Enabling SSL for Drupal

This article describes how to enable SSL for a Drupal site.

🚧

Important

This article assumes that you already have a valid, functioning SSL certificate installed on your web site. If you do not have an SSL certificate for your site yet, please see our SSL certificate options or use Sectigo certificates available with most accounts.

Enabling SSL for Drupal

You can use.htaccess settings to automatically redirect users to secure (https:// ) web site connections, even if they type a non-secure URL (http:// ) in their web browser.

Additionally, you can use.htaccess settings to automatically redirect users who do not include the www prefix. For example, many third-party SSL certificates are only valid for one specific domain, so web site owners often set up an SSL certificate for the www subdomain (www.example.com ). However, this means that visitors to the site may receive a security warning if they go to example.com without the www prefix. An.htaccess directive enables you to prevent this from occurring.

To configure these settings, follow these steps:

1. Use a text editor to open the .htaccess file in the directory where you installed Drupal. To do this, you can log in to your account using SSH and a command-line text editor, or you can use the text editor in the cPanel File Manager.

2. Copy the following text and paste it into the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST}!^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

📘

Note

If you do not want to redirect users who omit the www prefix, do not include the second and third lines in your .htaccess file.

3. Save your changes to the .htaccess file.

4. Test the new configuration. Using the Apache directives listed in step 2, the following should happen:

• A user who types http://example.com or http://www.example.com is redirected to https://www.example.com. (Replace example.com with your own domain name.)

• A user who types https://example.com is redirected to https://www.example.com. (Replace example.com with your own domain name.)

Using cPanel SSL with Drupal

Using an SSL certificate from a recognized Certificate Authority is recommended for the best results when enabling SSL for Drupal. cPanel SSL is a free, automated, and open certificate authority and is recognized by most modern browsers. cPanel SSL is supported for all new hosting.com accounts and certificates can be generated automatically for immediate use. For more information about cPanel SSL, please see the Related Articles section.

Related Articles

• Introduction to SSL

• Optimizing Drupal

• Securing an unmanaged server with a Let’s Encrypt SSL certificate

• Securing a cPanel-enabled account with a Let’s Encrypt SSL certificate

• Generating and renewing Let’s Encrypt SSL certificates in Plesk