After outlining HTTPS migration and explaining the issues involved in the first part of our dossier, we’re continuing to clear the way by explaining step-by-step how to migrate to HTTPS.
To make it easier for you to read this article, here is the table of contents:
- Le Before: Prepare your migration to HTTPS
- Migrate to HTTPS
- L’after: Check that everything is in order
1. PURCHASE AND INSTALL AN SSL CERTIFICATE
As we said in the first part of our dossier on HTTPS migration, there are several types of certificate: “single domain” certificates, “multi-domain” certificates and “wildcard” certificates (suitable for sites with several sub-domains).
2. REMEMBER TO MODIFY YOUR INTERNAL URLS
You’ll now be serving pages in both HTTP and HTTPS, which poses no problem. On the other hand, when you serve mixed pages (for example, an HTTPS page in which resources are served in HTTP), your page is no longer entirely secure, and your visitors will be informed of this.
You’ll need to modify your :
in:
or en:
Your internal URLs then become relative to the protocol (as //fasterize.com) or relative to the domain name and protocol (as /jquery.js).
3. REDIRECT HTTP URLS TO HTTPS
Don’t forget to set up 301 redirects. This will ensure the transition from the old version (HTTP) to the new version (HTTPS) of your pages, while maintaining their popularity and traffic.
This step will soon be automated by Fasterize. All you have to do is tick a box on the dashboard!
ATTENTION AUX URL DUPLIQUÉES
By the time all the redirects are complete, the URLs will be duplicated. There will be your old HTTP URL, which no longer needs to be crawled, and your new HTTPS URL with the same content as the old one.
Sites with a high volume of URLs may experience a temporary drop in traffic: up to 15-20% for several days.
“Allow Google to discover secure URLs directly via 301 redirects, and not via the HTTPS site crawl or its sitemap, in order to keep this temporary duplication to a minimum.”
AYMERIC BOUILLATconsultant at Résonéo
4. …AND ENSURE THAT CANONICAL LINKS POINT TO HTTPS PAGES
The canonical URL is a tag that tells the search engine which is the “official” URL to crawl. At the same time, you’ll save yourself some trouble with Google over duplicate content.
Here is some advice from Google on how to use the ‘rel=canonical’ tag:
- The two pages must have identical or very similar content.
- The URL indicated in the “canonical” tag exists and is not redirected.
- This canonical page does not contain a “noindex” robots meta tag.
- A single “canonical” tag must be present on the page. If there is more than one, they will all be ignored.
5. MAKE SURE YOUR SITE IS TRACKED USING HTTPS
If you use SEO tools such as SEMRush or Ahrefs, update your links!
To do list: migrating to HTTPS
1. ENABLE HTTPS ON YOUR SERVERS
There are a few best practices for configuring your server for HTTPS, and I invite you to read this article >>. These best practices are already activated for all sites connected to Fasterize, and we regularly update our server configuration to comply with PCI DSS.
Note that there is no longer a secure SSL configuration (i.e. one that is not subject to a security vulnerability) to support Internet Explorer on Windows XP.
See for IE6 on XP >>
See for IE8 on XP >>
2. REMEMBER TO SUBMIT A NEW SITEMAP WITH HTTPS URLS
You won’t be able to indicate your transition in your current Search Console or BING Webmaster Tools accounts (the one that manages your HTTP pages). So you’ll need to create a new one and submit a new sitemap with your website’s HTTPS URLs.
Note that if you have a disavow file, you’ll also need to replicate it in your new account.
3. CHECK THAT YOUR HTTPS PAGES ARE INDEXABLE
It would be a shame to do all that work and still not be indexed!
If you were previously blocking the indexing of your HTTPS pages, remember to modify your robots.txt file so that they are now crawled, and remove the Meta noindex tags from your HTTPS pages. To find out more
4. ACTIVATE STRICT TRANSPORT SECURITY (HSTS) AND SECURE YOUR COOKIES
HSTS (a security mechanism) informs a compatible user agent (such as a browser) that interactions between client and server will now take place via a secure connection.
It’s also important to secure your cookies by adding the “secure” keyword. Without this, a browser accessing an unsecured HTTP page after a secure browsing session will transmit the (previously protected) cookie unencrypted over the network.
5. SET UP YOUR CDN
Deploy your SSL certificate on your CDN.
6. UPDATE GOOGLE ANALYTICS ADMIN SETTINGS
Select the “HTTPS” version and save your settings. This ensures that all data reported in Google Analytics will now be measured for the HTTPS site (new version).
1. KEEP YOUR EXTERNAL COMPONENTS
- URL hunting
Whether it’s the URLs of your social networks pointing to your site, the URLs of your landing pages, your paid campaigns(Google AdWords, Ads, etc.), your price comparison sites, your e-mail signatures, or even your emailing, remember to update your URLs to drive HTTPS traffic to your website. No more HTTP links! - External plugins
Update your external plugins (WordPress, Prestashop, Magento, …) to ensure they are HTTPS-compatible. - Social Share
When you migrate to HTTPS, you lose track of the number of likes, tweets, shares and so on. Don’t panic, you can recover them by following the guide!
You didn’t think we’d stop there, did you? 
Now that you’ve migrated, there are a few “details” to check:
- How do you rate Qualys Lab? Aim for A or A+! Anything less is considered a bug.
- Does your mobile site work as it should?
- Is your internal search engine working properly?
- Does the RSS feed for your website/blog work properly on the new version of the site?
- Measure your loading times.
- Monitor traffic on old and new URLs for a few weeks.
This time you’ve finished scrolling. You’ve reached the end of your migration! Welcome to the world of the secure web
DID YOU LIKE THIS ARTICLE?
YOU WILL ALSO LIKE THIS ARTICLE:
4 key optimizations to speed up your HTTPS site