Table of Contents
Prepare your website for adding an SSL certificate to your domain.
What is HTTPS?
You may have wondered what that acronym, “http” or “https” at the start of the URL means? Simply, it refers to Hypertext Transfer Protocol, a text on an electronic device that contains hyperlinks to other text. And to add a layer of security, well, you can plan to migrate your Website from HTTP to HTTPS. Check whether there are any content, switching, and security factors to consider when migrating or moving from a WWW, HTTP to an HTTPS.
Basically, HTTPS is the more secure version of HTTP, and the “S” stands for ”secure.” This happens when you apply an SSL Certificate to your domain. So, when you move to an HTTPS, it can provide a secure connection layer from your browser or web application to a website or network (world wide web). The HTTPS is one of the measures that Google’s Safe Browsing Technology requires for all the websites that their search engine crawls. When you connect to an HTTPS site, it means a secure user experience like logging into your banking website, capturing credit card information, and even logging to the backend of your website.
Having an HTTPS on your website requires that you secure an SSL certificate for encryption. The New HTTPS version ensures no transfer of plain text data to the site itself and the network.
Add another security layer (SSL) to your Website
Here are 36 things off the top of my head to consider in an HTTPS migration. You cannot rollout any movement without planning. You have to outline the steps you need to migrate from HTTP to HTTPS. The planning stage needs to include factors or outcomes on the day of moving to HTTPS, setting-up redirects, 3rd party integrations, and on what may happen shortly after the migration day.
Also, it would be best to anticipate ahead for any corrective actions on how to fix arising issues after that. To continually improve the content and to adapt another security layer to your Website, that is, fully move your old site to the new HTTPS version. Please note that this is not a step by step guide and it is very likely that there are other considerations not on this list. This list is in no particular order, and you should always tailor your HTTPS migration plan to the specific needs of your client’s business:
1. Redirects preparation
When you need to use your Redirects, you have to prepare them well with the best SEO practices to bear in mind. First, ensure one redirect should not forward to another redirect to avoid a “chain of redirects.” Second, check to redirect only to the preferred version of your Website, using the HTTPS protocol, domain name, and path notation (with or without trailing slash).
Include your preparations to test the Rewrite Rules that will 301 redirect from all of the identified existing URLs (pages, images, etc.) on the HTTP domain to the HTTPS one. This preparatory step is your most essential part of moving from HTTP to HTTPS. Your “redirects” will indicate to google search engines and users that you have a new digital content location that is up and running. You can also check with reliable domain migration resources to complete your preparations for the website redirects. Though you optimize your 301 redirects to add appropriate redirection instructions to your Website server, you need to ensure that your redirects indicate to Google and other search engine crawlers to pass all related authority with the old site to the new one.
You can also maximize your HTTPS migration with precisely the same URLs to integrate one redirection rule to capture all uses of both old and new domains, and to make a domain-wide redirect rule. Take time to check and test your redirects to ensure you have prepared them well enough. You have to check the internal links on the destination site, especially for the adequacy of a one-on-one redirect chain, and for the continuity of site analytics from the old to the HTTPS domain.
2. Web Analytics Configuration Preparation
The best thing to do is integrate Google Analytics to your Website to ensure that the existing Web Analytics configuration will also monitor HTTPS domain traffic. Start collating the website data that you will need for your Website analytics. You are making every worth of your preparation as equitably the same with your implementation when you do web analytics, and have configured it correctly. So, better check if you can identify the right resources you need to set-up and configure your web analytics, create a plan for its implementation, and design how to implement web analytics as a work-in-progress solution towards continuing SEO of your HTTPS domain.
When you prepare your web analytics, include your social media, customer voice, mobile, and experimentation analytics tools to collect data accurately, customer opinions, follow mobile users, and explore options for new trends. In place, web analytics will enable you to collect, report, and analyze your website data. So focus your web analytics on how to identify measures based on your organizational and user goals. Subsequently, use these results to determine the outcome of those goals, and eventually drive a continuing website strategy as well as improving user experience.
