This section contains detailed articles elaborating on some of the common issues phpBB users encounter while using the product. Articles submitted by members of the community are checked for accuracy by the relevant phpBB Team. If you do not find the answer to your question here, we recommend looking through the Support Section as well as using the Site Wide Search.

Configuring SSL on phpBB

Description: How to setup SSL on your phpBB board.

In Categories:

Link to this article: Select All
[url=https://www.phpbb.com/support/docs/en/3.2/kb/article/configuring-ssl-on-phpbb/]Knowledge Base - Configuring SSL on phpBB[/url]

SSL Setup Instructions

This instruction set will help you get your site up and running with you SSL certificate (which should be provided by your host).

Things you will need:

-A FTP Client (FTP Knowledge Base Article)
-A good text editor (such as notepad++ for Windows or Sublime Text for Windows/Mac/Linux with UTF-8 w/o BOM capability)

I strongly recommend making a backup of the site prior to completing the following instructions as we will be making changes to settings and core files. Backup Instructions

Instructions

1) Download the ".htaccess" file from your root directory.

2) Open the file with a text editor. It should look something like this:

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine on

#
# Uncomment the statement below if URL rewriting doesn't
# work properly. If you installed phpBB in a subdirectory
# of your site, properly set the argument for the statement.
# e.g.: if your domain is test.com and you installed phpBB
# in http://www.test.com/phpBB/index.php you have to set
# the statement RewriteBase /phpBB/
#
#RewriteBase /

#
# Uncomment the statement below if you want to make use of
# HTTP authentication and it does not already work.
...
3) Insert the following text into your .htaccess file in the appropriate place (see example below):

Text to be inserted:

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Location of insertion:

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

#
# Uncomment the statement below if URL rewriting doesn't
# work properly. If you installed phpBB in a subdirectory
# of your site, properly set the argument for the statement.
# e.g.: if your domain is test.com and you installed phpBB
# in http://www.test.com/phpBB/index.php you have to set
# the statement RewriteBase /phpBB/
#
#RewriteBase /

#
# Uncomment the statement below if you want to make use of
# HTTP authentication and it does not already work.
...
4) Save and uploade your new ".htaccess" file to your server (overwriting the previous file).

5) Now we will configure phpBB's settings to support SSL. Go into the "ACP". On the "General" tab, look under the "Server Configuration" area and click on "Cookie Settings".

6) Select "Enabled" under the "Cookie Secure:" setting and then click "Submit."

Visitors should now be automatically directed to the secure SSL site and "https://" should seen in the URL address bar of your web browser.


Tips:

Q: I get a error "HTTP 400 - Bad Request" or something like:

Code: Select all

An error occurred during a connection to www.phpbb-es.com:80. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG 
A: This can happen with "force server URL settings" set to "on" (found in the ACP, "General" tab, "Server Configuration" heading, "Server settings" selection menu). You would have to change the "Server port" to the appropriate value. The default is port 443.