diff --git a/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf b/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf
index 001c2537f..495037bbe 100644
--- a/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf
+++ b/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf
@@ -8,6 +8,12 @@
 ##   mod_proxy_wstunnel
 ##
 <Location /_cockpit/>
+    # Redirect to HTTPS in case of not already using it. This can happen since
+    # we don't redirect for .onion domains.
+    RewriteEngine on
+    ReWriteCond %{HTTPS} !=on
+    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
+
     ProxyPass http://localhost:9090/_cockpit/
 </Location>