In this tutorial, you will learn how to enable HTTPS and configure Umbraco to work using HTTPS. Getting Umbraco to work over HTTPS is relatively straight-forward. The first thing that you will need is an SSL certificate. There are a number of different ways of purchasing an SSL certificate, I tend to use, SSL.COM.
To generate a certificate you will need to generate a CSR. A certificate signing request (CSR) is a key that you generate from your own hosting company that you associate with the SSL key so that it can only be used on your webserver.
To generate a CSR you will need to set the common name. The common name will be the domain name AND its qualifier. Depending on your www or non-www strategy you will need to pick one.
- https://www.website.com common name is www.website.com
- https://website.com common name is website.com
You may also be able to use a wildcard: *.website.com (this is the easiest one). After getting an SSL cert you will need to install it on your web-server.
Configuring Umbraco is pretty easy. First, to make the back-end work, within the
web.config ensure that the setting
UseHttps is set to true
Next, you will need to define a UrlRewite rule to force people to try to access your site using HTTP to use HTTPS:
Another thing you should worth checking is what the hostname defines within the culture and hostname section. You may need to ensure that your domain is correct with the correct prefix:
If you use Cloudflare then you will need to make sure that your DNS is set-up correctly: There are two things you will need to ensure
- The DNS is correct for www and non-www using an A-record name and a CNAME:
- A-record the server IP. There will only be one A-record
- CNAME any alias you use on the site, like `www.website.com', or, 'api.website.com'. This can point to either a hostname or, a hostname
- Within the SSL/TLS tab update your Cloudflare SSL mode to Full strict mode. If you do not do this then you will get an infinite redirect
A useful tool that can help you diagnose re-direct issues is https://redirectdetective.com. This tool will map out all the re-directs it encounters. This is handy to quickly visualize if you are getting 301s or unexpected 303 redirects.
If you encounter a redirect error. Create a simple HTML page and upload it to your website, like so:
If the page loads then you have a Umbraco issue. If it does not you have a DNS issue.