Pantheon is rolling out free HTTPS to all their websites—great news for the Drupal community since HTTPS is tremendously important, and Pantheon now provides an easy and free alternative to buttoning up your Drupal site with HTTPS.
HTTPS is critical these days. I wrote a series of articles about HTTPS earlier this year, HTTPS Everywhere: Security is Not Just for Banks, HTTPS Everywhere: Quick Start With Cloudflare, and HTTPS Everywhere: Deep Dive Into Making the Switch.
As I noted in those articles, HTTPS is important for the privacy of your site users as well as the security of the site itself. And it's increasingly important in SEO.
Pantheon partnered with Fastly to deliver traffic across their edge cloud platform, and they integrated Let's Encrypt to provide HTTPS free to all sites on their platform. As a result, sites will run even faster, and content will be delivered even closer to users. As they say,"HTTPS on Pantheon is now automatic and free—forever."
All Pantheon sites are now automatically:
- Distributed across 36 global points of presence (POPs)
- Issued HTTPS certificates for free
- Getting an instant 2x boost in performance, at minimum
Pantheon provides details about how to take advantage of the HTTPS change. New sites will be set up on HTTPS automatically. Existing sites may need to make a small change to your DNS configuration and add some configuration to settings.php. Note that existing sites will be rolled out gradually. If you don't see a single "Domains/HTTPS" tab in your dashboard, your site hasn't been updated yet. Contact Pantheon, and they'll take care of it.
In my HTTPS series, I talked about the process of using a free Cloudflare account to add HTTPS to a Drupal site hosted on Pantheon. Any site set up as described in that article is ready for the Pantheon change, and will not need to make changes to DNS and settings.php file. They should have been configured correctly as a part of setting the site up to use Cloudflare. The only change needed to switch from Cloudflare to using Pantheon's CDN is to go to the "DNS" page on Cloudflare and toggle the orange cloud icon, so it is gray instead of orange. That will indicate that Cloudflare is no longer providing the proxy service, only DNS.
I tried this out on my own Pantheon site. I had set it up using Cloudflare's free SSL option. Since I already made the necessary DNS changes as a part of that change, the switch to Pantheon's new CDN was seamless. I only had to contact them to tell them I was ready to switch, wait for the changes to propagate, go to Cloudflare and toggle their CDN off, and a few minutes later I could see that my site was serving HTTPS using the Pantheon certificate. After this change, Cloudflare is still providing my DNS services, but not my SSL certificate.
I commend Pantheon for adding free HTTPS to their platform!