SEOLZ

How to fix https not available on PrestaShop

Enable HTTPS by installing a valid SSL/TLS certificate and redirecting all HTTP traffic to the secure HTTPS version of your store.

Steps for PrestaShop

  1. Install an SSL certificate via your hosting control panel (cPanel Let's Encrypt or your host's SSL manager).
  2. In your PrestaShop Back Office, go to Shop Parameters → General.
  3. Set 'Enable SSL' to 'Yes' and 'Enable SSL on all pages' to 'Yes'.
  4. Save the configuration. PrestaShop will now serve all pages over HTTPS and redirect HTTP requests automatically.
  5. Flush PrestaShop's cache under Advanced Parameters → Performance → Clear cache.
Official PrestaShop documentation ↗
<!-- Apache .htaccess — force HTTPS with a 301 redirect -->
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

<!-- Optional: add HSTS via an HTTP header in .htaccess -->
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" "expr=%{HTTPS} == 'on'"
</IfModule>

What is https not available?

HTTPS (HyperText Transfer Protocol Secure) encrypts the connection between your store and every visitor's browser, so that passwords, payment details, and personal data cannot be intercepted in transit. When a site "does not respond on HTTPS," it means your store is either serving pages only over unencrypted HTTP, or its SSL/TLS certificate is missing, expired, or invalid. The padlock icon customers expect in their browser address bar will be absent — or replaced with a security warning.

Google has used HTTPS as a ranking signal since 2014 and Chrome actively labels HTTP sites as "Not Secure," which destroys visitor trust and tanks conversion rates — shoppers who see that warning leave immediately. Without HTTPS, payment card data, login credentials, and personal information travel over the network in plain text, making your store trivially easy to eavesdrop on and putting you in violation of PCI-DSS requirements for accepting card payments. Regulators and payment processors can fine or de-platform stores that transmit cardholder data without encryption. This is classified as OWASP A02:2021 — Cryptographic Failures, one of the most critical vulnerability categories in web security.

See the complete Https not available guide for every platform and the full background.

Not sure if your PrestaShop store has this?

Run a free SEOLZ audit — we’ll find https not available and every other issue across your whole site.

Scan my site free

Fix https not available on another platform