How to upgrade to HTTPS

[HARDY]

If the HTTPS protocol was relatively rare recently, today the transition to it becomes a necessity for many sites.

There are many reasons for this need, but among the most important ones are user security and new requirements for browsers and system searches. This article will not only answer the question of why it is necessary to switch to HTTPS, but how to implement it, what problems you may encounter and how to fix them.

What is HTTPS and what is it for?

For many years, the main protocol for data transmission on the Internet was the Hypertext Transfer Protocol, which is HTTP, the algorithm of which is simple, but extremely vulnerable: the data is transmitted in text format, and therefore they can be traced and intercepted. The HyperText Transfer Protocol Secure (HTTPS) protocol extension, which allows to protect data, was created in 1994, but until recently it was not in demand. There is an opinion that it began to be actively used with the development of online trading and Internet banking, since it is one thing for the user to provide hackers with the ability to intercept a password from a semi-anonymous box, and quite another to transfer data of their own bank card into their use. One way or another, but 20 years after its creation, HTTPS has been actively supported by one of the main Internet trend-takers - Google. Since 2014, it has positively influenced the position of the site in the issuance of the search engine, and we can not ignore this, even if the user data does not care much for us. But the user with time, the sites that do not care about his data, trust less.

The main difference between HTTPS and conventional HTTP is that the data is encrypted in accordance with the cryptographic protocols SSL and TLS before it is transmitted by the standard transport protocol. The encrypted channel is created directly when the client connects to the server, which almost eliminates the possibility of listening, spoofing packets or other interference in the structure of the transmitted information. Thus, we provide security to ourselves and the user. Of course, this is most relevant now for sites where money transactions are performed, but taking into account the policy of browsers and search engines, it will soon affect all of us. So the question is to take care of the sooner, the better.

How to upgrade to HTTPS

To begin with, we need to determine the transition time. Each site has periods when it uses the greatest demand among users, and there are periods of calm, they are what we need. I'll explain why. The thing is that there is a risk of a temporary drop in the site in search results and even the appearance of such a difficulty as its inaccessibility. Of course, you do not want to cause inconvenience to users, but if necessary, it's best to get by with little blood. Choose a period of stagnation and begin.

Before starting the process, you need to conduct preliminary training:

Change the links linking pages of the site from absolute to relative. So, for example, if the link represented the formula "http://site.ru/content/", then after the changes it should look like "//site.ru/content/". This will avoid errors in indexing and redirection of users.

Translate media content to relative addresses. If it is loaded from external sites, you will have to make sure that they support HTTPS or replace them. With the popular services of such problems, most likely, will not arise - they are aware of the trend and have taken care not to stay on the roadside in advance, but it is better to hedge.

In external scripts, also use relative URLs. Note that depending on the size of the site, all these conversions can take up to several months.

Purchase and install an SSL certificate

The next step is to purchase an SSL certificate. The certification centers are a great variety and they differ not only in price but also in capabilities. Not all the centers have root certificates for each browser, and if it does not, the user who logs from this browser to your site will receive an error. The most popular and the most popular in the browsers centers: Comodo, Geotrust, Symantec, Thawte and Trustwave. Judging by the statistics, these guys can be trusted. The prices can be different - from 500 to several tens of thousands of rubles per year. You can also get an SSL certificate for free, but it's more difficult and not always justifiable in terms of security. In addition, free certificates often only operate for a few months, and if your site involves making payments, then this can be difficult.

Suppose that you still bought the certificate and now you need to install it on the server. On most web hosting today, you can do this automatically through the control panel. In each individual case, the process will be slightly different, but in general, you will have to look for a function in your personal account in any case. Forward!

The SSL certificate is installed, but it's too early to exhale - you need to do some more manipulations in the site code and its settings. Specify that the site URL now contains a non-HTTP protocol, and HTTPS is needed to create the correct internal links. And do not forget to check that the pages of the site are correctly opened by URL with the new protocol.

Completing the transition from HTTP to HTTPS

Now you have ahead of you a whole epic, called gluing mirrors, that is, copies of it. Reference weight will need to be transferred to the main mirror, it can be done in the offices of webmasters search engines. The transition will take a large amount of time - up to several months. We'll have to wait, we can not speed up the process, we checked it.

While search engines deal with mirrors, we start working with internal links, including the URL of all static files. This can be done with the help of special scripts, but if you are not looking for easy ways, then you can do it manually. For volume resources, you can also use the services of SEO-analysis of sites.

To redirect to a new address of users who are used to the address of the old, you will also have to implement 301 redirects. It will be required for all pages of the site and requests without exception, if you want the search engines to have no reason to quibble.

Well, you've completed the basic actions, now you just have to wait. And prepare for a decrease in traffic and TIC - in the transition is a normal story. Do not be afraid, eventually everything will be restored, the benefit of search engines to HTTPS sites only increases day by day.

[godfader4]

thanks