How to Perform an SSL Migration
Xivic's technical team follows a thorough process to conduct secure and smooth client SLL migration, but if you're looking for somewhere to start, here are the beginning necessary steps to migrate to an SSL site:
Step 1: Host the site on a dedicated IP address. SSL certificates will require you to have a dedicated IP address for your site. Most websites will already have this but check with your hosting provider. If you are on a shared IP address, you will need to contact them to upgrade to a dedicated IP. A dedicated IP is one that is static and does not change (dynamic).
Step 2: Buy an SSL Certificate. You can either purchase a certificate from your hosting company or another service provider. SSL certificates are identified by the "lock" in the URL bar of your browser, and users or bots will often look for an SSL before trusting your website. Based on your business, you can buy different types of SSL certificates grouped by validation level and level of coverage. The three tiers of SSL certificate validation are:
- Organization Validation (OV SSL): This is a popular certification choice for both the coverage level and trust signals. With this SSL Certificate, a Certificate Authority approves the right to use a specific domain name as well as provide company information to be displayed to users that click on the secure site seal in the browser.
- Domain Validation (DV SSL): This certificate will only validate you to use a domain name with encryption and is usually the lowest cost and easiest to implement.
- Extended Validation (EV SSL): This SSL Certificate provides the highest level of trust for your website. An EV SSL Certificate approves you to use a domain name with encryption and displays your company information within a green address bar giving users visible signs of authority and security when processing transactions on your site.
Step 3: Generate A Certificate Signing Request (CSR). Many hosting companies will take care of this task if you purchase an SSL certificate from them. You can also generate the CSR through your cPanel. Follow these instructions on how to Generate an SSL Certificate and Signing Request with cPanel.
Step 4: Install the SSL Certificate. Use cPanel or contact web hosting provider to install an SSL certificate on your server.
Step 5: Enable HTTPS on your site. Update all links, 3rd party scripts, canonical tags and redirects to point to the new HTTPS site. For a more in-depth process refer to the HTTP to HTTPS migration task list below.
HTTP to HTTPS Migration Task List by Xivic
When beginning your migration project, use the table below (via G-Sheet) to task out projects to your team. This 30-point list identifies the tasks to handle pre-launch, during launch and post-migration. Feel free to download the table and add it to your workflow.
Download detailed SSL Migration Task List
- 1. Inventory all 3rd party scripts
- 2. Purchase SSL Certificate
- 3. HTTPS Domain Verification
- 4. Rank Monitoring and Website Performance Testing
- 5. Crawl HTTP site
- 6. Install HTTPS certificate and verify HTTPS URLs
- 7. Canonicalization setup
- 8. Update 3rd party scripts
- 9. 301 Redirects Setup
- 10. HTTPS XML Sitemap
- 11. Robots.txt update and testing
- 12. Internal linking to HTTPS
- 13. Confirm CDN compatibility
- 14. Install WordPress HTTPS (plugin) - for WordPress only
- 15. Modify general settings to include https in-site URLs - for WordPress only
- 16. HTTPS Site Launch
- 17. HTTPS redirect implementation
- 18. Update XML Sitemap
- 19. XML Sitemap Indexation
- 20. Update Web Analytics Tools
- 21. Robots.txt update and testing
- 22. Verify HTTP to HTTPS (Internal Linking & Canonical Tags)
- 23. Verify HTTP to HTTPS (URL structure)
- 24. Update External Links
- 25. Validate SSL Server Configuration
- 26. Crawl HTTPS site
- 27. Confirm 3rd party scripts
- 28. Google Search Console Monitoring
- 29. Disavow Links
- 30. Rank Monitoring and Website Performance Testing
Best of luck in your upcoming migration!
Are you debating making the switch to HTTPS?
Here's a quick overview of the pro and cons to consider when weighing the decision to do an SSL migration:
More Security: Is your company working with sensitive personal data? If so, HTTPS is highly recommended to encrypt data transfers and protect user information.
Trust Signals: Moving to HTTPS can legitimize your business and build more trust because you are telling users that you are secured site.
SEO Boost: HTTPS sites are seeing ranking boosts and Google considers it as a positive ranking signal. According to Moz, 50% of Google's page one results in Google.
Safer Traffic: HTTP sites with forms or search boxes will often show a warning message to users, which can decrease your traffic.
Additional Cost: To go HTTPS, you will require an SSL Certificate. The annual cost can range from $39 to $299. There is also an extra charge for Certificate Warranties.
Lots of Redirects: HTTP and HTTPS are two separate URLs, so you will have to duplicate your site and set up new “https” pages. Establishing redirects from all HTTP pages to HTTPS pages is critical.
Errors: If you forget to move all files to HTTPS and a visitor finds an old HTTP page, they will get a warning message when visiting your site. This can affect user experience and conversion rates.
CDN Compatibility: Not all CDNs (Content Delivery Network) are created equal. If you run your site over a CDN, make sure that they support SSL certificates.
Reporting Issues: Be aware that it will take some time for Google to reindex your site after migrating to HTTPs. It is important to verify the new HTTPS in Google Search Console as soon as you go live.