Checklist for Successful HTTP to HTTPS

Congratulations, you’ve decided to migrate your website from HTTP to HTTPS.

It’s about time 😉

Or maybe… you’re still on the fence.

Don’t be.

This is a smart move that you should get on board with pronto.

An HTTPS site is almost identical to that of a traditional HTTP one: it uses the same syntax – but – it offers elevated security through encryption protocols.

.. fancy way of saying it’s safer for your visitors to use, and interact with…

When HTTPS was first launched, early adopters were eCommerce websites aiming to improve the security of their transactions. Slowly, it was adopted by larger corporations that were transferring sensitive files.

Today, HTTPS is used by most websites – primarily to:

  • protect their page authenticity
  • secure user accounts
  • encrypt web browsing for improved privacy

But what does this have to do with SEO and building links?

I’m glad you asked.

During the Google I/O held in June 2014, an entire session called HTTPS Everywhere was dedicated to the why, how, and when of HTTPS. Later, in August of that year, Google announced that they had implemented HTTPS as part of their ranking algorithm.

(anndd… Umm.. if Google says it impacts your rankings, then that should be the only reason you need to get on the train…)


If that wasn’t enough of a push, in late 2017 and again in July of 2018, Google revisited the topic of security importance and vowed to continue to increase its impact on site traffic.

So, there it is!

The only reason you need to make the change.

And yet, still!… Less than 35% of the top one million websites ranked by Alexa are using HTTPS as their default protocol and less than 60% of the top 140,000 most popular websites have an active security license!?

But… regardless it’s important you make the move.

Besides the obviously stated reason above…

(hello Google-friendly site decisions)

Here are a few simple reasons why you should make the switch to HTTPS. It offers:

  1. Increased website security by encrypting the user’s activity
    • Through improving data integrity during transfers, and authenticating the website to protect users against hack attacks.
  2. Faster loading speeds
    • The majority of browsers enable HTTP/2 only if the website has an active SSL/TLS license.
    • HTTP/2 was shown to be at least 50% faster than its predecessor.
  3. Better SEO rankings
    • Several past studies have shown that HTTPS does have a positive impact on the positioning of a website in the SERPs.
  4. Improved brand credibility
    • The green bar that comes with running a secure connection speaks to your visitors.
    • Green means good, reliable, trustworthy, and safe – an important element to eliminate the friction from the transactional nature of information exchange.

Making The Switch From HTTP to HTTPS

First things first, I recommend conducting the migration on a test server first. This will allow you to catch and fix any issue without affecting your visitors.

To support your move, I’ve made a checklist to keep you on track.

1. Get yourself an SSL certificate.

To secure your domain, you need to buy an SSL certificate first. Certificate issuing entities are known as certificate authorities (CA).

There are tons of options to buy an SSL certificate – these are my top 3 choices:

Only opt for a certificate that uses a 2048-bit encryption key. Make sure that the CA you’re purchasing your license from offers technical support. You probably won’t need it but it’s good to have it.

2. Install your SSL certificate

Depending on the software that you’re running on your web servers, the steps to install your SSL certificate may vary. Normally, the certificate that you purchase should come with clear installation instructions for the most popular web server software, such as Apache or NGINX.

3. Verify the installation

Once the installation is complete, you should verify it.

There are several free tools that can do this for you. I’d go with either:

By verifying the installation, you’re checking that your certificate has been correctly installed, that it’s valid, trusted, and that it displays no errors to your visitors.

4. Check Your CDN Settings

If you’re using a content delivery network, check to see if it can handle HTTPS. If it can’t, it’s time to look for a new provider. If it can, connect with the support team in order to make the necessary changes required for a smooth transition from HTTP.

5. Implement 301 Redirects

You’ll no longer be using the HTTP versions of your web pages. By using 301 redirects you’re permanently telling search engines that you have moved your pages to a new HTTPS version. The 301 redirect transfers most of your link juice from the old page to the new one.

Note: When doing 301 redirects you should spend some time beforehand indexing everything that will be redirected.

6. Update Your Links

Don’t skip anything: internal links, external links, newsletter links etc. You need to update everything to the new HTTPS version. This ensures that you’re sending out a unique SEO signal to the search engines.

