How to enable SSL for Drupal

This article describes how to enable SSL for a Drupal site.

This article assumes that you already have a valid, functioning SSL certificate installed on your web site. If you do not have an SSL certificate for your site yet, please see our SSL certificate options or use Sectigo certificates available with most accounts.

Enabling SSL for Drupal

You can use .htaccess settings to automatically redirect users to secure (https://) web site connections, even if they type a non-secure URL (http://) in their web browser.

Additionally, you can use .htaccess settings to automatically redirect users who do not include the www prefix. For example, many third-party SSL certificates are only valid for one specific domain, so web site owners often set up an SSL certificate for the www subdomain ( However, this means that visitors to the site may receive a security warning if they go to without the www prefix. An .htaccess directive enables you to prevent this from occurring.

To configure these settings, follow these steps:

  1. Use a text editor to open the .htaccess file in the directory where you installed Drupal. To do this, you can log in to your account using SSH and a command-line text editor, or you can use the text editor in the cPanel File Manager.
  2. Copy the following text and paste it into the .htaccess file:
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    If you do not want to redirect users who omit the www prefix, do not include the second and third lines in your .htaccess file.
  3. Save your changes to the .htaccess file.
  4. Test the new configuration. Using the Apache directives listed in step 2, the following should happen:

    • A user who types or is redirected to (Replace with your own domain name.)
    • A user who types is redirected to (Replace with your own domain name.)

Using Sectigo with Drupal

Using an SSL certificate from a recognized Certificate Authority is recommended for the best results when enabling SSL for Drupal. Sectigo is a free, automated, and open certificate authority and is recognized by most modern browsers. Sectigo is supported for all new A2 Hosting accounts and certificates may even be generated automatically for immediate use. For details regarding Sectigo or Let's Encrypt for your account type, please see Related Articles.

Please note that A2 Hosting, in order to provide consistent and reliable user experience, is switching from Let’s Encrypt to Sectigo for all newly provisioned accounts. Existing accounts will also make the change to Sectigo certificates sometime in the near future. The certificates are equal in terms of trust level, validity, and how they are used. You should see no impact on your site, and the only difference is that the padlock in your browser will now say “cPanel Cert Issued by Sectigo” instead of “Let’s Encrypt."

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.