How to redirect to https not via .htaccess?

Had not a nice case today. One client’s website is using Let’s Encrypt certificate, and today it stopped working. The reason as I understood was that certificate tried to renew (every 90 days), but the rule, that is in .htaccess might be the reason for it not to renew. I have this one:

 RewriteCond %{HTTPS} off         [OR]
 RewriteCond %{HTTP_HOST} ^www\.   [NC]
 RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L,NE]

Another thing - if 5 attempts are failed, then it’s possible to renew only after week. Only here I don’t know if it tried many times itself, or these 5 times were made by me when I tried to refresh it manually.

So result is website doesn’t have SSL, and I had to buy paid certificate. It’s ok for one website, but I am afraid all other websites can have this problem later.

Talked to hosting company, they said there also can be other reasons, but if this one was in this case, then solution would be to create redirection in cms, so my question is what would be the solution for Kirby to have this redirection?

I can’t help with the SSL renewal since I haven’t run into this issue before but this rule from H5BL has been working well for clients on shared hosting: server-configs-apache/rewrite_http_to_https.conf at master · h5bp/server-configs-apache · GitHub

Thank you, so as I understand, this is extra line that is helpful in this case?

RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/

(giving this as example, as I am using Direct Admin)

Yeah, I would try uncommenting that line.

Actually, it depends on how your certificate is renewed. Do you know which client program is used for renewal or is this process hidden by your hosting provider?

If this is the advice from your hosting provider, I would question this. If the certificate is expired, you could just issue a new one. No one should have to pay for a freely available certificate. I also wonder why the renewal process has not started earlier and gives you a warning that there is a problem with the renewal.

I am running multiple websites, none with http access without any exception and the certificate renewal is running smoothly in the background with certbot every 60 days (30 days before expiry), which would give a lot of time if something fails.

Don’t have an answer, it’s just made automatically in the background, I can only choose in Direct Admin to use Let’s Encrypt.

It wasn’t that I had to pay for free certificate, and can’t renew it, but as I wrote, Let’s Encrypt can be renewed after 1 week, if I try 5 times, and it’s failed. So just not to wait I bought paid SSL (could also upload some alternative free, but still would have to pay 5 € for it’s installation and waste time).

For me it also always worked well, with many websites and for 3 or more years after SSL became must have, but in this case something happened.

I do not know what this is. Is this an interface by your hosting provider? And which rate limit did you hit according to Rate Limits - Let's Encrypt?

Maybe your provider changed something. Who is your provider?