How to migrate a site from http to https and SSL?

  

5
Início do tópico

I need to install SSL certificate and use https on my site. Please help me with tutorial how to do it. Here is an image of what I mean:

image of ssl certificate in the browser window

I need the same green padlock! Moreover, SSL and secure connections are trendy nowadays and there are even rumors that Google is loving them by giving more SEO privileges to sites with encrypted connections.

The process of migration seems to be hard for me and I need a tutorial how to do it properly. Step-by-step please! Thanks!

3 Respostas
4

It is not that hard my friend - you just need to get used to the whole process - but usually for not that big sites it takes around one day to do all the steps;

Firstly, I need to mention that you need to be patient because sometimes the green padlock sticks to the yellow color and you might get confused.

5 (just five!) steps to install SSL and have https on your site:

1st STEP: Buy your SSL certificate

You can buy the certificate from your hosting provider. I, personally, use Hostgator and for Business accounts there is free SSL certificate (Comodo Positive SSL) 🙂 In my opinion, the best way is to buy SSL from your hosting provider - because they will install it for you for free and you will avoid some hassle.

Also, you can buy 3rd party SSL certificate for less money from:

https://www.namecheap.com/security/ssl-certificates.aspx

Here is even cheaper SSL online store here:

https://www.gogetssl.com/

You can also search online for other places which sell SSL certificates - BUT be aware of cheap ones - from Chinese sites for example;

The certificate I am using is the Positive SSL from Comodo with 256 bits of encryption: it is $9 per year if you buy it from NameCheap.

After the purchase of the SSL you will need to install it on your domain name. The big hosting providers are willing to install them for a small price. For example: to install 3rd party SSL, Hostgator is asking $10.

If you order your SSL from your hosting provider the whole process will take up to 12 hours and if they install the 3rd party SSL certificate it can take up to 72 hours. You can check whether the certificate is installed in your site’s Cpanel or your billing/profile/account page.

For Hostgator hosting users here is more useful information:

http://support.hostgator.com/articles/how-do-i-purchase-an-ssl-and-what-type-is-it

http://support.hostgator.com/articles/ssl-certificates/ssl-setup-use/i-have-purchased-a-ssl-from-you-now-how-do-i-use-it

2nd STEP: The migration

2.1. Check your code and if you have images like this in the code:

<img src="http://yoursite.com/images/image.jpg"/>

Simply change the path from http:// to just //:

<img src="//yoursite.com/images/image.jpg"/>

2.2. Check your CCS paths as well and also change their path - from full to relative.

2.3. After the installation of the SSL on your domain you will need to change your site's name from http://yoursite.com to https://yoursite.com. If you are using WordPress CMS you can do this in the Dashboard >> Settings >> General.

2.4. For WordPress there are many plugins which might be helpful for migrating from http to https. BUT the best one in my opinion is this: https://ithemes.com/security/ it is a bit pricy BUT with one click of a button you can redirect all your images and styles to the https version.

It will also give you an opportunity to use the https version in your wp-admin area. It will add 2 lines of code in the wp-config.php file and will force the migration of http to https for the admin + login area:

define( 'FORCE_SSL_LOGIN', true ); // Force SSL for Dashboard - Security > Settings > Secure Socket Layers (SSL) > SSL for Dashboard
define( 'FORCE_SSL_ADMIN', true ); // Force SSL for Dashboard - Security > Settings > Secure Socket Layers (SSL) > SSL for Dashboard

The WP plugin itself will also protect your site from different type of attacks and spam - so it is pretty handy!

2.5. If you don't use Ithemes security pro plugin you will need to add the above-mentioned code manually in wp-config.php.

There are 2 more options for securing your admin area (https-ing it :-).This is in case the option from 2.4. failed to work (2 added lines in the wp-config.php file):

OPTION 1: Add this code in your functions.php:

function force_https () {
if ( !is_ssl() ) {
  wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301 );
  exit();
}
}
add_action ( 'template_redirect', 'force_https', 1 );

OPTION 2: Add this code in your wp-config.php:

if(!_isSSL()){
    $url = 'https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    wp_redirect( $url, 301);
    exit();
}
 
function _isSSL(){
     if( !empty( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )  return true;
     return false;
     return is_ssl();
}

Here are some articles about the WordPress and installing the SSL on this powerful CMS:

https://code.tutsplus.com/tutorials/options-for-ssl-in-wordpress--cms-21995

3rd STEP: 301 redirect of your http version to your https one

This part of the process is somewhat tedious because it might not work immediately and you might need to try different options... For the 301 redirection you will need to change your .htaccess file located in the root of your site. It "speaks" with your server (most often it is Apache). The purpose is to avoid duplicate content loading from http:// and https:// simultaneously.

