Securing Your Server (HTTPS Protocol)

If I attempt to visit your website for the first time and you are NOT on a secure server, I might get a warning from my browser with a note that says something like "Continue (not recommended)", my antivirus or malware program might send me a warning and, in extreme cases, I might be completely barred from visiting your site by the protective apps on my computer. If you want folks to visit your site, you have to make sure they don't have these issues. Even though our information-only websites can't hurt anyone, Google and the browser makers have hyped it up to sound like the world is going to end if you visit a non-secure site and most people won't. (This is my opinion and I don't recommend going against the flow for anyone who isn't extremely computer savvy.)

Before I go further, the sites that we host at https://www.txgenwebcounties.com/ are secure and we don't have to worry about them. This information is for people who pay for their own hosting.

Other folks on this list have not secured their servers. Most hosts now offer a free version of their SSL. If yours doesn't, ask them why they don't. If their site is secure, all the domains they host should be secure, too. For most of us who have our own sites, you simply have to find a setting in your Control Panel and turn it on and then add a snippet to your .htaccess file. Sounds scary - easy to do. I'm hoping I can help you with this.
Most hosts are offering a free version of secure servers. You can either use these directions to secure your account or use them to call the host and ask them to help you.

First you need to secure your server.

Log in to your main dashboard and navigate to the SSL Certificate product page (maybe SSL/TSL). (They can be in different places for different hosts but look under Security. Some of us have to go to Advanced first.)
If the Free SSL (AutoSSL) is currently disabled, choose the domain you would like to install to (i.e. "Install SSL on").
Domain Selection - be sure this is your main domain name (cnocandoire.com for me). If your counties have their own domain names, it'll "trickle-down" to those. (txrusk.com, txgalveston.org, etc)
Click Enable AutoSSL.

Now go to your main domain and see if it shows as a secure site. You may need to do a hard refresh - hold down Ctrl and press F5 then let them go.
Secure
secure

Not Secure
not secure
Once the Free SSL (AutoSSL) is enabled, you may need to add a redirect to ensure the domain resolves to the HTTPS protocol.

Do NOT do this step until you know your domain has been made secure. This step forwards every visitor to the secure version of your URL (automatically changes http to https). If your domain is NOT secure, it will cause an error on every page of your site.

Your .htaccess file is in the main directory of your domain (probably the very first file) and could be hidden. Find it, download it, make a backup copy, open it in your text editor (NotePad) and paste these lines at the top of the file. If you're absolutely sure you don't have an .htaccess file, it's easy to create one in your text editor.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

All done.
This is what my SSL page looks like on HostMonster
image.png