How Can I Switch to HTTPS URL After Installing to HTTP?

Follow the steps below on how to redirect HTTP to HTTPS for your site. Some of the steps use WordPress and KeyCDN as examples.

1. Buying an SSL certificate or using Let's Encrypt

To begin, you will need an SSL certificate. SSL certificates are small data files which bind a key to a specific organization's details. When installed it activates the HTTPS protocol, allowing secure connections between a web browser and the server. There are a number of SSL certificate vendors you can choose from. We recommend vendors like:

You can easily purchase a Comodo Positive SSL cert for less than $9 a year.

Types of certs

There are three primary types of certificates:

  1. Domain Validation: Single domain or subdomain, no paperwork (just email validation), cheap, issued within minutes.
  2. Business/Organization Validation: Single domain or subdomain, requires business verification which provides higher level of security/trust, issued within 1-3 days.
  3. Extended Validation: Single domain or subdomain, requires business verification which provides higher level of security/trust, issued within 2-7 days. Green address bar.

Trust indicators

There are two types of visible trust indicators you can choose from with an SSL cert. The first is extended/organization validation which shows your company's name in the address bar. These certificates are more expensive. The second and most common is the standard domain validation, which simply shows the green padlock in the address bar.

 

See our tutorial on how to order an SSL certificate with GoGetSSL.

You can also use Let's Encrypt to obtain a free SSL certificate. One easy way to do this is to use Certbot. Certbot is an easy to use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let's Encrypt and was previously known as "the official Let's Encrypt client."

 

2. Installing your SSL certificate

Here are some easy to follow guides on how to install your SSL Certificate on your web server. Depending on what software you are running the steps can vary. (these are an example of installing a Comodo Postive SSL cert)

If you are deploying Let's Encrypt with Certbot you can choose which type of webserver you are using on their website and the operating system you are running. They have extensive documentation. You can then pick "advanced" if you want less automation and more control. Here are just a couple quick links to some popular setups.

Checking your certificate

Once you have installed your certificate you will want to check to see if there are any issues with it. The following tools can be very helpful.

 

  • SSL Labs Server Test
  • Certificate Checker (developed by KeyCDN). Update your robots.txt file

    Update any hard coded links or blocking rules you might have in your robots.txt that might still be pointing to HTTP directories or files.

    3. Install SSL certificate on CDN

    You have three options when it comes to your CDN. Most providers have a shared SSL option as well as custom SSL. KeyCDN also has a Let's Encrypt integration. If you're not familiar with Custom SSL (and the difference to Shared SSL), check out this guide. In the following examples we are using KeyCDN.Enable shared SSL

    KeyCDN offers shared SSL completely free to its customers. This allows content delivered over HTTPS using your Zone URL. Follow our tutorial on how to setup shared SSL.

    Enable free custom SSL with Let's Encrypt

    KeyCDN now has an integration with Let's Encrypt that allows you to enable SSL for free on a custom Zone Alias. Follow our tutorial on how to use Let's Encrypt with KeyCDN.

    Let's Encrypt only supports domain validation certificates, which means you will get a green padlock in your address bar.

     

    They have no plans at the moment to offer organization validation or extended validation certificates because these require human interaction and some form of payment.

     

    Enable custom SSL - Install certificate

    If you are enabling custom SSL you will need your own certificate, separate from the one you bought for your main domain. You can easily purchase another Comodo Positive SSL cert for less than $9 a year. See Step 1 for more information about buying an SSL certificate.

    Then follow our complete guide on how to setup custom SSL on KeyCDN.

    4. Update Origin URL on CDN

    We also need to make sure to update your Origin URL. From the KeyCDN dashboard, go to your Zone settings and update the Origin URL setting from http:// to https://.

    5. Update all hardcoded CDN links to HTTPS

    Now just like we did with your domain links we also need to update any hardcoded CDN links you might have. In this example, we are using the tool from Step 3 again in WordPress.

     

    Make sure after you are done with the search and replace script to remove it! You can do so by clicking on the "Delete Me" button or remove it manually via FTP from your server.

    6. SEO: Google Search Console, sitemaps, fetch

    Now that your site is running on HTTPS you need to create a new Google Search Console profile. Simply click on "Add a Property" and continue with the claiming process.Sitemaps

    Sitemaps aren't required for Google to crawl your site, but they can be useful if you are trying to debug indexing issues or verifying if your images are indexing. If you use them, you will need to resubmit the HTTPS version in your new Google Search Console profile.

     

    For Yandex Webmaster Tools you will need to copy the same steps as we did for Google. For Bing Webmaster Tools you don't need to create a new profile, simply resubmit your HTTPS sitemaps.

    Fetch

    We then recommend doing a fetch and crawl on your new HTTPS site just to get things moving a little faster. In some migrations to HTTPS it take weeks for Google recrawl everything correctly.

    1. Submit your homepage by clicking on "Fetch" and then click on "Submit to index."
    2. Then choose "Crawl this URL and its direct links." If you have some very important pages too that might not be connected to your homepage you could also submit them individually for recrawling.

    7. SEO: Resubmit your disavow file

    This is a step a lot of people forget. If you have ever suffered from negative SEO or have needed to remove a backlink, then you probably created and submitted a disavow file. Because you created a new Google search console profile in step 11, this requires that you resubmit your disavow file under the new profile. If you don't, the next time an algorithm update comes along, you could be facing serious troubles as Google will not see your disavow file.

    So head over to the Google Disavow tool under your original Google Search Console profile (HTTP) and download your disavow file.

    Then launch the disavow tool again under your new HTTPS site and resubmit your file.

     

    Make sure you see the confirmation message.

     

    8. Update your Google Analytics profile URL

    Then you need to update your Google Analytics Website's URL. So under your account click into Admin and then your view settings. Then flip the URL to the HTTPS version. Do the same for your Property Settings as well. This way you don't lose any history and can pick up right where you left off.

    9. Misc updates

    Here are a some additional miscellaneous updates you will also want to make after migrating from HTTP to HTTPS.

    • Update your canonical tags to point to the HTTPS version. If you used the tool for WordPress like in our example in Step 3 the canonical tags would have been updated. If you are on a different platform make sure these get updated.
    • Update third party PPC URLs (e.g. AdWords, Bing Ads, and Facebook Ads)
    • Update Email Marketing Software URLs (e.g. MailChimp, Aweber, and GetResponse)
    • Update social media links to your site (e.g. Facebook, Twitter, and LinkedIn)
    • Update all external links and backlinks as much as possible.
    • Migrate social share counts

    The Google search team also just recently published answers to 13 FAQs when it comes to HTTPS migrations.

    Summary

    As you can see there is a lot that goes into an HTTP to HTTPS migration, but if you followed our guide above you should be in a good place going forward and can now benefit from both the increased performance of HTTP/2 and take advantage of the extra SEO ranking factor. Not to mention your site is now much more secure and logins will no longer be passed in plain text.