How to Setup HTTPS SSL Certificates on Laravel

How to Setup HTTPS SSL Certificates on Laravel


SSL certificates are essential for secure client-server connectivity because of the security layer for the websites. When active, the visitors see a green padlock in the address bar, signifying that the communication between the server and the client is secure.

Websites collecting user data (such as credit card information, login credentials) are required to have active Laravel SSL certificates because of the need for the security of user data for your Laravel web application. 

In this article, I will demonstrate how to set up an SSL certificate for a Laravel 8 application.

How To Implement SSL Certificate?

The security provided by SSL certificates comes at a cost – you need to pay for an SSL certificate. For this tutorial, I will fetch a trial certificate that is valid for 30 days.

Prerequisites

For this article, I assume that you have a Laravel application installed on a web server. My setup is:

  • Laravel 8.0
  • PHP 7.1.
  • SFTP access to your Cloudways Application

Setup Free Let’s Encrypt SSL On Laravel app

Cloudways provides a Free Let’s Encrypt SSL Certificate. To configure it with your web application, you simply need to add your domain and email address.

Set up Custom SSL On Laravel app

If you do not want to use the free Let’s Encrypt SSL certificate, or have purchased a third-party SSL certificate, you can set up your own certificate. 

For this, navigate to the Application tab and click SSL Certificate. Choose “I do not have a certificate” from the dropdown menu.

Get the CSR

You will see a new tab for Certificate Signing Request (CSR) where you are asked to create a CSR by filling the fields.

After submitting the form, a button for downloading the CSR will appear.

Installing The Certificate

The final step is installing the SSL certificate. For this, click INSTALL CERTIFICATE.

A dialogue box will appear prompting for the Certificate Code and CA Chain.

Note that this is not the CSR file. The Certificate Code and CA Chain are provided by the Certification Authority (CA) or the vendor from whom you have purchased the certificate.

  • Certificate Code refers to the content of the application SSL certificate file. Many SSL vendors usually provide this in a .crt or .cer file format (mydomain.crt/mydomain.cer).

  • CA Chain refers to the certificate chain (intermediate certificate). It is usually provided in .ca or .ca-bundle file format ( mydomain.ca/mydomain.ca-bundle).

Please note that these file formats and standards can vary, considering there are many SSL certificate providers with many different formats and standards. If you need any help, you can always contact us via Live Chat or create a support ticket.

Finally, paste all the necessary details and hit SUBMIT to deploy the certificate.

Tip: To view and copy your certificate file content (.crt/.cer file), you can use any text editor such as Notepad for Windows, TextEdit for Mac. Please note that you need to copy and paste the whole certificate including —–BEGIN CERTIFICATE —– & —– END CERTIFICATE —– lines.

That’s it! Your Laravel SSL certificate should be deployed in a few minutes. Please be advised that Custom SSL certificates are renewed/revoked at your concerned Certificate Authority’s end from where it was purchased. You may also see a dialog box prompting you to force HTTPS redirection if you have not forced it through the Cloudways Platform.

Note: If you use any Web Application Firewall (WAF) services such as CloudflareSucuri, etc or if you have already implemented HTTPS redirection through an application plugin, or by modifying the .htaccess  file of your application, you do not need to force HTTPS redirection again from the Cloudways Platform. However, if you want to force HTTPS redirection from the Cloudways Platform, you need to disable any other redirection mechanism already in place. 

laravel banner cta

Choose ENABLE HTTPS or simply skip it by clicking NOT NOW. Please note that you can also force HTTPS redirection later.

Let’s move on to verifying the SSL certificate to make sure the certificate is properly configured.

How to Verify SSL Certificate

We highly recommends that you verify your Laravel SSL certificate, and we have created a self-explanatory guide on the topic. This is an essential step to make sure that common issues that can break the operation of the SSL certificate are resolved. That’s it! You have now deployed a Custom SSL Certificate for your Laravel application.

Why Do I Need An SSL Certificate in Business apps?

SSL is key for any site that offers products or administrations, as it comprehensively ensures that all data transmitted over the web stays private and secure. Because maintaining effective security levels is the need of many commercial web applications. That is why deploying the security protocol of SSL certificate is been highly regarded for all those commercial and business web apps who want to protect their web activity with extensive security measures.

It makes a protected association between a client’s web program and the server of the organization they’re connected with and makes a very secure route for both of these to transmit their data over it. Because it is a known fact that customers largely see the website’s encryption measures first before any other thing, that whether the site is using a secured HTTPS protocol instead of the old conventional HTTP protocol. It builds a sense of reliability in the customers about the website’s security measures and hence builds trust in them about the website’s informational structure.

While according to one latest statistic, not having an SSL certificate installed on your web application, gives a negative impact on your business and clients. Because customers do like to see the protection of the website first with the standard features and not having effective security features will just make them less concerned about the offerings and services of the website.

