> ## Documentation Index
> Fetch the complete documentation index at: https://kb.hosting.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Enabling SSL for Drupal

> Learn how to enable SSL for Drupal and discover the benefits of using cPanel SSL with this guide.

This article describes how to enable SSL for a Drupal site.

<Warning>
  **Important**

  This article assumes that you already have a valid, functioning SSL certificate installed on your web site. If you do not have an SSL certificate for your site yet, please see our [SSL certificate options](https://hosting.com/domains/ssl-certificates/) or use Sectigo certificates available with most accounts.
</Warning>

## Enabling SSL for Drupal

You can use*.htaccess* settings to automatically redirect users to secure (*https\://* ) web site connections, even if they type a non-secure URL (*http\://* ) in their web browser.

Additionally, you can use*.htaccess* settings to automatically redirect users who do not include the *www* prefix. For example, many third-party SSL certificates are only valid for one specific domain, so web site owners often set up an SSL certificate for the *www* subdomain (*[www.example.com](http://www.example.com)* ). However, this means that visitors to the site may receive a security warning if they go to *example.com* without the *www* prefix. An*.htaccess* directive enables you to prevent this from occurring.

To configure these settings, follow these steps:

1. Use a text editor to open the *.htaccess* file in the directory where you installed Drupal. To do this, you can log in to your account [using SSH](/docs/using-ssh-secure-shell) and a command-line text editor, or you can use the text editor in the [cPanel File Manager](/docs/cpanel-file-manager-editors).

2. Copy the following text and paste it into the *.htaccess* file:

```
RewriteEngine On
RewriteCond %{HTTP_HOST}!^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```

<Note>
  If you do **not** want to redirect users who omit the *www* prefix, do not include the second and third lines in your *.htaccess* file.
</Note>

3. Save your changes to the *.htaccess* file.

4. Test the new configuration. Using the Apache directives listed in step 2, the following should happen:

* A user who types *[http://example.com](http://example.com)* or *[http://www.example.com](http://www.example.com)* is redirected to *[https://www.example.com](https://www.example.com)*. (Replace *example.com* with your own domain name.)

* A user who types *[https://example.com](https://example.com)* is redirected to *[https://www.example.com](https://www.example.com)*. (Replace *example.com* with your own domain name.)

## Using cPanel SSL with Drupal

Using an SSL certificate from a recognized Certificate Authority is recommended for the best results when enabling SSL for Drupal. cPanel SSL is a free, automated, and open certificate authority and is recognized by most modern browsers. cPanel SSL is supported for all new hosting.com accounts and certificates can be generated automatically for immediate use. For more information about cPanel SSL, please see the **Related Articles** section.

## Related articles

* [Introduction to SSL](/docs/introduction-to-ssl)

* [Optimizing Drupal](/docs/optimizing-drupal)

* [Securing an unmanaged server with a Let’s Encrypt SSL certificate](/docs/securing-your-site-with-a-lets-encrypt-ssl-certificate)

* [Securing a cPanel-enabled account with a Let’s Encrypt SSL certificate](/docs/securing-a-cpanel-enabled-account-with-a-lets-encrypt-ssl-certificate)

* [Generating and renewing Let’s Encrypt SSL certificates in Plesk](/docs/generating-and-renewing-lets-encrypt-ssl-certificates-in-plesk)
