Follow the steps below on how to redirect HTTP
to HTTPS for your site. Some of the steps use WordPress and KeyCDN as examples.
1. Buying an SSL certificate or using Let's Encrypt
To begin, you will need an SSL certificate.
SSL certificates are small data files which bind a key to a specific
organization's details. When installed it activates the HTTPS protocol,
allowing secure connections between a web browser and the server. There are a
number of SSL certificate vendors you can choose from. We recommend vendors
like:
You can easily purchase a Comodo Positive SSL cert for
less than $9 a year.
Types of certs
There are three primary types of certificates:
Trust indicators
There are two types of visible trust
indicators you can choose from with an SSL cert. The first is
extended/organization validation which shows your company's name in the address
bar. These certificates are more expensive. The second and most common is the
standard domain validation, which simply shows the green padlock in the address
bar.
See our tutorial on how
to order an SSL certificate with
GoGetSSL.
You can also use Let's Encrypt to obtain a
free SSL certificate. One easy way to do this is to use Certbot.
Certbot is an easy to use automatic client that fetches and deploys SSL/TLS
certificates for your webserver. Certbot was developed by EFF and others as a
client for Let's Encrypt and was previously known as "the official Let's
Encrypt client."
2.
Installing your SSL certificate
Here are some easy to follow guides on how to install your
SSL Certificate on your web server. Depending on what software you are running
the steps can vary. (these are an example of installing a Comodo Postive SSL
cert)
If you are deploying Let's Encrypt with Certbot you can
choose which type of webserver you are using on their website and the operating
system you are running. They have extensive documentation. You can then pick "advanced" if you want less
automation and more control. Here are just a couple quick links to some popular
setups.
Checking
your certificate
Once you have installed your certificate you will want to
check to see if there are any issues with it. The following tools can be very
helpful.
Update any hard coded links or blocking rules you might have
in your robots.txt that might still be pointing to HTTP directories or
files.
3.
Install SSL certificate on CDN
You have three options when it comes to your CDN. Most
providers have a shared SSL option as well as custom SSL. KeyCDN also has a
Let's Encrypt integration. If you're not familiar with Custom SSL (and the
difference to Shared SSL), check out this
guide. In the following examples we are
using KeyCDN.
KeyCDN offers shared SSL completely free to its customers.
This allows content delivered over HTTPS using your Zone URL. Follow our
tutorial on how
to setup shared SSL.
Enable
free custom SSL with Let's Encrypt
KeyCDN now has an integration with Let's Encrypt that allows
you to enable SSL for free on a custom Zone Alias. Follow our tutorial on how
to use Let's Encrypt with KeyCDN.
Let's Encrypt only supports domain validation
certificates, which means you will get a green padlock in your address bar.
They have no plans at
the moment to offer organization validation or extended validation certificates
because these require human interaction and some form of payment.
Enable
custom SSL - Install certificate
If you are enabling custom SSL you will need your own
certificate, separate from the one you bought for your main domain. You can
easily purchase another Comodo Positive SSL cert for less than $9 a year. See
Step 1 for more information about buying an SSL certificate.
Then follow our complete guide on how
to setup custom SSL on KeyCDN.
4.
Update Origin URL on CDN
We also need to make sure to update your Origin URL. From
the KeyCDN dashboard, go to your Zone settings and update the Origin
URL setting from http:// to https://.
5.
Update all hardcoded CDN links to HTTPS
Now just like we did with your domain links we also need to
update any hardcoded CDN links you might have. In this example, we are using
the tool from Step 3 again in WordPress.
Make sure after you are done with the search and replace script to remove it! You can do so by clicking on the "Delete Me" button or remove it manually via FTP from your server.
6.
SEO: Google Search Console, sitemaps, fetch
Now that your site is running on HTTPS you need to create a new Google Search Console profile. Simply click on "Add a Property" and continue with the claiming process.Sitemaps
Sitemaps aren't required for Google to crawl your site, but
they can be useful if you are trying to debug indexing issues or verifying
if your images are indexing. If you use
them, you will need to resubmit the HTTPS version in your new Google Search
Console profile.
For Yandex Webmaster Tools you will need to copy the same
steps as we did for Google. For Bing
Webmaster Tools you don't need to create a new
profile, simply resubmit your HTTPS sitemaps.
Fetch
We then recommend doing a fetch
and crawl on your new HTTPS site just to
get things moving a little faster. In some migrations to HTTPS it take weeks
for Google recrawl everything correctly.
7.
SEO: Resubmit your disavow file
This is a step a lot of people forget. If you have ever
suffered from negative SEO or have needed to remove a backlink, then you
probably created and submitted a disavow file.
Because you created a new Google search console profile in step 11, this requires
that you resubmit your disavow file under the new profile. If you
don't, the next time an algorithm update comes along, you could be facing
serious troubles as Google will not see your disavow file.
So head over to the Google Disavow tool under
your original Google Search Console profile (HTTP) and download your disavow
file.
Then launch the disavow tool again
under your new HTTPS site and resubmit your file.
Make sure you see the confirmation message.
8.
Update your Google Analytics profile URL
Then you need to update your Google Analytics Website's URL.
So under your account click into Admin and then your view settings. Then flip
the URL to the HTTPS version. Do the same for your Property Settings as well.
This way you don't lose any history and can pick up right where you left off.
9.
Misc updates
Here are a some additional miscellaneous updates you will
also want to make after migrating from HTTP to HTTPS.
The Google search team also just recently published answers
to 13 FAQs when it comes to HTTPS migrations.
Summary
As you can see there is a lot that goes into an HTTP to
HTTPS migration, but if you followed our guide above you should be in a good
place going forward and can now benefit from both the increased performance of
HTTP/2 and take advantage of the extra SEO ranking factor. Not to mention your
site is now much more secure and logins will no longer be passed in plain text.