A few questions that can help others with your question:
1. You shouldn't normally need the IF wrapper:

<IfModule mod_rewrite.c>

- is it required for some reason?

2. What is this line supposed to do?:

RewriteCond %{HTTP_HOST} ^(.*)$ [NC]

3. Final check - where is that block of code located in your htaccess file? I mean is it before other rewrite rules, after other rules, or is it the only rule?

"if module"is not required.

this code checks to see if mod_rewrite is available, checks if https is off, or if the request does not include www, if either condition matches, the request qualifies and is redirected to the https://www address.

It is below all other rules and below "RewriteEngine on", except I have the Gzip and Leverage browser caching below it.

[edited by: not2easy at 12:48 am (utc) on May 20, 2020]
[edit reason] unlinked URL for readability [/edit]

just to be clear, you request http://example.com/ and the response is a 200 status code instead of a 301?
have you checked your web server access log file for clues?

I would look at error logs also.

I don't see how that rule-set could work. The first line has the [OR] so it looks at the next line, but the next line ends with [NC] only - no [OR] to continue to the next RewriteCond. But that next line is unusual and I don't see how every request would not meet that RewriteCond (if there were a [NC,OR] flag on the previous line). I'm not sure what the purpose of that last RewriteCond is.


Have you looked around here for recommended rules that could be adapted? I ask because it is not clear how this could work out as expected.

Try using a regular normal set of rules, something like

RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteRule (.*) https://www.example.com/$1 [R=301,L] 

It is below all other rules ...

That could well be the problem. A redirect like this (in fact, most external redirects) would need to go before most other (mod_rewrite) rules.

2. What is this line supposed to do?:

RewriteCond %{HTTP_HOST} ^(.*)$ [NC]

That line isn't doing anything here (and could simply be removed)... it is always successful and the backreference is not being used.

I don't see how every request would not meet that RewriteCond (if there were a [NC,OR] flag on the previous line)

Every request does meet that RewriteCond. (If there was an [OR] flag on the previous rule then you'd get a redirect loop - if these directives are processed at all.)

this code checks to see if mod_rewrite is available

And if it's not available it fails silently. Ordinarily, you shouldn't use the IfModule wrapper here - if these directives are mandatory. A fatal error is generally preferable to a silent fail in this scenario.

I got the original code off a website that showed how to force both https and www. This method works on other websites, but not this one.

I can't get the access log right now as requested another pw.

I tried the code provided above by not2easy and moved it to just below the "RewriteEngine on" and there is no change.

Testing method:

I clear the cache, change the url to just "example.com" and it comes up with http with a slash across the lock icon.

I remove just the WWW and it doesn't replace it, even when clearing the cache.

I've tried different codes to force https that I've used on other sites (even the one on the whynopadlock site) and none of them work so I suspect there is something wrong with htaccess.

I took everything out of htaccess except the following and it still doesn't work:

Options +Includes
Options +FollowSymLinks
RewriteEngine on
#
#### Canonical FORCE HTTPS and WWW (
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]
#

I now have the access logs but it isn't showing anything for last 5 hours or so and all requests go to the http version.

Is this a WordPress site? That would explain why it ignores the htaccess rules at least.

I took everything out of htaccess except the following and it still doesn't work:

And by "doesn't work", it just doesn't do anything at all?

What other directives did you have in your .htaccess file?

If those directives are doing nothing and you are requesting "http://example.com/" then it kinda suggests .htaccess overrides are not enabled?!

Is this a WordPress site? That would explain why it ignores the htaccess rules at least.

How so? Even if the these directives are placed after the WP front-controller, it should still redirect requests to the document root and requests for existing files/directories. It would just be "WP virtual URLs" that have a URL-path that won't redirect.

i would check to see if the www/non-www and http/https are all configured with the same document root directory.
it's possible the non-canonical hostnames are on different virtual hosts needing distinct .htaccess files.

If it is a WP site and everything has been removed from the htaccess file except the lines as stated above, it isn't going to work.

WP requires its own snippet and that needs to remain after the canonicalization/www/https rules. BUT if it is a WP site and the Settings > General > WordPress Address URL has not been changed then it will ignore htaccess rules - especially if the WP code has been removed from the .htaccess file. You cannot force www and https without updating the Settings file.

It's not a WP site.

I meant checking to see if the redirect is working by just entering example.com, and it does nothing. Or taking out the www in the full url.

In the last post above I included everything in the htaccess file, after taking out non-essentials.

I know the htaccess file is working somewhat as it does activate the includes.

I"m trying to get help in this forum as my host is only supplying tech support by ticket during the shutdown and that can take days. they don't supply help on setting up htaccess.

I have the recent access log for when I was checking the redirects yesterday, and everything (my testing) is showing 200 response every time and only shows http://example.com. not with the "S" on https. or the www.

I'm not sure what else to look for however.

Have you run the site past validators to ensure there is no technical error preventing its normal function. I don't mean that it needs to pass all their specs, but the validation process can issue a report of all/any problems it encounters to help you spot anything serious. The w3.org validators are fast and free: HTML: [validator.w3.org...] and CSS: [jigsaw.w3.org...] BTW - I do not think this is the answer, but it does not hurt to look at everything.

There are places to test your SSL like https://www.ssllabs.com/ssltest/ and places to test your DNS ( I like https://www.dnsstuff.com/ - no relation) so if everything is in order and a plain .txt .htaccess file does not function, then you would need to depend on the host to help because it may be their setup. There are some large and well known hosts that have non-standard configurations, been there. :(

I would try a simple redirect, to see if it does anything. For example:

Options +FollowSymLinks
RewriteEngine on
RewriteRule ^foo$ /bar [R,L]

If you request "/foo", are you redirected to "/bar"?

I have the recent access log for when I was checking the redirects yesterday, and everything (my testing) is showing 200 response every time and only shows http://example.com. not with the "S" on https. or the www.

I'm not sure what else to look for however.

does the same log file show requests for https and/or www hostnames?
if it doesn't there's surely another access log file somewhere that does show the canonical hostname requests.
if/when you discover that other access log file, i would reconsider this post:

i would check to see if the www/non-www and http/https are all configured with the same document root directory.
it's possible the non-canonical hostnames are on different virtual hosts needing distinct .htaccess files.

The html validated, one small error in css, which I fixed. Same result.

The SSL site gave the site a B for server issue

The DNS report failed for not connecting to mailserver and a few other warnings.

I will contact the host.

Thanks for your help everyone.

have you found a log file yet that show the requests for https and/or www hostnames?

The hosting company provided different code for forcing https and www and everything is working now.

Here it is:

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

I am glad to hear the host stepped in to assist and that it is working well now. Thanks for not leaving folks wondering. ;)

[edited by: not2easy at 7:42 pm (utc) on May 23, 2020]

Love the happy ending ... and also thanks for providing YOUR solution (the host's, but that's also great to know!).

All too often these threads don't have resolutions!

Here it is:

How does this rule force HTTPS?

The hosting company provided different code for forcing https and www and everything is working now.

Where are these directives now located? Server config file? Htaccess file? Is this now in the same virtual host configuration and htaccess file as your other directives?

How does this rule force HTTPS?

It is probably in the virtual host configuration that is listening to Port 80.

I don't know if they changed the config file. They only mentioned what they changed in the htaccess file. I suspect they must have changed something as nothing was working before.

They only mentioned what they changed in the htaccess file.

did they tell you where that .htaccess file was located?

It's in the root.

It's in the root.

is this in the same root directory (and .htaccess file) as your other directives for the canonical hostname?
if so, what happens when you request a non-https hostname?
i.e. http://www.example.com/

@phranque

Yes, in the root directory. There are only about 8 pages on this site and only one htaccess file.

Darn! When I try the http://www.example.com it does not revert to https. I thought I checked this one.

Thanks for pointing this out.

Do you know what will fix this?

http://example.com revers to https://www.example.com

example.com reverts to https://www.example.com

Is there something else besides the above three that I can test?

That is because your code is only checking to see whether it contains "www" or not. It is missing the check for https:

RewriteCond %{HTTPS} !on 

The complete code should be

RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

instead of just

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$
RewriteRule (.*) https://www.example.com/$1 [R=301,L]

Other versions to check:
https://www.example.com (yes, it should have no effect)
http://www.example.com
https://example.com
http://example.com
http://example.com/
all of these should be redirecting to https://www.example.com