It's worth noting though, Apache suggests handling this at the main VHost level; https://wiki.apache.org/httpd/RedirectSSL If you would like your entire domain to always be https://, make sure you enable HSTS as well (this will need mod_headers enabled in your main apache conf...