There are better methods for this task. The "%{HTTP_HOST}%" does not mean "your domain" it means whatever domain was requested. You can combine a few extra lines to handle incoming and www/non-https requests:

#Redirect invalid and www requests
RewriteCond %{HTTP_HOST} !^(example\.com)?$
RewriteRule (.*) https://example.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

You can read more about some "why not" for using the {HTTP_HOST} regex here: [webmasterworld.com...]

Thanks. If I wanted to redirect to keep the www. how would your code above be different? Just to clarify, I currently have this in my htaccess for the www part:

RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

Also...one other thing, throughout my htaccess file, I have multiple other rules, such as removing .php extensions within a specific folder (that Lucy24 kindly helped me with a while ago. Would I also need to change every rule to include the https? For example:

RewriteCond %{THE_REQUEST} \.php
RewriteRule ^folder/([^.]+)\.php$ http://www.example.com/folder/$1/ [R=301,L]
RewriteRule ^folder/([^.]+[^./])$ http://www.example.com/folder/$1/ [R=301,L] 

So would the above, and all other rules within my htacccess need to be slightly amended to show "https"?

Thanks in advance for any help.

Yes, if the domain is now using SSL and you want to only use https: you should edit those rules. Because there are other rules, be sure that this one for the http requests comes at the end, after those other rewrite rules. To keep www use:

#Redirect invalid and non www requests
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

add the following to the top of my access file

No. Add it to the bottom of the Rewrite section of your htaccess, after all other redirects (but before internal rewrites, if you've got any). Like the domain-name-canonicalization redirect--which I hope you've already got--this is a catch-all, to be applied only to requests that have not already been redirected for other reasons. In fact, it should be combined with the canonicalization redirect: two different RewriteCond, separated by [OR].

In your htaccess, make sure all existing redirect targets change from http://example.com to https://example.com. If you have an anti-hotlink rule that spells out "^http://example.com", also change that to https.

If you want to be super efficient, put the RewriteCond involving HTTPS first, before the with/without www, because it is more likely to be matched.

There are a few different ways of expressing the RewriteCond--using port#, https, and one or two more that I've just gone blank on. Mine currently looks like this (for a with-www site):

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

Again, this goes after all other external redirects, but before the ones in [L] alone.

I just noticed the mention of 'a specific folder' - if, by any chance you have any .htaccess files in folders other than the root, you should test URLs in that folder to be sure they are not accessible via http: because mod_rewrite is not inherited when another .htaccess file is present. If you have htaccess files in folders other than the root directory, you may need to add a rewrite there as well.

Nope - just the one htaccess file in the website's root.

Maybe I'm over complicating things here. However, seeing as all my current rules are working, could I not just add the "s" to http on all the rules and then add

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

? Again - I'm useless when it comes to this sort of thing so I could be completely wrong here?

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

#1 You do not need to make a whole new rule. You just need to edit your existing "with/without www" rule to add the new RewriteCond, with [OR] flag between the two Conditions.
#2 Change the R to R=301. Otherwise it defaults to 302, although this is clearly a permanent redirect.

afaik, you're fine saying
%{SERVER_PORT} 80
as an alternative to
%{HTTPS} off
or
%{HTTPS} !on
or
(Dang! what is the third variation? I know there's at least one more...)
if that makes you happy. On shared hosting, it is generally safe to assume that nobody is getting in via some obscure alternative port number; the server won't even be listening on other ports.

@lee_sufc - I noticed in your first post you have: RewriteCond %{HTTPS} off

You want this set to "on" see steps below...

- Generic Steps to Switch from HTTP to HTTPS

• Read all info at your host concerning certificates & switching to HTTPS and when applicable, follow those instructions.

• Install security certificate.

• Have your host enable HTTPS (if needed.) This will enable access from both HTTP & HTTPS allowing normal access while you test.

• Go through site, page by page & make sure all file paths are relative (no protocol.) Test by accessing site using HTTPS and look for any browser alerts.

• Install 301 code in .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Note: your server may require a different code

• Go through site again, page by page, and test. Any remote absolute links will need to be HTTPS including those found in scripts & pluggins. If you publish Adsence or other advertising, links in these scripts need to be HTTPS also (or just remove the protocol altogether.)

• Update sitemap.xml (if applicable) and submit to appropriate agencies (Google, Bing, Yandex, etc)

• In Google Search Council create a new site using HTTPS (do not use the Change of Address form.) It will take a few days to start populating information. This is normal & traffic to old site (HTTP) will drop off accordingly.

• Bing Webmaster Tools, Yandex & others should update automatically once they crawl your new pages. Updating/re-submitting sitemap.xml should speed up this process.

@lee_sufc - I noticed in your first post you have: RewriteCond %{HTTPS} off

You want this set to "on" see steps below...

this isn't a https "setting", it's a conditional test for which web protocol was requested before firing the following RewriteRule.

RewriteCond %{HTTPS} !=on

this is equivalent.
see lucy24's post above...

Maybe I'm over complicating things here. However, seeing as all my current rules are working, could I not just add the "s" to http on all the rules and then add...

that's essentially what you want to do but i would combine the conditional as suggested above.
either:

RewriteCond %{HTTPS} =off [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

or:

RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

or:

RewriteCond %{SERVER_PORT} =80 [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} 80

afaik, you're fine saying
%{SERVER_PORT} 80
as an alternative to
%{HTTPS} off
or
%{HTTPS} !on

http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#RewriteCond

Remember: CondPattern is a perl compatible regular expression with some additions:

1. You can prefix the pattern string with a '!' character (exclamation mark) to specify a non-matching pattern.
2. There are some special variants of CondPatterns. Instead of real regular expression strings you can also use one of the following:
...
'=CondPattern' (lexicographically equal) Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString is lexicographically equal to CondPattern (the two strings are exactly equal, character for character). If CondPattern is "" (two quotation marks) this compares TestString to the empty string.