How do I fix https not available on Magento Open Source?

Follow the same steps as Adobe Commerce (Magento) above — the Admin configuration paths and web-server changes are identical. Install your SSL certificate via Let's Encrypt/Certbot or your hosting panel, then configure secure base URLs under Stores → Configuration → General → Web. Add HTTP-to-HTTPS redirect rules in .htaccess (Apache) or your server block (Nginx) and flush all caches after saving.

How to fix https not available on Magento Open Source

Enable HTTPS by installing a valid SSL/TLS certificate and redirecting all HTTP traffic to the secure HTTPS version of your store.

Steps for Magento Open Source

Follow the same steps as Adobe Commerce (Magento) above — the Admin configuration paths and web-server changes are identical.
Install your SSL certificate via Let's Encrypt/Certbot or your hosting panel, then configure secure base URLs under Stores → Configuration → General → Web.
Add HTTP-to-HTTPS redirect rules in .htaccess (Apache) or your server block (Nginx) and flush all caches after saving.

Official Magento Open Source documentation ↗

<!-- Apache .htaccess — force HTTPS with a 301 redirect -->
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

<!-- Optional: add HSTS via an HTTP header in .htaccess -->
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" "expr=%{HTTPS} == 'on'"
</IfModule>

What is https not available?

HTTPS (HyperText Transfer Protocol Secure) encrypts the connection between your store and every visitor's browser, so that passwords, payment details, and personal data cannot be intercepted in transit. When a site "does not respond on HTTPS," it means your store is either serving pages only over unencrypted HTTP, or its SSL/TLS certificate is missing, expired, or invalid. The padlock icon customers expect in their browser address bar will be absent — or replaced with a security warning.

Google has used HTTPS as a ranking signal since 2014 and Chrome actively labels HTTP sites as "Not Secure," which destroys visitor trust and tanks conversion rates — shoppers who see that warning leave immediately. Without HTTPS, payment card data, login credentials, and personal information travel over the network in plain text, making your store trivially easy to eavesdrop on and putting you in violation of PCI-DSS requirements for accepting card payments. Regulators and payment processors can fine or de-platform stores that transmit cardholder data without encryption. This is classified as OWASP A02:2021 — Cryptographic Failures, one of the most critical vulnerability categories in web security.

See the complete Https not available guide for every platform and the full background.

Not sure if your Magento Open Source store has this?

Run a free SEOLZ audit — we’ll find https not available and every other issue across your whole site.

Scan my site free

How to fix https not available on Magento Open Source

Steps for Magento Open Source

What is https not available?

Not sure if your Magento Open Source store has this?

Fix https not available on another platform