While you’re at it, update your social media accounts to reflect your new HTTPS pages. Make sure to do this on all of your social media accounts, not just those that you use the most. Any reference to your website that’s not taking users to a secure page has a detrimental effect on your search engine success.

7. Update Your Sitemap and Robots.txt

While having a sitemap isn’t a necessity, it’s useful when you’re dealing with debugging issues. Sitemaps are also commonly used to check if images are being indexed. Once you’ve updated the sitemap, upload it via the Google Search Console. Your robots.txt file should also include the path to your new sitemap.

8. Configure Your Canonical Tags

Canonical tags tell search engines which version of a URL should appear in the SERPs. By using canonical tags on your pages, you’re actively preventing duplication (an event which could lead to a drop in your SERP ranking). Be sure your canonical tags are updated to include the new HTTPS version of your pages. Some CMS systems update these automatically but you should double-check to make sure.

9. Resubmit The Disavow File

If you’re unaware, the disavow tool that Google created allows webmasters to upload a list of suspicious backlinks that should be disregarded when your website’s ranking is calculated. If you’ve had one for the HTTP version of your website, you should update it and re-upload it to Google’s Disavow tool.

10. Update Google Analytics

Your Google Analytics profile has to be updated to reflect the changes. To do so, click the Admin button found under your account. This should bring up your settings. Update your website’s URL to the new HTTPS version. Make sure you change the URL for the Property Settings as well.

11. Rewrite Your Newsletter

There are two steps towards achieving this. First, you have to stop sending out your old newsletter about 5 days before your migration is going to happen. Secondly, you’ll want to update your newsletter template to include the newest HTTPS links. To spark some extra interest, mention the migration to the secure protocol in the newsletter. You’ll make your customers happy.

12. Check Extensions, Plugins, and Add-Ons

If your website is using extensions, plugins, or various add-ons, make sure that you update those as well. Forgetting to update your URLs in these cases will cause your extensions and plugins to stop working properly.

13. Fetch And Crawl Your New Site

Making it this far means that you’ve previously updated your sitemap and your Google Search Console. Now it’s time to crawl your migrated website. For this, you can use the Googlebot fetch function. Simply fetch your website, submit it to indexing, and crawl it and its direct links.

14. Update Your Blog

Your blog is an extension of your company. You shouldn’t leave it out of the migration process. If you post regularly on your blog, chances are there are a lot of internal links that need to be updated to their HTTPS version.

15. Update The Custom Libraries

If you’ve implemented custom libraries over the years, such as Ajax, CSS, or Javascript, it would be a good idea to update the scripts and libraries to match the new HTTPS links. Should you forget to complete this step, you might find your website flagged for mixed content. The presence of HTTP on an HTTPS page actually weakens the security of that page.

16. Enable HSTS

HTTP Strict Transport Security or HSTS is a security policy that protects your website against cyber attacks. By enabling this, you’re forcing browsers to request the HTTPS page automatically, even if your visitor enters the HTTP format in their search bar.

Common Problems When Migrating

Based on past experience, I can tell you that the most common problems that appear when migrating a website from HTTP to HTTPS are related to badly implemented redirects. If not done properly, your HTTPS migration could lead to:

  • Content duplication
  • Version mismatches
  • Crawling issues

Final Thoughts

HTTPS is here to stay.

As you can probably tell, migrating your website to a more secure protocol is not a simple task. Luckily, it comes with a lot of benefits, including:

  • improved SERP rankings
  • faster load times
  • improved brand credibility
  • heightened security

Put in the extra effort, and implement every step in this checklist and you’ll set up your site up for a successful HTTP to HTTPS migration.

What’s Next?

After everything has been redirected, the next best thing you can do to scale your site in the SERPs is to make sure that you have a robust backlink profile.

…. And here’s a free course on exactly how you get ’em

Co-Founder Digital Lead ??‍? ? For more then 15 years Tim has been using digital marketing strategies as a tool to scale businesses. Captivated by human psychology and productivity, he is an avid student of strategy. Always seeking what's new and integrating it with what works. ?‍♂️?
Leave a comment

Your email address will not be published. Required fields are marked *


Checklist for Successful HTTP to HTTPS

by Tim time to read: 8 min