How to add SSL to my Elgg site?

Hello everyone
I have an SSL certificate and I want to secure my Elgg site with it.
What code do I need to enter and where?

index.php? start.php? in every mod?

Tnanx for your replies


  • If you want the entire site to be SSL, go to Site Administration and set the site URL to start with https. Make sure you test the https connection first. If you need help with that, please use Google to find resources for configuring SSL.

  • Thanks Cash...

    The HTTPS logins already enable

    Do I need to see "https" on the address?

  • if you only want https for login, all you need to do is check that option. You won't see https in the address.

  • As a caveat to Cash's instructions:

    If you change the site URL to include https, make sure to DISABLE the https login which is redudant and will create a "httpss" URL at login, making your site inaccesssible.  If you are stuck, like I was, with httpss and can't login to DISABLE the https login under Administration - Site Administration, then you have to change the setting in the database:

    Under the "elggconfig" table, delete the "https_login" key.  That will disable the HTTPS login and you can login again.

    As a side note:  To enable https everywhere on your site and ONLY if your elgg installation is in a subdirectory, add to the .httaccess file the follow:

    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} <elgg subdirectory name>
    RewriteRule ^(.*)$ https://yourURL/elgg subdirectory name/$1 [R,L]

    Where <elgg subdiretory name> is the name of your subdirectory.  This is workingfor me with v1.7 of Elgg.

    Of course, all these instructions assume you have a valid (if only self-signed) SSL certificate that makes the HTTPS URL work.  Good certs will likely cost you about $55 and depending on the Apache configuration, require static IPs.



  • What about an option to access the site using either http:// or https://

    Don't think that is possible at the moment?

  • I think that can be done by symlink'ing the https to the http ;) or maybe a soft redirect.

  • Hmm.. thanks. Will explore that and report my results.

  • You could do this by setting the $CONFIG->url and $CONFIG->wwwroot variables dynamically based on the requested url. (And I also don't know why that parameter is duplicated)