A problem we found with WHMCS is that it allows client, staff, and admins to log into it using the standard HTTP prefix and does not force them to a SECURE HTTPS URL. Not only that but some areas of WHMCS require you to access them via HTTP. You could simply use our HTTP to HTTPS redirect code but what you will find is that certain sections of WHMCS end up in a redirect loop and are broken. The below code does it's best for force clients, staff, and admins to use HTTPS while allowing HTTP access to those sections that need it.
Options All -Indexes RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/whmcs/dl.php RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]