As indicated by Gartner, 70 percent of customers shopping on the web has wiped out a request since they didn’t put stock in the site because it seemed less protective and looked without any security protocol feature. However, 64 percent of those customers guaranteed that they would have completed the buy if the site had SSL verification set up. So in this way, the idea rightly gets elaborated that customers do look for security protocols in the website, especially on those which are shopping-oriented and are ecommerce stores.

70 percent of customers shopping on the web has wiped out a request since they didn’t put stock in the site because it seemed less protective and looked without any security protocol feature. Source: Gartner

So, let’s look down below at some of the main focal points or advantages of SSL and why Laravel forces HTTPS for your business applications.

  • Encrypts data
  • Business Future Proofing
  • Provides Authentication
  • A fundamental component of payment processing
  • Guards Against Phishing
  • Improves Customer Trust
  • Offers Added Brand Power

The main reason why SSL holds a trusted name in the web world is that it provides a secure and protected way of transmitting the information over the internet, and sends the data in the encrypted form to the desired recipients so that they can receive it safely without any interruption. So web developers are generally responsible for this, as they should always provide their clients with web applications protected with SSL certificates. Because Web developers know more about these security norms and know how to configure SSL certificates on web applications which a normal client doesn’t know how to setup.

So developing a perfect secured application for them is one of the major responsibilities of a Web developer, so that the respective clients can freely transmit their data trusting the security measures of the website. While it also becomes very important because the data you send over the internet is passed from computer to computer, hence making it secured by implementing specific protocols becomes essential to get it delivered safely to the desired server.

Why HTTPS Redirect Is Essential For Your Application

If you are hosting your website using the HTTP protocol, then it is likely that your sensitive information and data over it are unsafe. Because your website travels from different networks all over the world, and HTTP protocol doesn’t guarantee to secure its transmission through those networks. As any malicious attack to your website could comprise your data easily and detrimental alterations could be performed on your website.

Hence to make that connection secure, always use the Laravel HTTPS redirect in your web application, so that it could easily be routed to a much secure protocol of HTTPS from HTTP. HTTPS helps to protect your website from malicious outside attacks and enhances the integrity of your data by providing a secured transmission protocol.

Conclusion

So concluding this article, we have come to the fact that SSL Certificates have become essential for modern web applications to secure their data and confidential information over the internet. And I hope that this article would have helped you a lot in getting a complete idea of how to set up and configure an SSL certificate in your Laravel 8 web application.

Still, if you got any questions and queries regarding setting up an SSL Certificate and its configuration, then you can just leave a comment below and I will answer that accordingly.

Q: Laravel HTTPS route not working?

A: To resolve the Laravel HTTPS route, not working problem, Set AllowOverride to All. Because sometimes it is by default set to None, and hence Apache will ignore every .htaccess file that it finds. Set it to All and your rewrite rules should now work as expected.

<Directory /var/www/gloops/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

Q: How to use HTTPS in Laravel?

A: You can set ‘URL’ => ‘https://youDomain.com’ in config/app.php or You can make it work with a Middleware class. Let me give you an idea.

  1. namespace MyApp\Http\Middleware;
  2. use Closure;
  3. class HttpsProtocol {
  4. public function handle($request, Closure $next)
  5. {
  6. if (!$request->secure() && env('APP_ENV') === 'prod') {
  7. return redirect()->secure($request->getRequestUri());
  8. }
  9. return $next($request);
  10. }
  11. }
  12. Then, apply this middleware to every request adding, setting the rule at Kernel.php file, like so:
  13. protected $middleware = [
  14. 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
  15. 'Illuminate\Cookie\Middleware\EncryptCookies',
  16. 'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
  17. 'Illuminate\Session\Middleware\StartSession',
  18. 'Illuminate\View\Middleware\ShareErrorsFromSession',
  19. // appending custom middleware
  20. 'MyApp\Http\Middleware\HttpsProtocol'
  21. };

Q: How to fix the Laravel SSL connection error?

A: In Laravel, an SSL connection error happens when you are attempting to interface with an SSL-empowered site and your program (customer) can’t make a protected association with the site’s server. Contingent upon the reason for the association blunder, web programs will for the most part show a notice message, for example, “This Connection is Untrusted”, “The webpage’s security authentication isn’t trusted” or “Your Connection isn’t private”.

Q: How to fix the Laravel SSL operation that fails with code?

A: This is because the user doesn’t add the following code in the laravel app. So You should add the below code in /config/mail.php ( tested and worked on laravel 8.0 )

‘stream’ => [
‘ssl’ => [
‘allow_self_signed’ => true,
‘verify_peer’ => false,
‘verify_peer_name’ => false,
],
],

Comments