In this article I’m going to show you how to setup SSL for Drupal 7 on a shared hosting web server. My provider is Bluehost, so my directions are specific to them, but should be adaptable to most Linux-based shared hosting providers.
Buy your Certificate
You’ll first need to buy an SSL certificate. I picked the Rapid SSL from Namecheap. It’s both inexpensive and onNamecheap, where I already host my domain. Don’t let the name fool you, Namecheap has an excellent suite of tools; I really like them so far. The price for the SSL certificate was $10.95 for a year.
Buy a Dedicated IP Address
You’ll also need to buy a dedicated IP address if you’re using a shared hosting account. This cost me about $150 over three years. This in addition to the low $3.95/month I’m paying for Bluehost now. That’s the cheapest shared hosting plan you can get. So the total for hosting for three years will be about $300. That’s a great deal.
Setting up your Certificate on your Hosting Provider
Then go to your Bluehost hosting account and search in cpanel for SSL/TLS Manager. In there, set up a private key and CSR. Some direction is supplied on that page. If you’re unsure you can chat live with Bluehost technical support and they’ll help you out. Or you can just read about what a CSR is here.
Activate your SSL Certificate
Now, return to your SSL certificate provider and Activate your SSL certificate using the CSR you created at Bluehost. I had to select Apache + OpenSSL as my server type. Check with your host if you’re unsure what server type you’re using. For Bluehost though it should be what I used.
An email will be sent to the approver email address: this is the account you gave them upon enrollment. This is either your WHOIS contact (check yours at www.nic.com) or another email address. The approver will need to authorize the certificate creation for your site.
Download and Install CRTs
Once this is done you may download the certificate and bundle from Namecheap (or other provider). You’ll have two documents ending with a .crt extension.
Next, go back to your host and upload your certificates in the correct places. In Bluehost its in the SSL/TLS Manager and is called ‘Generate, view, upload, or delete SSL certificates’. Upload both the CRTs you downloaded there.
Enable SSL and Configure Settings
Once this is done, contact the hosting provider (you can do this through Bluehost live chat) and ask them to enable SSL on your site.
Once this is done your site will be SSL-enabled. But you’re still not totally done. I recommend next going into your settings.php file in your drupal site (sites/default/settings.php) and setting $base_url to ‘https://yoursite.com’. Note the ‘s’ added to the end of ‘http’. This will ensure all relative links in the site use your SSL-protected pages.
Also add the following to the top of your .htaccess file at the root of your site. Make sure to change ‘yoursite’ to the name of your domain.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursite.com/$1 [R=301,L]
Load it Up and Check it Out
Now, load up your site in IE, Chrome, and Firefox to makes sure it works on all of them. You should notice a nice, solid lock icon in front of your ‘https’ URL for your site. Click any relative link on your site. It should direct to other ‘https’ pages. Sweet!
A Mixed Content Warning
I’ll leave you with warning. One thing you may encounter is a mixed content warning in Firefox. I got this at first. It looks like a little shield before the lock icon. To get rid of this (and provide assurance to your users), make sure all assets in your site are protected by SSL. I noticed my Google fonts were causing a problem for me. I was using @import statements to bring in the fonts in my stylesheet. I solved this issue by changing them to links and adding them to my Drupal html template file and making the links start with ‘//’ instead of ‘http’.
You could also download the fonts and install them on your server directly (this also improve site performance.