Https not available

Quick win

Enable HTTPS by installing a valid SSL/TLS certificate and redirecting all HTTP traffic to the secure HTTPS version of your store.

What it is

HTTPS (HyperText Transfer Protocol Secure) encrypts the connection between your store and every visitor's browser, so that passwords, payment details, and personal data cannot be intercepted in transit. When a site "does not respond on HTTPS," it means your store is either serving pages only over unencrypted HTTP, or its SSL/TLS certificate is missing, expired, or invalid. The padlock icon customers expect in their browser address bar will be absent — or replaced with a security warning.

Why it matters

Google has used HTTPS as a ranking signal since 2014 and Chrome actively labels HTTP sites as "Not Secure," which destroys visitor trust and tanks conversion rates — shoppers who see that warning leave immediately. Without HTTPS, payment card data, login credentials, and personal information travel over the network in plain text, making your store trivially easy to eavesdrop on and putting you in violation of PCI-DSS requirements for accepting card payments. Regulators and payment processors can fine or de-platform stores that transmit cardholder data without encryption. This is classified as OWASP A02:2021 — Cryptographic Failures, one of the most critical vulnerability categories in web security.

How to fix it

Obtain a valid SSL/TLS certificate — most hosting providers and all major ecommerce platforms offer free certificates via Let's Encrypt; alternatively purchase one from a Certificate Authority (CA) such as DigiCert or Sectigo.
Install the certificate on your web server or activate it inside your platform's admin panel (exact steps differ by platform — see below).
Verify the certificate covers all domains and subdomains your store uses (e.g. www.example.com AND example.com). Use a wildcard or multi-domain (SAN) certificate if needed.
Configure a permanent 301 redirect so that every HTTP request (http://) is automatically forwarded to its HTTPS equivalent (https://). This ensures no page is ever served insecurely.
Enable HTTP Strict-Transport-Security (HSTS) so browsers remember to always use HTTPS for your domain, even if a user types http:// manually.
Test the result using a browser (look for the padlock), an SSL checker tool, and confirm no mixed-content warnings appear in the browser's developer console.

<!-- Apache .htaccess — force HTTPS with a 301 redirect -->
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

<!-- Optional: add HSTS via an HTTP header in .htaccess -->
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" "expr=%{HTTPS} == 'on'"
</IfModule>

Fix it on your platform

Pick your platform for the exact steps.

How to fix https not available on Shopify

Shopify automatically provisions and renews a free SSL certificate for every store — no manual installation is required.
In your Shopify Admin, go to Online Store → Domains.
Find your custom domain and confirm the SSL certificate status shows 'SSL certificate active' (green checkmark). If it shows 'Unavailable', click the domain and follow the on-screen prompts; Shopify will attempt to re-provision the certificate.
Scroll down on the same Domains page and enable the toggle 'Redirect all traffic to this domain' — this enforces HTTPS and the canonical domain simultaneously.
HSTS is managed by Shopify's infrastructure; no additional action is needed.

Full Shopify guide →Official Shopify docs ↗

How to fix https not available on Shopify Plus

SSL certificate provisioning is identical to standard Shopify — fully automatic.
Go to Admin → Online Store → Domains and confirm 'SSL certificate active' for every custom domain, including any expansion stores.
Enable 'Redirect all traffic to this domain' on the primary domain to enforce HTTPS site-wide.
For headless or custom storefronts using the Storefront API, ensure your CDN/edge layer (e.g. Cloudflare, Fastly) is configured with a valid certificate and HTTPS-only routing.

Full Shopify Plus guide →Official Shopify Plus docs ↗

How to fix https not available on WooCommerce

Log in to your hosting control panel (cPanel, Plesk, or your host's dashboard).
Locate the SSL/TLS section and install a free Let's Encrypt certificate for your domain — most hosts (SiteGround, Kinsta, WP Engine, Bluehost) offer a one-click Let's Encrypt install.
Once the certificate is active, in your WordPress Admin go to Settings → General and change both 'WordPress Address (URL)' and 'Site Address (URL)' from http:// to https://.
Install the free 'Really Simple SSL' plugin (Plugins → Add New → search 'Really Simple SSL') and activate it — it handles the 301 redirect, mixed-content fixes, and can enable HSTS.
Alternatively, add redirect rules manually: in your .htaccess file (root of your WordPress install), add: RewriteEngine On / RewriteCond %{HTTPS} off / RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Flush any caching plugin's cache (e.g. WP Super Cache, W3 Total Cache, WP Rocket) after making changes.

Full WooCommerce guide →Official WooCommerce docs ↗

How to fix https not available on BigCommerce

BigCommerce provides a free SSL certificate for all storefronts automatically.
In your BigCommerce Control Panel, go to Store Setup → Store Profile and confirm your Store URL begins with https://.
To force HTTPS, go to Store Setup → Store Settings → Miscellaneous and enable 'Force Secure Checkout' if available, or verify that server-side HTTPS redirect is active (it is on by default for all BigCommerce-hosted storefronts).
For a custom domain, go to Store Setup → Domains and ensure your domain is correctly pointed and the SSL certificate is listed as active.
If using a custom SSL certificate (enterprise plans), upload it via the BigCommerce support request process or through your account manager.

