also loads unencrypted content via HTTP.

If this applies to one or more pages, it is possible that the baseURL and absRefPrefix directives are set in the TypoScript SETUP of your root template but still refer to the http address. To check the template for the corresponding entries and correct them if necessary, proceed as follows:

  • Log in to the Typo3 backend.

  • Click on Templates in the left menu.

    The Template Tools page appears.

  • Select the root template.

  • Select Info/Edit from the drop-down menu at the top.

  • Click Setup.

  • Check the code for a baseURL or absRefPrefix entry that points to the http address. If yes, replace http with https in the URL.

  • If the entry does not exist at all, insert the following code at the end:

config {
  baseURL = https://ihredomain.tld/
  absRefPrefix = https://ihredomain.tld/
  • The URLs must end with /.
  • Replace yourdomain.tld with your domain.
  • Save the changes.

  • Check the effects by visiting your pages again in the browser. Also, reload the pages using CTRL + F5 to make sure that the old version is not loaded from the browser cache.

If the problem persists:

If there is still no lock displayed, you should look for more http entries in the root template and replace them with https addresses. To do this, select the Info/Edit item again above, but then click on the Edit Complete Template Record button below. Here you can use CTRL+S to search for http entries and correct them.

If this is also not sufficient, check your page contents, e.g. whether images from external websites or providers are integrated via http.