kylef-fotf's avatar

Forge is setting git remote origin with HTTPS and not SSH

Is this normal? I noticed on some newer servers my origin url uses HTTPS, while previously it's always been SSH.

I'm noticing this now, because none of my servers that are using that HTTPS remote url are deploying. Has Forge changed something recently?

0 likes
7 replies
LaryAI's avatar
LaryAI
AI
23 hours ago
Level 58

Certainly! Here’s a comprehensive solution to the Laracasts question:

Solution:

Yes, it's true that Laravel Forge has recently made a change regarding how it sets up git remotes on new servers.

Previously, Forge would typically set the origin remote using the SSH format, like:

[email protected]:your-username/your-repo.git

However, Forge rolled out an update and now, by default, uses the HTTPS format:

https://github.com/your-username/your-repo.git

Why the Change?

  • SSH keys can be tricky: Some users had trouble setting up SSH keys correctly between the server and git provider (like GitHub/GitLab), often causing deployments to fail.
  • HTTPS is easier: With HTTPS, Forge can use a deployment token (or sometimes just username/password for private repos) for authentication.

Why Are My Deployments Failing?

When the remote URL is set to HTTPS and authentication isn’t set up (like cached credentials, or GitHub deploy tokens), git pull will fail—especially for private repos.

How To Fix

Option 1: Switch Back To SSH

If you prefer the old way, you can switch the remote to SSH like this:

git remote set-url origin [email protected]:your-username/your-repo.git

Make sure your server’s ~/.ssh/id_rsa.pub is added to your repo’s deploy keys on GitHub/GitLab.

Option 2: Fix HTTPS Authentication

If you decide to keep the HTTPS remote:

  1. Use a Personal Access Token: Create a deploy token on GitHub/GitLab.
  2. Set up a .netrc file (in your deploy user’s home directory): 
    machine github.com
login your-github-username
password your-deploy-token
  3. Or, set up Git credentials caching (less secure).

Option 3: Use SSH Deploy Keys (Recommended)

This method is more secure and consistent for automated server environments:

  • Generate a new SSH key on the server: 
    ssh-keygen -t ed25519 -C "[email protected]"
  • Add the public key (~/.ssh/id_ed25519.pub) to your git provider as a deploy key under the repo settings.
  • Switch origin to SSH as in Option 1.

Summary:
Forge’s recent switch to HTTPS remotes by default is normal. It’s up to you whether to use HTTPS (with a token/.netrc) or switch back to SSH (with deploy keys). For most deployments, SSH deploy keys are the more secure and reliable option.

Let me know if you need step-by-step setup instructions!

kylef-fotf's avatar

Where did this information come from? I can't find relevant sections on the Forge docs, and when I use the 'Ask Forge' ai tool, it insists that Forge only uses SSH for remote

Glukinho's avatar

Maybe it would be quicker to ask Forge support directly.

kylef-fotf's avatar

I got through to a support staff and they immediately said my ticket needs to be escalated. So it could be a couple days before I get an answer. I'll post it here if something helpful comes.

laraworks-commerce's avatar

Just click on forge icon to the left of the menu, this will take you to your organisation dahsboard, go to settings, then source control, find your connected account for instance - Gitlab, click on three dots and refresh token. Then try deploying again - No need to thank me, you're welcome

kylef-fotf's avatar

This did not resolve it and the error still happens.

kylef-fotf's avatar

Okay so the solution was to delete the Forge application in the gitlab organization account and then refresh the organization token in Forge.

This is mentioned in the docs, but the way it's written was not clear at all because the steps to fix this are under "Updating source control access and permissions" while "Refreshing tokens" is mentioned separately above it. https://forge.laravel.com/docs/source-control#refreshing-tokens IMO one of these should be a subheading, or just change how this whole thing is written. It's not obvious this is the solution to someone who doesn't understand the problem.

I still don't know why Forge had set the remote origin with an HTTPS url and not SSH. This is not mentioned anywhere, and the Forge AI and docs insist they only use SSH. I also don't understand why suddenly I had to refresh the tokens when I was able to deploy a few days ago, without changing anything to our accounts. There wasn't even an expiration date on the api key I removed and refreshed.

Please or to participate in this conversation.