Full BigCommerce guide →Official BigCommerce docs ↗

How to fix https not available on Wix

Wix automatically enables a free SSL certificate for every site — no manual certificate installation is needed.
In your Wix Dashboard, go to Settings → Domains.
Confirm the SSL toggle shows as active (turned on, shown in green) next to your connected custom domain.
Wix enforces HTTPS by default and redirects all HTTP traffic automatically; there is no additional redirect configuration required.
If the SSL toggle is off or shows an error, disconnect and reconnect your domain, or contact Wix Support to re-provision the certificate.

Full Wix guide →Official Wix docs ↗

How to fix https not available on Squarespace

Squarespace automatically issues and renews a free SSL certificate for all sites on a paid plan.
In your Squarespace Admin panel, go to Settings → Domains.
Click your custom domain and confirm 'SSL' shows as Active.
Go to Settings → Advanced → SSL and set the Security preference to 'Secure (HTTPS)' and enable 'HSTS' if the option is available in your plan.
Squarespace automatically redirects HTTP to HTTPS; no manual redirect rules are required.

Full Squarespace guide →Official Squarespace docs ↗

How to fix https not available on Webflow

Webflow automatically provisions a free SSL certificate (via Fastly/Let's Encrypt) for all published sites on a paid hosting plan.
In your Webflow Dashboard, open the project and go to Publishing → Custom Domains.
Confirm the SSL badge next to your domain shows 'SSL Active'. If it shows 'Pending', wait up to 24 hours for DNS propagation, then retry.
Webflow automatically redirects HTTP to HTTPS for all hosted sites — no additional configuration is needed.
In Project Settings → Hosting, ensure 'Enable SSL' is toggled on (it is on by default).

Full Webflow guide →Official Webflow docs ↗

How to fix https not available on Adobe Commerce (Magento)

Obtain and install an SSL certificate on your web server (Apache or Nginx) via your hosting provider or Let's Encrypt (e.g. using Certbot: sudo certbot --apache -d yourdomain.com).
In your Magento Admin, go to Stores → Configuration → General → Web.
Expand the 'Base URLs (Secure)' section and set 'Secure Base URL' to https://yourdomain.com/.
Set 'Use Secure URLs on Storefront' and 'Use Secure URLs in Admin' both to 'Yes'.
Expand the 'URL Options' section and ensure 'Auto-redirect to Base URL' is set to 'Yes (302 Found)' or 'Yes (301 Moved Permanently)' to redirect HTTP to HTTPS.
Clear the Magento cache: System → Cache Management → Flush Magento Cache. Also flush your full-page cache (Varnish if applicable).
Update your web server configuration (Apache .htaccess or Nginx server block) to add a server-level 301 redirect from HTTP to HTTPS as an additional safeguard.

Full Adobe Commerce (Magento) guide →Official Adobe Commerce (Magento) docs ↗

How to fix https not available on Magento Open Source

Follow the same steps as Adobe Commerce (Magento) above — the Admin configuration paths and web-server changes are identical.
Install your SSL certificate via Let's Encrypt/Certbot or your hosting panel, then configure secure base URLs under Stores → Configuration → General → Web.
Add HTTP-to-HTTPS redirect rules in .htaccess (Apache) or your server block (Nginx) and flush all caches after saving.

Full Magento Open Source guide →Official Magento Open Source docs ↗

How to fix https not available on PrestaShop

Install an SSL certificate via your hosting control panel (cPanel Let's Encrypt or your host's SSL manager).
In your PrestaShop Back Office, go to Shop Parameters → General.
Set 'Enable SSL' to 'Yes' and 'Enable SSL on all pages' to 'Yes'.
Save the configuration. PrestaShop will now serve all pages over HTTPS and redirect HTTP requests automatically.
Flush PrestaShop's cache under Advanced Parameters → Performance → Clear cache.

Full PrestaShop guide →Official PrestaShop docs ↗

How to fix https not available on OpenCart

Install an SSL certificate on your server via your hosting panel or Let's Encrypt.
Open your OpenCart config.php (root directory) and config.php inside the admin/ directory.
Change the HTTP_SERVER and HTTPS_SERVER constants so both begin with https://.
In the OpenCart Admin, go to System → Settings → Edit your store → Server tab and set 'Use SSL' to 'Yes'.
Add a 301 redirect in .htaccess: RewriteEngine On / RewriteCond %{HTTPS} off / RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Full OpenCart guide →Official OpenCart docs ↗

How to fix https not available on WooCommerce REST API

The REST API inherits the SSL status of the WordPress/WooCommerce installation.
Ensure HTTPS is active and enforced on the WordPress site first (see WooCommerce steps above).
WooCommerce REST API requires HTTPS by default for all authenticated endpoints — if your site is HTTP-only, API calls using OAuth or Application Passwords will fail or be insecure.
After enabling HTTPS, update any API client configurations or webhooks to use the https:// base URL.

Full WooCommerce REST API guide →Official WooCommerce REST API docs ↗

Does your site have this issue?

Run a free SEOLZ audit to find https not available — and every other issue — across your whole site in minutes.

Scan my site free

Frequently asked questions

What is Https not available?

Why does https not available matter?

How do I fix https not available?