Setting up your forum for HTTPS

To preface this tutorial, much of what I am discussing involves the creation and automatic renewal of certificates. The forum software does not need any additional configuration to be served over HTTPS and has a configuration setting to force it. In my experience I have found Certbot to make the process of obtaining and deploying certificates a much easier process for novice users. Regardless, the client or CA decided upon should not make a difference as long as you properly configure your web server to use SSL. It’s just that Certbot’s Apache plugin will apply the certificate for you.

Installing Certbot and the Apache plugin

The following instructions are in line with the starter’s guide that also exists on this wiki. The EFF has a website with instructions on how to install Certbot on other distributions.

sudo apt update
sudo apt install -y certbot
sudo apt install -y python3-certbot-apache

Obtaining a certificate

Now that you have installed a client for the Let’s Encrypt CA you can “obtain” a certificate. You’ll want to a) ensure that you can connect to your forum with the domain you’re using ( and b) use the Apache plugin so that you don’t have to disrupt access to your forum.

certbot certonly --apache -d

Automated renewal

Most Certbot installations now come with automatic renewal preconfigured. You’ll probably want to check and see if this is the case by looking for the command below in your system’s crontab (typically /etc/crontab or /etc/cron.*/* or systemd timers: systemctl list-timers).

certbot renew

If it’s not there, you can set up automated renewal by following the steps here under “setting up automated renewal.” I would care to lay them out however I’d rather link to the docs than risk giving away instructions that may be outdated in two years.

Web server configuration

The majority of web servers (with the exception being Caddy, a web server that is built with ‘automatic’ HTTPS) requrire for their configurations to be modified in order to make use of the SSL certificate you generated.

Apache with SSL

The configuration below should either replace a file called forum.conf that was previously created for your forum (see Apache without SSL) or be pasted in a new file located at /etc/apache2/sites-available or your server’s equivalent thereof replacing <domain> with your domain name or IP address. If your forum has been installed in another directory than the example provided in this tutorial, you will need to modify parts of this configuration that reference /var/www/forum.

<VirtualHost *:80>
	ServerName <domain>
	<IfModule mod_ssl.c>
		RewriteEngine On
		RewriteCond %{HTTPS} !=on
		RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] 
	<IfModule mod_rewrite.c>
		RewriteEngine On
		RewriteCond %{REQUEST_FILENAME} !-f
		RewriteRule ^(.*)$ index.php/$1 [QSA,L]
<VirtualHost *:443>
	ServerName <domain>
	DocumentRoot "/var/www/forum"
	<IfModule mod_php.c>
		php_admin_value open_basedir %{DOCUMENT_ROOT}
		php_admin_value upload_tmp_dir %{DOCUMENT_ROOT}/tmp
		php_admin_value session.save_path %{DOCUMENT_ROOT}/sessions
	<Directory "/var/www/forum">
		Options Indexes FollowSymLinks MultiViews
		AllowOverride all
		Require all granted
	SSLEngine on
	SSLCertificateFile /etc/letsencrypt/live/<domain>/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem

Once you’ve created the file above, you may run the commands below in order to enable the configuration.

a2enmod rewrite ssl
a2ensite forum.conf
systemctl restart apache2

Forcing HTTPS

The HTTPS protocol can be forced by setting $config["https"] to true, preventing insecure connections from being made to your forum. To make this change, add the following to config/config.php

"https" => true, // Force HTTPS

You should now be able to visit your forum over the HTTPS protocol without issue. If your browser returns with an “insecure connection” or similar error when trying to browse your forum, particularly if you’ve never been able to access it over HTTPS, you should try restarting Apache. If you encounter that same error in about six months to one year after setting up your certificate, it’s probably expired and needs to be renewed. Trying to manually run certbot renew may give an error because your web server is running, so it needs to be stopped until the certificate has been renewed and then you can start it again.

Still looking for help?

Join the community support forum and if that doesn't work, consider asking your question on the Discord server!