You may be wondering why we even needed to write an entire article about migrating to HTTPS. Its seems like such a trivial task, buying an SSL Certificate and setting it up on your web hosting dashboard.
But that’s just the tip of the iceberg. Migrating your website to HTTPS can become a nightmare if you don’t plan it properly. This is more correct if you have an already established website with a lot of visitors, especially regular ones.
So why do you need to migrate in the first place? Let’s find out.
Why should you migrate to HTTPS?
HTTPS offers many benefits with the most important being the added security it offers. Your users may be submitting anything from their personal data to credit card details. So HTTPS is important for instilling trust as well.
HTTPS offers performance benefits in terms of up to 5 times faster page load speeds as it uses protocols that are much faster than HTTP.
SEO ranking improvements should be one of the most motivating reasons for you to migrate to HTTPS. Google regularly hints about the benefits of migrating to HTTPS and for good reason. While having HTTPS is still only a lightweight SEO ranking factor, the performance benefits and priority ranking for HTTPS pages should definitely motivate you to migrate.
What type of Certificate should you get?
The main concern is whether you should get a free or paid SSL Certificate. They all perform the same basic function – they encrypt the data being transmitted from your users to your web server and validate your domain (Domain Validation).
An SSL Certificate does much more, for example, it can display some of your organization details to your users to make them more comfortable submitting their data. This is called Organization Validation. If you accept payments, you’re better off with Extended Validation as well.
The certificate you will need to get will depend on your business model. So we definitely recommend that you read our article about Free and Paid SSL Certificates before you buy your SSL Certificate.
Migrating your website to HTTPS
Now that we have discussed why you need to migrate to HTTPS and decided on the type of SSL Certificate to get, let’s get down to actually migrating your site.
These steps are meant to protect your site from any unexpected problems during the migration and they are extra important if you already have a busy website.
Let’s start with a full sweep of all your SEO ranking dashboards, with special care for all the keywords that your website ranks for. At least a week’s worth of data will give you a good base to compare with post-migration. This will highlight any irregularities.
The next and most important step is to have one or more full backups of your website. If you use a plugin that automatically backups your site, this process will be much easier. We recommend you make an offline copy to be safe. This is essential if your backup tool only retains your backups for a limited time.
There’s no way to see if something works without actually doing it. So if you have a large and dynamic site, a staging environment is definitely important. The trouble of setting up another environment, if you don’t already have one, can be insignificant compared to the benefits it can bring. You can always get a free SSL Certificate for this purpose as it just needs to provide Domain Validation.
There you go, now to the actual migration.
Setting up your SSL Certificate
Generating a Certificate Signing Request (CSR)
Creating a Certificate Signing Request from your hosting provider will be the first step. This is the standard way to provide the public encryption key used by your server, to the SSL issuing authority.
Obtaining your SSL/TLS Certificate
Many hosting providers offer a free SSL certificate, if not you will need to choose an SSL Certificate and make the necessary payments as required. SSL Certificates usually take from a few hours to 10 days to be issued depending on the level of validation you require.
Installing your SSL/TLS Certificate
Once the certificate is ready, it will be emailed to you and will be available on the admin console provided to you by your vendor. The exact process of setting up your SSL Certificate will depend on your hosting provider, but many hosts will provide online support or even set up the certificate for you.
This is where the real work starts and this is the most important part of the migration – making sure that everything happened smoothly.
- Checking that all the internal links on your website return a 200 status code and converting them to HTTPS is where you should start. This will not only mean that your users will be able to visit internal links without any redirects or missing page errors, but it will also improve your SEO ranks. This change should extend to your robots.txt file as well.
- Mixed links are bad, while you may not be able to take care of all of them, changing external links to HTTPS where possible is another important step in this process. You may have to look at other options for non-HTTPS links to make sure your site is clean. If you use plugins to display social media counts, you will need to configure them to your new links. These plugins usually handle the migration and keep track of your historical data.
- Setting up a permanent 301 redirect for all of your HTTP links is another wise move. This will help both users, and more importantly, search engine bots to find the new HTTPS pages and clean up your SEO rankings. If you are on WordPress, there are many tools that can help you with changing your pages to HTTPS and adding permanent redirects, but a manual audit is always recommended.
- Synchronizing your CDN, if you use one is another important step to ensure your page loading times become even faster. Your CDN may support a shared SSL or have its own certificate. Setting the default/origin URL on the CDN is another step you shouldn’t miss.
- You may also need to update other systems and applications such as email servers with the new HTTPS links. These will depend on your individual website setup.
- Last, but not least, set the default URLs to HTTPS in your Google Analytics and Search Consoles. Update the URL of your sitemap and perform a fetch to move things forward on Google. This will ensure that your metrics are accurate and will give you a better view of the performance of your website post-migration. You should also look at any email or PPC marketing URLs that you have published. While you can change them to HTTPS, it’s still important to set up redirects so that static links continue to work.
That’s about it. There may be more that you can do to verify that your website works perfectly after the migration, but these are the minimum steps that you should follow.
You can learn more about SSL Certificates in our other article and read about all things hosting related to HostingReview.