3. New HTTPS URL formatting
When you encounter the word URL, you may have asked what this stands for? URL is an acronym that refers to Uniform Resource Locator, a reference (like an address) to a digital resource on the Internet. In short, the URL is the address of a website or an online or digital resource. So, URL is the basic network identification of any resources connected or linked to the web, and it is a protocol that specifies how to transfer the information from the link. Take “https://example.com” as a case in point. You can see that the URL has HTTPS referred to as a protocol identifier and a resource “EXAMPLE.” For this URL, the resource name is “example.com.”
You can find the URL either in the address bar of your web browser or the link by right-clicking it, copying the link or selecting “copy link,” “copy link address, or “save link as.” When we talk of a resource, it mainly includes documents or information accessible via the internet or network, databases, servers, and telnet destinations. Ensure to verify during preparation stage that all of the existing web environment and protocol rewrites and redirects behavior, including issues on formatting such as the use of www or non-www, slash “/” versus non-slash, and so on are adherent and implemented to the desired HTTPS web version as they used to work from the old HTTP domain.
4. XML Sitemap Release & Submission
Building your Sitemap, an XML file that lists the URLs for your HTTPS site, allows webmasters to indicate additional information about each URL, including changes or updates, how often it changes, and its importance to other URLs of your HTTPS site. So better check your Sitemap thoroughly before you submit it to google. After generating your XML Sitemap, upload and verify it with the HTTPS URL versions in your HTTPS Google Search Console (GSC) profile. You need to sign in to GSC and follow the instructions.
Once you are in the GSC, make sure to remove outdated or invalid sitemaps (if any). Remember that when you create and submit a new sitemap to the search engines, especially those new URLs that are not present in the old domain, you need to double-check the sequential order of your HTTPS pages and their URLs. So, create a list that shows in hierarchical order all of the page content of your HTTPS site. Ensure to re-create and test your XML sitemap thoroughly before submitting it to Google. Do each URL in your old Sitemap correctly with a 301 redirect to your new TTPS domain. Once you are sure that both of the old and new sitemaps have no errors, you submit both to Google Search Console (GSC).
5. Robots.txt configuration
Setup the robots.txt configuration of your HTTPS site to indicate to search engine crawlers the pages or files they can crawl or not. The robots.txt file “allows” or “disallows” crawlers to a specified file path in your HTTPS website. Load & verify the robots.txt setting in your new domain. Ensure that the robots.txt file is located at the root of the website host to which it applies or in the top-level directory of your website code to simplify crawling and indexing of search engines.
Your configuration must structure your robots.txt so search engine spiders can access the categories and web pages in the appropriate order or algorithm. It should indicate whether specific user agents (i.e., web-crawling software) can or cannot process or scan parts of a website and specifies crawling instructions for the behavior of one or all user agents. Also, include a robots exclusion standard, robots exclusion protocol or robots.txt, to properly communicate with web crawlers and other web robots.
6. New HTTPS version canonicalization
The canonical version of your new HTTPS version will help Google to choose and crawl that URL, and all other URLs that you specified (i.e., product, landing or home pages). So, it is suitable for your new domain to indicate that Google should spend time crawling new or updated pages on your site. It is better to verify at the stage environment and implement the canonicalization, rewrites and redirects from all other protocols like www versus non-www, slash versus without slash, to the new HTTPS Web version. A canonical URL is your page URL or master URL that indicates Google that it represents a set of duplicate pages on your HTTPS site.
You have to set your canonical URL on your website then configure your server to use rel=”canonical” HTTP headers to indicate the canonical URL, which Google supports for web search results. You can pick a canonical URL for each of your pages and include it when you submit them in a sitemap. Find and index the canonical version or URL of every page of your HTTPS site using the URL Inspection tool on the GSC. The tool will help you check whether a page has a canonical tag, identify duplicate or alternate pages to prevent it from appearing on multiple URLs, index, locate, and do the URL canonicalization of your HTTPS domain. You may not expect that all URLs on your website would be indexed, though.
