The SSL/TLS redirect setting in WHM controls how the system redirects users from non-SSL (HTTP) to SSL/TLS (HTTPS) URLs when they access cPanel, WHM, or Webmail through proxy paths like /cpanel, /whm, or /webmail. When enabled, the server automatically redirects users to the closest domain with a valid SSL/TLS certificate, ensuring secure connections even on servers hosting many domains.
Step 1: Log in to WHM
Open your browser and navigate to https://your-server-ip:2087. Enter your root credentials to access the WHM dashboard.
Step 2: Navigate to Tweak Settings
In the left-hand sidebar, go to Home » Server Configuration » Tweak Settings.
Step 3: Find the SSL Redirect Setting
Use the search bar at the top of the Tweak Settings page and type SSL. Look for the option labelled:
Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs.
This setting is located under the Redirection tab. It was formerly known as "Always redirect to SSL/TLS".
Step 4: Enable the Setting
Toggle the switch to On.
Step 5: Save Changes
Scroll to the bottom of the page and click Save.
How This Setting Works
- When a user accesses
www.example.com/cpanel,/whm, or/webmail, the system redirects them to the appropriate secure port (e.g.,www.example.com:2083for cPanel). - The system does not redirect users who access the service directly via its subdomain (e.g.,
cpanel.example.com). - If enabled, the system attempts to redirect in the following order:
- Redirect to the Origin Domain Name if an installed certificate secures that domain.
- Redirect to a wildcard domain that matches the name on the main service certificate.
- If no domain matches any certificate, redirect to the
https://protocol for the domain.
- This works best when AutoSSL or Let’s Encrypt is enabled and certificates are kept up to date.
Important Notes
- This is a server-wide setting that affects all domains on the server.
- All domains receiving SSL redirects should have a valid, non-expired SSL certificate. Redirecting to a domain without a certificate will cause browser security errors.
- When this setting is disabled, two additional options become available: Non-SSL redirect destination and SSL redirect destination, allowing you to choose between redirecting to the server hostname, the origin domain name, or the SSL certificate name.
- cPanel strongly recommends keeping this setting On and also enabling Require SSL for cPanel Services in the Security tab of Tweak Settings.
- Individual domain SSL redirects can still be configured in cPanel at Domains » SSL/TLS Status.
Troubleshooting
- Browser showing “Not Secure” after redirect: Verify the destination domain has a valid SSL certificate. Check certificate status in WHM » Home » SSL/TLS » Manage SSL Hosts.
- Redirect loop: Ensure the SSL certificate covers the exact domain being redirected. Wildcard certificates are needed for wildcard subdomain redirects.
- Cannot find the option: Use the search/filter bar at the top of Tweak Settings and search for SSL or redirect. Make sure you are on the Redirection tab.
- Only some domains redirecting: Check that all domains have active certificates via WHM » Manage AutoSSL.
