Submit your project
Get a free quote
How to convert HTTP to HTTPS, The Comprehensive Guide
An announcement from Google in early February of 2018 explained that Chrome will implement a change in HTTP sites from the standard to a not secure status.
Any HTTP website will have this warning about an unsecure site. In 2014, Google announced that the use of HTTPS browsing is a ranking factor for search results in the company’s search engine.
As the HTTPS in the browser is a higher form of security, it remains worth the migration for all users. It is important to follow this guide for the websites that have not currently moved to the more secure form of browsing.
1. The Security Certificate through SSL
A secure socket layer is a certificate that binds a key to the details of the organization or website. Through installation, it then activates the HTTPS protocol which ensures the interactions and connections between the browser and server are secure.
These SSL certificates require purchases, such as vendors of GoGetSSL and SSLs.com. These range in prices and layers of security through a 128-bit and 256-bit encryption.
There are three primary versions of these certificates.
- The first is domain validation, which is a single domain or subdomain that is easy to use and cheaper than most.
- The second is the business or organization validation, which is also a single domain or subdomain. However, it requires a higher level of security that needs one to three days to issue.
- The third version is the extended validation, which has even higher security issued within two to seven days.
2. Using Let’s Encrypt
Let’s Encrypt also provides an SSL certificate, but it is free. It is possible to acquire it through Cerbot which is easy with an automatic client that deploys the SSL for the web server.
3. Connecting the SSL Certificate
The installation is easier through a guide. The following can assist with these steps:
- Install SSL with Apache
- NGINX SSL Certificate Install
- Microsoft IIS SSL Certificate Install
- SSL Install for WHM or Cpanel
Choosing a web server is possible through Let’s Encrypt. The following guides may assist with these steps:
4. Hard-coded Links Update to HTTPS
To ensure that images, scripts and other resources are in sync, the content will need a hard-coded link to the HTTPS. rather than a mix of both HTTP for some content and HTTPS for other data.
Manual configuration and testing of external resources, plugins on the page and CDNs are necessary to ensure correct functionality.
Backing up the database is usually an important first step. This is possible by placing the program into the root of the FTP site. Then, you must insert the changes along with noting all changes from previous modifications. The live run will show these changes.
Https migration for Wordpress
One of the perks of using Wordpress is that there are plenty of SSL plugins that can make the process much easier.For those that do not want to make changes to the database, there is a simple SSL plugin for converting Wordpress websites to https that you can use instead.
5. Custom JS and AJAX Libraries HTTPS Update
Updating custom scripts is the next step to point fully moving to HTTPS. This should include third party scripts. It should also avoid any mixed content warnings.
Using other libraries such as the jQuery will also require an update for HTTPS.
There is an SSL Check tool through JitBit that can help in scanning any non-secure content that could cause a mixed warning.
6. 301 Redirects with the New HTTPS Address
The 301 redirect is a permanent change to pass the ranking power to the new page. Without this, the SEO rankings could suffer. It is better to use this redirect at the server level to ensure optimal results.
If the pages use WordPress or Magento, this is an automatic action through the admin panel. If using other access, the update is through .htaccess or the webconfig files.
A rule redirect needs to point to HTTPS as the destination to prevent separate rules for HTTPS and www prefixes.
The Nginx config needs the following changes:
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}
Apache with the.htaccess file needs these changes:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The HTTP Strict Transport Security or HSTS can help prevent problems from hackers attempting to force an unsecure version of the site, and it is a web server directive to load resources through the HTTPS. You can add the necessary code to the .htaccess or webconfig file.
7. Update Robots.txt File
Similar to the .htaccess, the robot.txt needs an update through hard-coded lines or any specific blocking rules for the redirect from HTTP to HTTPS.
XML sitemaps, canonical tags, HREF LANG and even sitemap references in this text document need updates for the HTTPS redirect. Without this, Googlebot will not see the site content you want.
8. Install CDN SSL Certificate
CDN SSL certificate install has three options. These are the shared SSL, the custom SSL and the Let’s Encrypt integration.
Custom SSL has a specific guide here. This process requires using a separate SSL and setting up a custom SSL for CDN. This process can be completed using the guide here.
Shared SSL has several steps. First, you click zones in the KeyCDN on the dashboard, then manage and edit. The next option is show advanced features. Here, under SSL enable shared you will find the wildcard certificate to enable for the zone: https://*.kxcdn.com. Under Force SSL, it should say enable. This is a 301 permanent move to redirect for SEO.
Let’s Encrypt has a guide here that you could use to help with this process.
9. Origin URL on CDN Update and OCSP
The original URL address will need an update. This happens on the CDN through the zones area of the KeyCDN dashboard, then manage and edit. This is a pull zone and requires an update from the HTTP to HTTPS and then save.
The online certificate status protocol or OCSP is an improvement on the certificate revocation list or CRL. The OCSP overcomes inefficient CRL issues and will query the certificate and give a grace period if this certificate expires.
10. Permit the HTTP/2 Provision on CDN
In the KeyCDN dashboard, click “zones,” “manage” and then “edit.” The “show advanced features” must be selected next. Finally, select “enable” and “save” to update the zone to HTTP/2.
The HTTP/2 is an increase in performance and can process multiple requests concurrently. This protocol governs the way messages format and submit among both servers and browsers.
11. Search Engine Optimization in the Fetch, Google Search Console and Sitemaps
With the HTTPS working, a Google Search Console or GSC profile is necessary. Click on “add a property” and continue.
Sitemaps are helpful with debugging indexing problems as well as in verifying images that are indexed. These require a resubmit of the HTTPS version of the GSC profile. Yandex Webmaster Tools use these steps, but Bing Webmaster Tools only need a resubmit of the sitemaps.
A fetch and crawl may help move things along quicker. Click on “fetch” and then submit to index. The next option is to crawl this URL and its direct links. If anything is not currently connected, a new submit will recrawl the content.
12. Disavow File Resubmit
A negative SEO experience happens through a disavow filed, created and submitted. With the new GSC profile, the disavow file needs resubmitting. In the Google Disavow tool, you can download the original disavow file in the original GSC profile with HTTP.
You then launch the disavow tool once again through the HTTPS site and the file needs resubmitting. It should show a disavow confirmation message.
13. Google Analytics Profile
The URL with the Google Analytics Website also needs an update through your account. Click on “admin,” and then view settings in the account. The URL needs flipping to the HTTPS form. This is also necessary for Property Settings.
14. Miscellaneous Updates
The last updates usually involve social media accounts such as Facebook and Twitter, email providers and applications on the website. It is better to use a test environment to discover any bugs and issues. The following updates may be necessary:
- Canonical tags should point to the HTTPS type for those that do not use WordPress.
- Updates to third-party pay-per-click such as AdWords, Facebook advertisements and Bing Ads.
- Updates are necessary for Email Marketing Software such as Aweber and Mailchimp
- External links and even backlinks need updates, and social share accounts need migrations.
- Update all external links and backlinks as much as possible.
- External links and even backlinks need updates, and social share accounts need migrations.
- Update all external links and backlinks as much as possible.
Conclusion
By following the steps in the guide, you can convert HTTP to HTTPS in a way that benefits your site. It should help with SEO ranking factors, improve performance through HTTP/2 and increase security on the site significantly. It is important to test out all changes before integrating them to increase the possibility of this migration working with less difficulty. This will help you discover the risks, potential problems and ways to fix them before deployment of the website in HTTPS.