How to switch from HTTP to HTTPS?

As you know Google is pushing hard for HTTPS everywhere so that the web is a safer place and being more secure is always important. With the performance benefits you get from HTTP/2, there has never been a better time to thinking about moving your site to HTTPS; not to mention the additional security and SEO advantages. Follow our guide below on how to migrate your site from HTTP to HTTPS, and be in Google’s good book:

First of all, buy and activate an SSL certificate if you haven’t already.
You’ll find trusted SSL certificates at Hostripples at cheapest prices, or you can use Let’s Encrypt.
You can use Let’s Encrypt to obtain a free SSL certificate. Hostripples offers Let’s Encrypt SSL certificates which can be installed on as many websites as you wish in your Hostripples hosting account.

Here are some easy to follow guides on how to install your SSL Certificate on your web server. Depending on what software you are running the steps can vary. (these are an example of installing a Comodo Positive SSL cert)
Install SSL Certificate for Apache
Install SSL Certificate for NGINX
Install SSL Certificate for Microsoft IIS 7.x – 8.x
Install SSL Certificate WHM / cPanel

Prepare a list of URLs, mapping them from the current HTTP structure to corresponding locations on the HTTPS website.
If you have a secure certificate (SSL) on your website, you can automatically redirect visitors to the secured (HTTPS) version of your website to make sure their information is protected.
Linux & cPanel
Linux-based accounts use .htaccess files to handle redirection.
If you need to create a .htaccess file, you can use your control panel’s file manager.
Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:
```
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
```
If you have an existing .htaccess file:
- Do not duplicate RewriteEngine On.
- Make sure the lines beginning RewriteCond and RewriteRule immediately follow the already-existing RewriteEngine On.
Windows & Plesk
Windows-based accounts use web.config files to handle redirection.
If you need to create a web.config file, you can use your control panel’s file manager.
Using the following code in your web.config file automatically redirects visitors to the HTTPS version of your site:
```
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
```
If you have an existing web.config file:
- Ensure you have sections (i.e. opening and closing tags) for:
- webServer (which contains rewrite)
- rewrite (which contains rules)
- rules (which contains one or more rule sections)
Insert any of those sections that do not exist.
- Insert the entire rule section, including match, conditions, and action, inside the rules section.
```
 You're inserting the rule (without an 's') inside the rules (with an 's') section.
```
Replace HTTP URLs with HTTPS in all internal website links, images, JavaScript, CSS and other elements. All internal links should begin using HTTPS by default.
You will want to update any custom scripts you may have included so that they point to the HTTPS versions.
For example, if you are using Google’s hosted jQuery library you will want to make sure you update it to their HTTPS CDN.

https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

Also, scan your website for any non-secure content.Investigate and verify that all external scripts and images work well with HTTPS. If they don’t, it might be a good idea to download such files to your server to guarantee HTTPS access to them.

Once your HTTPS mapping is ready, set up 301 redirects on your server from the old HTTP URLs to the new HTTPS URLs, as indicated in your mapping. Alternatively, you may implement this within the .htaccess if your website is hosted on a server running Apache, or with the appropriate tool on your server. Also, if your site is created with any programming language, developers may implement the same redirection within the site’s code.
Adding 301 redirects is probably one of the most important steps in an HTTP to HTTPS migration. If you don’t implement 301 redirects you could seriously hurt your SEO rankings and your site could completely drop out of SERPs overnight.
It doesn’t matter what platform your website is using, we don’t recommend using a plugin for a bulk migration like this. It is much simpler to implement 301 redirects at the server level, especially if you are dealing with hundreds of URLs.
NGINX
Add the following to your Nginx config.
```
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}
```
Apache

Add the following to your .htaccess file.
```
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```

Ensure that all “rel=canonical” tags within your HTML point to HTTPS pages.

Update robots.txt and sitemap.xml with corresponding HTTPS links.

Update your website URL in social networks, Google Analytics, and any other tracking tools.

Create a new HTTPS entity in Google Webmaster Tools. Remember that Google Webmaster Tools treats HTTP and HTTPS websites as two different entities in WMT.
Sitemaps
Sitemaps aren’t required for Google to crawl your site, but they can be useful if you are trying to debug indexing issues or verifying if your images are indexing. If you use them, you will need to resubmit the HTTPS version in your new Google Search Console profile.
Fetch
We then recommend doing a fetch and crawl on your new HTTPs site just to get things moving a little faster. In some migrations to HTTPS it takes weeks for Google re-crawl everything correctly.
1. Submit your homepage by clicking on “Fetch” and then click on “Submit to index.”
2. Then choose “Crawl this URL and its direct links.” If you have some very important pages too that might not be connected to your homepage you could also submit them individually for re-crawling.

Try to update valuable external links on websites linking to your content.

SEO: Resubmit Your Disavow File
This is a step a lot of people forget. If you have ever suffered from negative SEO or have needed to remove a backlink, then you probably created and submitted a disavow file. Because you created a new Google search console, this requires that you resubmit your disavow file under the new profile. If you don’t, the next time an algorithm update comes along, you could be facing serious troubles as Google will not see your disavow file.So head over to the Google Disavow tool under your original Google Search Console profile (HTTP) and download your disavow file.Then launch the disavow tool again under your new HTTPS site and resubmit your file.
- Make sure Google can index and serve your content under your new URLs.
- Monitor the HTTPS website daily with Google Webmaster Tools and Google Analytics to find any issues Google may be having.

Keep in mind that switching from HTTP to HTTPS may cause fluctuations in traffic and rankings, as a 301 redirect passes between 90-99% of the link juice. The loss of external links that point to your old HTTP version may also cause a temporary decrease in traffic and rankings.

But your site is now much more secure and logins will no longer be passed in plain text.

Do you have any other HTTP to HTTPS migration tips? If so we would love to hear about them below.