Verify in the stage environment that all of the already existing rewrites & redirects behavior (non-www vs. www; slash vs. non-slash, etc.) are also implemented in the https Web version as they used to work on the http one
7. URLs Parameters Configuration
Carry out the URLs parameters configuration of your new HTTPS site through the Google Search Console (GSC). Ensure to replicate the existing URLs configuration in the HTTPs site profile. When your site uses URL parameters for insignificant variations or the same content appears but using different URLs, your website is making duplicate or alternate pages. This situation can affect your rankings as it can cause Google to crawl your site inefficiently. Since you are switching protocol, you need to add a new property to Google as HTTPS. Submit the Sitemap under the HTTPS property variation that contains all the new URLs.
You can also convert your HTTP URL to HTTPS, but you have to buy and install an SSL certificate first. Get one through your web hosting provider to get started. After that, double-check that your internal linking is changed to HTTPS, and your 301 redirects are set-up to notify search engines properly. It would help if you redirected your URLs from the HTTP to HTTPS protocol explicitly, and you have to configure your web server with an instruction that it has to return HTTP URLs with 301 status code and their location header to HTTPS://.
8. Google Search Console Registration
To register in the Google Search Console (GSC), you should set up an “HTTPS” property for your page on the Search Console. Primarily when your website uses an SSL certificate and is accessible as “HTTPS”. Add that HTTPS property to GSC Search Console to register your new site as Search Console treats HTTP and HTTPS separately. Thus, you must have a separate Search Console property for each one of these protocols.
The data for these properties is not shared. Ensure to register both HTTP and HTTPs domains in GSC, along with your www and non-www versions. Also, if you had registered individual sub-domains or sub-directories in the GSC, replicate that registration & configuration with their HTTPS version. Having no access to GSC, your HTTPS website data becomes inaccurate. It takes a couple of days for GSC to gather the date from your site, so be patient to wait and check back after five or more days.
9. SSL Server Configuration Validation
An SSL stands for Secure Sockets Layer, a standard security technology that establishes and secure encrypted links between a server and a client. Usually, a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook). You can do an SSL configuration by checking first the host with a dedicated Internet Protocol (IP) address to determine the best security.
Your SSL Certificate would require your website to have its dedicated IP address. If you have no SSL certificate yet, you need to secure one, activate, install, and update the HTTPS site to use it. To verify or validate the SSL configuration of your Web Server using free online service platforms to perform an in-depth analysis of the HTTPS site’s SSL configuration on any web server. Take note that the information you submit to this platform is secured and used only to provide you the server verification services. You can do an SSL Server Test at https://www.ssllabs.com/ssltest/.
10. HTTP to HTTPS redirect implementation
When you carry out the implementation of your HTTP to HTTPS redirects (i.e., the 301-redirects of from its HTTP to HTTPS version or from other sites and vice-versa), you need to test and help you analyze the status of your site links and path. In an HTTPS migration environment, checking and implementing a switch of protocol from the old domain to the new domain is equitably essential to ensure that when we click a URL, we know where we are heading. Make your redirect a 1:1 redirect to .
When you do this, it allows you to secure your webpage, a one-is-to-one check, and run for your home or landing pages. Configure and implement your 301 redirects right after creating your HTTPS site to move from the old one effectively. Especially during migration, there are existing broken pages, thin or no longer useful pages, content duplication & dynamic URL issues, and other domain merging or migration concerns.
11. New HTTPS site redirects validation.
When you validate your new HTTPS site redirects, ensure to use them following the best rules or practices to handle redirects. Such as to prevent the creation of chained redirects, and redirect only to the preferred version of your new website using the HTTPS domain, the correct domain name, and path notation. Verify the redirect rules are correctly implemented from http versus https, www versus non-www, and the use of slash versus non-slash. There are Test Redirects tools available online, but you can get started with Google’s Webmaster Tools best practices to check your redirect implementation.
You can use many, or a variation of these tools but make it as simple as you can to visualize your redirect pat