Knowledge Base

How to enable SSL for Drupal

This article describes how to enable SSL for a Drupal site.

This article assumes that you already have a valid, functioning SSL certificate installed on your web site. If you do not have an SSL certificate for your site yet, please see our SSL certificate options.

Enabling SSL for Drupal

You can use .htaccess settings to automatically redirect users to secure (https://) web site connections, even if they type a non-secure URL (http://) in their web browser.

Additionally, you can use .htaccess settings to automatically redirect users who do not include the www prefix. For example, many third-party SSL certificates are only valid for one specific domain, so web site owners often set up an SSL certificate for the www subdomain (www.example.com). However, this means that visitors to the site may receive a security warning if they go to example.com without the www prefix. An .htaccess directive enables you to prevent this from occurring.

To configure these settings, follow these steps:

  1. Use a text editor to open the .htaccess file in the directory where you installed Drupal. To do this, you can log in to your account using SSH and a command-line text editor, or you can use the text editor in the cPanel File Manager.
  2. Copy the following text and paste it into the .htaccess file:
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    
    If you do not want to redirect users who omit the www prefix, do not include the second and third lines in your .htaccess file.
  3. Save your changes to the .htaccess file.
  4. Test the new configuration. Using the Apache directives listed in step 2, the following should happen:

    • A user who types http://example.com or http://www.example.com is redirected to https://www.example.com. (Replace example.com with your own domain name.)
    • A user who types https://example.com is redirected to https://www.example.com. (Replace example.com with your own domain name.)