Rather than forcing an exemption, you could be more specific in your rule:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^(example\.com)?$ [OR]
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://example.com/$1 [R=301,L]

so that it only applies to where you want it to apply.

When I do that it adds the primary domain in front so I get a redirect from the add-on.
In other words if example is the primary domain and add-on is the add-on domain I get redirected from http://add-on.com to
https://example.com/add-on.com

[edited by: not2easy at 3:12 pm (utc) on May 29, 2018]
[edit reason] readability [/edit]

You should not generally be able to visit one domain through another, you may have the add-on domain mis-configured. Google can get confused (very) with that setup. Does the add-on domain not have its own .htaccess file?

The add-on domain does have one but it has no re-write rules. I was surprised to see the green lock on it even though I only created a certificate for the primary domain. Here is the add-on domain's .htacccess

AddHandler application/x-httpd-php56 .php .htm .html
<Files formmail.ini>
     Order allow,deny
     Deny from all
    </Files>
<Files /revslider-standalone/install/index.php>
     Order allow,deny
     Allow from all
    </Files>

You should not generally be able to visit one domain through another

In a typical addon configuration, the physical directory structure is
files for example.com:
/example/
files for “addon” domains:
/example/addon1/
/example/addon2/
What this means is that all requests for addon1, addon2 and so on will first pass through the htaccess for example.com, because requests go all the way down the directory structure; they don't teleport directly to the target.

If you're setting up new hosting you can bypass the problem by making your primary a dummy domain that isn't actually used for anything, so it's the equivalent of a "userspace". But this isn't much use if the setup already exists.

That being the case, one approach is to do something like this at the very top of the primary domain's RewriteRules:

RewriteCond %{HTTP_HOST} (addon1|addon2)
RewriteRule . - [L]

so requests for your addon domains are bumped straight to their individual htaccess files with their own RewriteRules--including canonicalization redirects--and don't mix with the “primary” domain.

So I would replace addon1|addon2 with the real addon domain name? Like this?
RewriteCond %{HTTP_HOST} (actualaddondomain.com)

So I would replace addon1|addon2 with the real addon domain name?

Exactly. Note that you don't need any anchors ^ $ at this point; just give enough of the name to distinguish it from the primary domain. I guess technically you don't even need the parentheses, but leaving them out when there are pipes involved make me anxious :( If you're only dealing with a single addon, then you can definitely leave out the parentheses.

Thanks to you both. I have the https off on the add on domain now. A little worried about when I finish the site and add ssl back to the add-on domain as I can't understand why I was getting the green lock on an add-on domain that doesn't have a certificate. I know I only hooked up a single site certificate. (I take the ssl off when I build as the library here blocks the port that siteground uses for ssl and I don't want to eat up limited free vpn minutes while I work on it).

So I would replace addon1|addon2 with the real addon domain name? Like this?
RewriteCond %{HTTP_HOST} (actualaddondomain.com)

that pipe symbol is an "or" operator
i would use something like this:

RewriteCond %{HTTP_HOST} (addonexample1|addonexample2)\.com$

I think he's really only got one addon, so the pipes-and-parentheses business isn't needed at all. In any case I would not use the closing anchor here, because any extraneous guff (like port numbers) needs to be handled in the addon's own htaccess. Matter of fact there's not even any need for the \.com part except in the remote chance that the primary is example.com while the addon is example.org (same name, different tld).