diff --git a/roles/copr/frontend/templates/httpd/coprs.conf b/roles/copr/frontend/templates/httpd/coprs.conf
index c159da3d09..d39d4ab2e3 100644
--- a/roles/copr/frontend/templates/httpd/coprs.conf
+++ b/roles/copr/frontend/templates/httpd/coprs.conf
@@ -24,25 +24,26 @@ WSGIApplicationGroup %{GLOBAL}
     ServerName {{ copr_frontend_public_hostname }}
     ServerAlias copr-fe{% if devel %}-dev{% endif %}.cloud.fedoraproject.org
 
-    # We don't strictly enforce https (only HSTS) for python-processed content.
-    # This is still useful at least for *.repo URLs.  But, that's why we still
-    # configure port 80 here.
-    WSGIPassAuthorization On
+    # Keep port 80 open for the .repo and certbot URLs
     <Location />
         WSGIProcessGroup port80
     </Location>
-    <LocationMatch "/repo/">
-        WSGIProcessGroup repo
-    </LocationMatch>
+
     <Directory /usr/share/copr>
         Require all granted
     </Directory>
 
+    RewriteEngine on
+
 {% if letsencrypt is defined %}
     # For ansible.git roles/copr/certbot role.  Needs to run on port 80.
-    RewriteEngine on
     RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
 {% endif %}
+
+    # Redirect everything everything but repo files to https://
+    RewriteCond %{HTTPS} !on
+    RewriteCond %{REQUEST_URI} !/repo/
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
 </VirtualHost>
 
 <VirtualHost *:443>