How to Use Let’s Encrypt SSL Certificates with Drupal 8

Introduction: Free SSL/TLS Certificates for Every Domain

This Tutorial will show Drupal 8 website owners how to install Let’s Encrypt SSL/TLS certificates with cPanel on domains for HTTPS security and data packet encryption.

Let’s Encrypt SSL/TLS Certificates have the advantages of being free, able to be produced programmatically, & auto-installed for every domain name on cPanel web hosting plans.

When setting up Let’s Encrypt on a website, Drupal 8 administrators need to choose whether to allow HTTP connections or force all transfers to have HTTPS Encryption.

Step One:
Activate the Let’s Encrypt Certificate in cPanel

To begin, navigate to cPanel on a Shared Linux web server & click on the “Let’s Encrypt” icon. Domains registered to the user are listed with menus for select actions.

How to Use Let’s Encrypt SSL Certificates with Drupal 8

Configuration: Activate the “Let’s Encrypt” certificate for the Drupal 8 domain if required & save the settings in cPanel. Then click the “Manage HTTPS Settings” link.

How to Use Let’s Encrypt SSL Certificates with Drupal 8

Note: It is possible to use either cPanel, the .htaccess file, or Drupal 8’s settings.php file to force HTTPS Encryption on all web pages & connections to the web server.

Choose to leave this setting on or off depending on whether or not your website will be permitting both HTTP & HTTPS connections. This is the Drupal 8 default value.

Click on “SSL Details” to view the Encoded Certificate, Private Key, & Intermediate Certificates (CA) information. Leave this as is unless required by another application.

Step Two:
Edit the Base URL Value in settings.php

After activating the Let’s Encrypt certificate, test the installation on a Drupal 8 website by loading the homepage with a HTTPS URL. The website should display as normal with the URL listed in the web browser as secure.

Next: Log any errors & continue by signing in as the Drupal 8 administrator. If you decide to force all Drupal 8 pages to load by HTTPS (recommended), continue by:

//Use HTTPS for Drupal
$_SERVER['HTTPS'] = 'on';
$conf['https'] = TRUE;
$base_url = '';

adding the code above to your Drupal 8 website’s settings.php file. This can be found in the /sites/default folder of the installation. Download & edit code in Notepad++ or similar.

If you require to load HTTPS by default but still allow HTTP connections on demand:

$base_url = '';

Add the code above to the settings.php file. This will preserve the default Drupal 8 configuration, which is to allow both HTTPS & HTTP connections as required on CMS.

Combined with the cPanel settings for Let’s Encrypt, these configuration values will allow you to force HTTPS Encryption on all Drupal 8 web pages in production.

Step Three:
Edit the .htaccess file to Force HTTPS on URLs

To add another level of security for your Drupal 8 website, use the Apache.htaccess file found in the root of the installation to force all page loads with HTTPS Encryption.

Locate the .htaccess file in the root folder or file directory, then uncomment the code:


Additionally, these lines need to be added or uncommented:

# Redirect to HTTPS


RewriteCond%{HTTP:X-Forwarded-Proto} !https

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Save the .htaccess file & upload it to the server. All of the web pages in the Drupal 8 site should now be loading under HTTPS URLs by default. Log any errors by testing.

Step Four:
(Optional) Install the Secure Login Module

For an additional layer of security on Drupal 8 user logins, install the Secure Login module. This module enforces HTTPS encrypted connections on all Drupal 8 forms.

Required Files – Download:

Configuration: Download & install the files at admin/modules/install or use FTP, Git, Drush, etc. as required by the project. Navigate to admin/config/people/securelogin & set the default Secure Base URL for the website as well as enabling form protection.

How to Use Let’s Encrypt SSL Certificates with Drupal 8

Choose which forms to protect by guaranteed HTTPS Encryption on transfers & save the Secure Login module settings. Otherwise check “Submit all forms to secure URL.”

Conclusion: Use HTTPS on All Connections & Drupal Pages

Let’s Encrypt SSL/TLS Certificates are 100% free and can save hundreds of dollars per domain on more expensive plans. Let’s Encrypt certificates install automatically on cPanel. Drupal 8 webmasters can force HTTPS Encryption on all CMS connections.

Best practice is multi-layer HTTPS security with cPanel configuration using Let’s Encrypt, .htaccess edits, settings.php file, & the Secure Login module for Drupal 8. Some websites may need to permit both HTTP & HTTPS connections on scripts.

Check out these top 3 Drupal hosting services:

Was this article helpful?