A Complete Guide to Using Let’s Encrypt Along With Drupal 8

A Complete Guide to Using Let’s Encrypt Along With Drupal 8

Let’s Encrypt is a popular, free service by the Internet Security Research Group that offers SSL and TLS certificates. If you’re using Drupal to power websites, you need to choose whether to accept HTTP connections or only HTTPS connections. You can make such decisions in the cPanel. In this article, learn how to use Let’s Encrypt along with your Drupal 8 website.

Step-by-Step Process

Here are the steps you need to take:

Activate Let’s Encrypt Certificate

The first step you need to do is activate the Let’s Encrypt certificate. For this, you’d have to use the cPanel. So login to your cPanel and locate and click on “Let’s Encrypt”. Then, select the domain for which you need those certificates.

Once you’ve activated the certificate, click on “Manage HTTPS Settings”. You’ll see a toggle option for “HTTPS Enforce”. You can leave it on or off depending on whether you want to allow only HTTPS or both HTTP and HTTPS.

Finally, click on “SSL Details”. Grab a few details like the Encoded Certificate, Intermediate Certificates (EC), and Private Key and paste them into a Word or TXT file for later use.

Open Settings.php and Edit the Base URL Value

To check that you’ve successfully activated Let’s Encrypt, reload the homepage but with the HTTPS URL. The website should load just fine but this time with a green “Secure” tag on the URL bar.

If you want to force all connections as HTTPS, then open the settings.php file and include the following code:

//Use HTTPS for Drupal

Code:
$_SERVER['HTTPS'] = 'on';
$conf['https'] = TRUE;
$base_url = 'https://mywebsite.com';
You can find the settings.php file in the /sites/default folder.

In case, you still want to allow HTTP connections, just add the following code to the settings.php file:

Code:
$base_url = 'https://example.com';
It will allow both HTTP and HTTPS connections to the CMS.

Edit .htaccess File to Force HTTPS on URLs

You may want to edit the .htaccess file to force HTTPS on URLs. It will add another layer of security to your website. The Apache .htaccess file can be located in the root of the installation. Once you’ve located it open the file and comment out the following code:

RewriteEngine on

Then, add or uncomment these codes:

Code:
# Redirect to HTTPS
RewriteCond%{HTTPS}off
RewriteCond%{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Save the changes made and exit. Now, you’ll notice that the website loads only under HTTPS URLs by default.

Install Secure Login Module

This is an optional step. So you may or may not follow it, but doing so is highly recommended since it adds another layer of security to your Drupal 8 website.

So first, you have to download the Secure Login module from Drupal Modules section. Once downloaded, install the files at admin/modules/install. You can also use FTP or Drush for it.

Now, navigate into admin/config/people/securelogin.

Here, you need to set the Secure Base URL and enable form protection. You can select which forms to provide protection to or select “Submit all forms to secure URL”.

Save the changes and exit.

So that’s how you use Let’s Encrypt SSL/TLS certificates with Drupal 8. For further assistance, contact the hosting support team.
Author
kumkumsharma
Views
171
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from kumkumsharma

Top