In this tutorial, you will learn how to configure Umbraco to work using HTTPS. Getting Umbraco to work over HTTPS is relatively straight-forward. The first thing that you will need is an SSL certificate. There are a number of different ways of purchasing an SSL certificate, I tend to use, SSL.COM.

To generate a certificate you will need to generate a CSR. A certificate signing request (CSR) is a key that you generate from within your own hosting companies control panel. The CSR key is used to associate your domain name with an SSL key. Combined this creates an added layer of security, as the SSL cert can only be used with the correct domain.

Common name

To generate a CSR you will need to set the common name. The common name will be the domain name AND its qualifier. www and non-www will be treated differently:

  • The common name for https://www.website.com would be www.website.com

  • The common name for https://website.com would be website.com

To make life easier, instead of being forced into picking an option, you can use a wildcard for the common name like this, *.website.com. Using a wildcard is the easiest option and it is the path that I recommend you take. After getting an SSL cert, your next task will be to install it on your web server. The process of how to install a cert will obviously depend on your domain provider, however, the setup should be fairly simple

Configuring Umbraco

Configuring Umbraco to work with HTTPS is pretty easy. To make the Umbraco back-end run correctly, within the web.config ensure that the setting UseHttps is set to true.

Next, you will need to define a redirect rule that will force anyone who tries to access your site using HTTP to use HTTPS. The rule to do this will look like this:

Another thing you should worth checking is if any hostnames are defines within the culture and hostname section. If your domain has been added, you will need to make sure the correct prefix is added, e.g. HTTPS:

Setting Umbraco Domain

CDN Configuration

If you use a CDN, like Cloudflare, you will need to make sure that your DNS is set up correctly: There are two things you will need to ensure

  • The DNS is correct for www and non-www using an A-record name and a CNAME:

  • A-record the server IP. There will only be one A-record

  • CNAME any alias you use on the site, like `www.website.com', or, 'api.website.com'. This can point to either a hostname or, a hostname

  • Within the SSL/TLS tab, update your Cloudflare SSL mode to Full strict mode. If you do not do this then you will get an infinite redirect

Troubleshooting

If you encounter redirect issues, a useful tool you can use to debug issues is called https://redirectdetective.com. This tool will map out all the re-directs it encounters. This is handy to quickly visualize if you are getting successful 301s or unexpected 303 errors

Redirect Detective

If you encounter a redirect error. Create a simple HTML page and upload it to your website, like so:

If the page loads then you have a Umbraco issue. If it does not you have a DNS issue.