The recommended way for upgrading from plain http to https is via HTTP Strict Transport Security (HSTS [1]); this is the setup e.g. at openacs.org.
Actually one should get this more or less out of the box, when installing OpenACS via [2]. After installing, install a certicfiate and activate https (i.e. uncomment "set httpsport ..." in the config file). The default config file openacs-config.tcl [3] is installed by [2] by default as /usr/local/ns/config-openacs-VERSIONNUMBER.tcl (e.g. openacs-5-9-1.tcl).
all the best
-g
[1] https://developer.mozilla.org/en-US/docs/Glossary/HSTS
[2] https://openacs.org/xowiki/naviserver-openacs
[3] https://bitbucket.org/naviserver/naviserver/src/default/openacs-config.tcl
