Converting to HTTPS
-
I have a 10 yr old website that we are just now adding a Symantec SSL with Extended Validation. I've seen some older posts about whether switching to URL's to HTTP effects Google ranking and I understand it may in the short run, but I wondered if anyone had any updated info about how best to go about this. Are there any step by step articles that could walk me through this?
Our certificate is already installed now, but we haven't forced it out there yet. If I understand right, we will use the HTTPS on the entire site. I am not very experienced with 301's, but I believe I can set this up in Godaddy.com where our domain is reigstered so that our old HTTP forwards to HTTPS. Also, I don't think this effects anything within GWT so I don't think I have to make any changes there.
Am I missing anything?
FYI, the prices for this on the Symantec site are pretty high for a small business like ours. I looked around and found https://www.thesslstore.com/, an SSL reseller, had cheaper prices listed on their site. As it turns out, I called to ask a technical question and the sales person offered to email me a custom quote that was even cheaper than what was listed on their site. So if you are dealing with a limited budget, I might recommend you call The SSL Store and get a quote from them. I am not an affiliate and having nothing to do with them, I was just happy with their service and I believe it cost me about 1/2 of the price on the Symantec site. Hope that helps someone.
-
When we moved our site over to full HTTPS we noticed that GWMT needed to re-authenticate for the HTTPS domain, and actually shows different information from the HTTPS profile compared to the HTTP profile.
The Analytics proporty won't change, but your sitemap will need an update for provide the HTTPS links compared to the HTTP ones. Google will quickly pick-up the protocol change and as long as you set-up correct redirects from HTTP to HTTPS you won't be dropping traffic that much. In the long run you'll see your site returning to it's old self again, depending on how good the rest of your optimization is.
Do keep in mind that if you're mixing content (retrieving external content from HTTP sources) some browsers start throwing warnings to users; if you're embedding HTTP content in an HTTPS site, browsers like Chrome don't load the HTTP at all unless the user clicks the option for mixed content at the end of the address bar.
Hope this helps!
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
301 Old domain with HTTPS to new domain with HTTPS
I am a bit boggled about https to https we redirected olddomain.com to https://www.newdomain.com, but redirecting https://www.olddomain.com or non-www is not possible. because the certificate does not exist on a level where you are redirecting. only if I setup a new host and add a htaccess file will this work. What should I do? just redirect the rest and hope for the best?
Intermediate & Advanced SEO | | waqid0 -
Http & https domain names
We currently have a site which we found SEM Rush to show that their were duplicate pages for the site. Upon further inspection we realized this was because there existed both http:// and https:// Versions of the site. Is this a problem for Google that the site appears for both http:// and https:// and that there are therefore duplicate versions of the site?
Intermediate & Advanced SEO | | Gavo0 -
Browser Cacheing - HTTPS redirects to HTTP
Howdy lovely Moz people. A webmaster redirected https protocol links to http a number of years ago in order to try and capture as many links as possible on a site we now manage. We have recently tried to implement https and realised that because of this existing redirect rule, they are now causing infinite loops when trying to test an http redirect. http redirecting to https redirecting back to http, etc. The https version works by itself weirdly enough. We believe that this is due to the permanent browser caching. So unless users clear their cache, they will get this infinite loop. Does anyone have any advice on how we can get round this? a) index both sites and specify in GSC that the https is the canonical version of the site and hope that Google sees that and removes the http version for the https version b) stick with http as infinite loops will kill the site c) ??????????? Thanks all.
Intermediate & Advanced SEO | | HenryFrance0 -
Recovery from a HTTP to HTTPs migration using 302s ?
If a website did an HTTP to HTTPS migration using 302 re-directs, that were corrected to 301s about 4 months later, what is the expected impact? Will the website see a full recovery or has the damage been done? Thanks to anyone who can shed some light on this...
Intermediate & Advanced SEO | | yaelslater0 -
Redirect HTTP to HTTPS
Hello, Simple question - Should we be redirecting our HTTP pages to HTTPS? If yes, why, if not, why? Thanks!
Intermediate & Advanced SEO | | HB170 -
Client has moved to secured https webpages but non secured http pages are still being indexed in Google. Is this an issue
We are currently working with a client that relaunched their website two months ago to have hypertext transfer protocol secure pages (https) across their entire site architecture. The problem is that their non secure (http) pages are still accessible and being indexed in Google. Here are our concerns: 1. Are co-existing non secure and secure webpages (http and https) considered duplicate content?
Intermediate & Advanced SEO | | VanguardCommunications
2. If these pages are duplicate content should we use 301 redirects or rel canonicals?
3. If we go with rel canonicals, is it okay for a non secure page to have rel canonical to the secure version? Thanks for the advice.0 -
HTTPS entire domain Vs. one URL
Long time no Moz! Ive been away with some server related issues, installing an AD at the company I work for, but I'm back. Our SSL cert just expired and I'm trying to determine the pros and cons of making an entire site SSL vs just the URL. Our previous set up was just a single domain. I know Google has hinted toward SSL preference, and I know its a little early to know for certain how much that's going to help, but I just wanted to know what everybody thought? It expired yesterday, so I have to do something. And we lost our previous credentials so I can't just renew the old one. Thanks!
Intermediate & Advanced SEO | | HashtagHustler0 -
HTTPS moz.org untrusted - invalid cert
https://www.moz.com/ has an invalid cert guys This Connection is Untrusted You have asked Firefox to connect
Intermediate & Advanced SEO | | irvingw
securely to www.moz.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue. www.moz.com uses an invalid security certificate. The certificate is only valid for moz.com (Error code: ssl_error_bad_cert_domain) If you understand what's going on, you
can tell Firefox to start trusting this site's identification.
Even if you trust the site, this error could mean that someone is
tampering with your connection.
Don't add an exception unless
you know there's a good reason why this site doesn't use trusted identification.1