Announcing Let’s Encrypt Drupal

14 November 2017

Let’s Encrypt Drupal is an open source project which makes it easy for Let’s Encrypt to be run on your Drupal web server.

It’s 2017 and sites need to be served via HTTPS. Way back in 2014, Google started boosting the ranking of sites which served by HTTPS and in October 2017 Google Chrome will start marking pages with forms as not secure when not encrypted. In short, if your site is not being served by HTTPS then it will be suffering in terms of SEO and user trust.

There are a number of options out there which make HTTPS easy. The first option would generally be to use Cloudflare which is able to proxy the web traffic and handle the SSL certificate. Web hosting companies such as Pantheon have the option of handling SSL at the CDN level if you configure your DNS to use their servers. Options such as these makes life easy.

However, sometimes these options are not available. Some PAAS providers do not provide SSL in this way. Also, traffic served through Cloudflare can be slow for Australian users based on the Telstra network. Take a read of this article for some eye opening stats. This rules out Cloudflare for many sites based in Australia.

In these cases you need to fall back to installing your own certificate. No dramas, right? Well, this is not an easy thing to do if you need to handle multiple domains. This can happen with:

  • multisite
  • domain access
  • multiple sites on a server.

In these cases you are out of luck.

This is where Let’s Encrypt shines. It enables a single certificate to handle multiple domains in one go. You can serve multiple sites off one IP address and solve your SSL worries.

Introducing Let’s Encrypt Drupal

We have put together Let's Encrypt Drupal, a bash script wrapping lukas2511/dehydrated which can automate the certificate generation process for Drupal sites. It supports the following features:

  • certificate creation
  • certificate renewal (via cron)
  • notifications to Slack
  • self updating
  • validating

The code is configured by a text files which can be placed into the site repo, making it easy for developers to specify what domains need to be added to the cert.

The main advantage is that the Let's Encrypt challenge is published trough Drupal and set using Drush. There is no need to alter web server settings or upload files.

Let's Encrypt Challenge

We started using contributed module for publishing the Let's Encrypt challenge to Drupal site during first tests. This turned out to be great way to get the domain verified as there is usually no other simple way to do this with Drupal hostings. They either handle SSL completely without customization options or advice to upload/commit the challenge file directly.

The module https://www.drupal.org/project/letsencrypt_challenge has only Drupal 7 release currently. We contributed Drupal 8 port. The issue is still active: https://www.drupal.org/node/2918028. We are working towards publishing Drupal 8 release in the original project. In the mean time there is a sandbox available.

Let’s Encrypt Drupal is supported by the team at Morpht. Our forms are now secure. :)

Please find out more at the Let’s Encrypt Drupal repo and let us know what you think.