For WordPress there are varius options of the rewrite rule code. You will need to add one of the options (see them below) right after the # END WordPress line in your .htaccess file (the rules follow from top to bottom). Do not forget to change the yoursite.com (and yoursite\.com) in the examples with your actual domain name.

3

The most common rewrite rule for migrating from http to https is this one:

OPTION 1:

RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$  https://%{HTTP_HOST}/$1  [R=301,L]

If there is a loop in the browser, use this one instead:

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$  https://%{HTTP_HOST}%{REQUEST_URI}  [L,R=301]

OPTION 2:

RewriteEngine On
RewriteCond %{HTTP_HOST}#%{HTTPS}s ^www\.([^#]+)#(?:off|on(s)) [NC]
RewriteRule ^ http%2://%1%{REQUEST_URI} [R=301,L]

OPTION 3:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{HTTP_HOST} ^www.yoursite.com
RewriteRule ^(.*)$  https://yoursite.com/$1  [L,R=301]

OPTION 4:

RewriteEngine On
RewriteCond %{HTTPS} !=on  [OR]
RewriteCond %{HTTP_HOST} !^yoursite\.com$ [NC]
RewriteRule ^  https://yoursite.com%{REQUEST_URI}  [R=301,L]

OPTION 5:  (this one worked for my WP site):

RewriteEngine On
RewriteCond %{HTTPS} !=on  
RewriteRule ^  https://%{HTTP_HOST}%{REQUEST_URI}  [R=301,L]
RewriteCond %{HTTP_HOST} ^www*\.(.*yoursite\.com)$ [NC]
RewriteRule ^  https://%1%{REQUEST_URI}  [R=301,L]

OPTION 6:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www*\.(.*yoursite\.com)$ [NC]
RewriteRule ^  https://%1%{REQUEST_URI}  [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^  https://%{HTTP_HOST}%{REQUEST_URI}  [R=301,L]

My .httaccess file in my WordPres CMS site for example looks like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
 
# END WordPress
 
RewriteEngine On
RewriteCond %{HTTPS} !=on  
RewriteRule ^  https://%{HTTP_HOST}%{REQUEST_URI}  [R=301,L]
RewriteCond %{HTTP_HOST} ^www*\.(.*mysite\.com)$ [NC]
RewriteRule ^  https://%1%{REQUEST_URI}  [R=301,L]

Now you will need to check whether everything is working fine by typing in your browser http://yoursite.com and http://www.yoursite.com - do not forget to clear your cache as it might affect the redirection. Press CTRL+H in your browser to clear the cache and cookies and then try again if needed.

If you have another CMS or PHP platform the rewrite rule might differ. For example for a Question2Answer platform this one works pretty well:

DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine On
#RewriteBase /
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^  https://%{HTTP_HOST}%{REQUEST_URI}  [R=301,L]
RewriteCond %{HTTP_HOST} ^www*\.(.*yoursite\.com)$ [NC]
RewriteRule ^  https://%1%{REQUEST_URI}  [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ index.php?qa-rewrite=$0&%{QUERY_STRING} [L]
</IfModule>
2

Verification

4.1. Check whether your CSS styles and images are loading correctly! If the padlock in your browser is steady green (not yellow) everything works fine!

4.2. You can check whether the SSL is installed properly here:

https://www.sslshopper.com/ssl-checker.html

or here

https://www.whynopadlock.com/

SSLshopper WhyNoPadlock will crawl ONLY one page - so you might need to check the other inner pages of your site by using this service:

https://www.jitbit.com/sslcheck/ - this site will crawl up to 200 of your website's pages and will tell you whether there is a problem with the SSL.

For more advanced users you can use a program called http://www.scrapebox.com/ - it is useful if your site is bigger and you want to scan a lot of pages to check if there is an insecure connection - maybe an image or something else. You can use Scrapebox's plugin/addon: Page Scanner: http://www.scrapebox.com/page-scanner

5th STEP: Notify Google about the changes you've made

For SEO purposes you will need to notify Google. If you are using Google analytics simply change the site's Default URL from http:// to https:// by going to the Google's Analytics Dashboard.

The next step is to add https://yoursite.com to the webmaster tools - as a new site by clicking on Add a Property (keep the old http:// version though!) Watch the video below to understand the process better (after 1:30):

In your robots.txt file located at: https://yoursite.com/robots.txt don't forget to change your sitemap's path form http to https and add it in the Search Console

Another video you might find useful:

All done! Enjoy your secure and encrypted connection + (maybe) boost your SEO rankings 🙂

Partilhar: