Just in case you’re lost, here’s our previous article addressing the difference between the two and why you should switch to HTTPS. As we mentioned in that article, switching to HTTPS brings about extra security and ranking advantages as well. If you are not a web developer, switching from HTTP to HTTPS can be overwhelming with all the technical steps involved. But no worries, in today’s article, we plan to make the process a little less complicated by giving you a step-by-step guide!
Step 1: Select a SSL certificate
What’s SSL? Fortunately, you do not need to understand how SSL really works. What you need to know is in order for your site to use HTTPS, you need to install a SSL certificate.
There are 3 types of SSL certificate – Domain Validation, Organization Validation and Extended Validation (Figure 1).Depending on your needs, you will require a different type of SSL certificate.
Domain Validation (DV)
This is the most basic and also the cheapest out of the 3 types. It is not for sites where security is a big concern since DV only takes care of encryption (out of the 3 kinds of protection that HTTPS provides). Additionally, the legitimacy of the business cannot be validated for sites using DV certificates. Therefore, they are usually only recommended for internal or non-e-commerce sites.
Organization Validation (OV)
In terms of price, OV is the mid-range of the batch. It is available in 128-, 256- and 2048-bit encryption (we’ll touch more about this later). This type of certificate is more trusted as compared to DV. They contain business information that verifies that the site is owned by a registered business entity. Thus, OV is typically used for e-commerce sites and sites that collect personal information.
Extended Validation (EV)
This is the most expensive certificate of the lot and takes the longest to be issued. Why? Because it provides the best security. EV exists in 2048-bit encryption, which is what Google recommends for enabling HTTPS. Due to the security it provides, EV is generally used by sites where security is of utmost importance such as banks and large e-commerce sites.
Fun Fact: According to estimations, it will take a little over 6.4 quadrillion years to break a 2048-bit SSL certificate. That’s crazy!
The procedure to install each SSL certificate differs, so for convenience’s sake, it is recommended to first look into what your hosting company provides.
Step 2: Redirect your HTTP pages to HTTPS pages
The two URLs above may seem identical, however, the additional “s” means they are considered two completely separate URLs. To direct your visitors and Google to the correct pages, you need to first create new HTTPS pages for all your old HTTP pages. Then, redirect the old pages to the new pages. We talked about redirects in this article about site migration, so check it out for more details!
Step 3: Update your internal links, images and other resources
Just like the link to our previous article on site migration, you are likely to have multiple internal links within your site to aid visitors in navigation. Make sure that those internal links are changed to the new HTTPS pages. This is needed if you have been using absolute URLs. However, if you have been using relative URLs, there is no need for any changes.
Absolute URL: <a href=“http://www.example.com/aboutus”>Link</a>
Relative URL: <a href=“/aboutus”>Link</a>
With the relative URL, the same link will direct to the right page regardless of whether it is HTTP or HTTPS. Although this may sound like relative URLs provide much convenience, there are some drawbacks to using relative URLs. Hence, they are only suitable for use when the site is in its testing environment.
Remember to do the same thing for your images and other resources such as stylesheets and scripts.
Tool to use: To prevent missing out any of the links, use a tool such as Screaming Frog to check that all the internal, external links and images are all HTTPS.
Step 4: Re-add your site to Google Search Console
By the time you reach this step, you are probably experiencing some information overload so let’s keep the last step short and sweet!
1) Re-add your HTTPS site to Google Search Console as it is considered an entirely different site (Figure 2).
2) Submit a new sitemap for your new HTTPS site to inform Google to start going through your pages and including them in their database.
3) Re-submit your sitemap for your old HTTP site so Google can see all the 301 redirects and update their database accordingly.
Technical SEO may be quite complex and troublesome but it is definitely needed. Things not working out right even after following the steps above? If you are having problems, how about contacting an SEO consultant for help? We know of a pretty good one (wink).