Moving a website to https
1. Is it as simple as a find / replace all links in my webpages to https instead of http?
2. After I move over to https will http still function. Is it a good idea to block http, I mean show some like "This Webpage does not exist". I don't like the idea of http redirect to https because that mean 2 requests would be sent to the server. Is there an elegant way to handle this?
3. After I move to https, would all the existing google search results for my website break. I mean how do people handle that?
TIA
9 Replies
2. http may or may not function depending on your web server configuration. For example, Apache may auto-redirect to https, do not display an error message on plain http, that is just wrong.
3. google is clever enough to understand that your site changed to https, if your Apache is properly configured to do a permanent redirect, then google will update its links and cache. Some years ago, google didn't handle the change properly and people lost their page rank.
@IfThenElse:
1. that would depend on your website architecture. For example, in WordPress it is a bit complex because you need to modify all internal links within posts/pages. There are tons of guides on how to do it. But overall, yes all you need to do is switch all links to https.
Its a website built on bootstrap. is find and replace the way to go for changing the links?
> 2. http may or may not function depending on your web server configuration. For example, Apache may auto-redirect to https, do not display an error message on plain http, that is just wrong.
There are some sections of the website where I don't want the website to function in http mode. eg. a user login section. What should I do in that case?
> 3. google is clever enough to understand that your site changed to https, if your Apache is properly configured to do a permanent redirect, then google will update its links and cache. Some years ago, google didn't handle the change properly and people lost their page rank.
Good to know that and many thanks for you replies
The whole point of HTTPS is to protect login sections among other things, basically everything. So why would you want to keep those unencrypted? that just doesn't make any sense.
@LivelyOde:
I want to move over to https / ssl from http. Before I do that I wanted to know what are the things I need to take care of.
…
Certbot is your way to go! Unless you require certificates from other specific entity, in which case you should follow this entity's instructions.
@LivelyOde:
1. Is it as simple as a find / replace all links in my webpages to https instead of http?
I would suggest you use certboot and then look into your logs. You will have a warning for each request made in an https page that loads none https resources. Note that if you use relative paths you don't have this problem. i.e. If you're loading all your css and .js locally with relative paths, you won't see any warnings regarding non https resource loaded.
@LivelyOde:
2. After I move over to https will http still function. Is it a good idea to block http, I mean show some like "This Webpage does not exist". I don't like the idea of http ressources to https because that mean 2 requests would be sent to the server. Is there an elegant way to handle this?
…
After you move to https, httpt requests will be redirected. Certboot will handle that. I dont recomend blocking http requests. Its not 2 requests. Its a redirect. Nothing is handled for http requests. Your server will handle https for every http requests. Certbot also handles temporarily redirection from http to https. This also makes you transition to https seamlessly for your users.
@LivelyOde:
3. After I move to https, would all the existing google search results for my website break. I mean how do people handle that?
…
After you move to https you should generate and submit new sitemaps to search engines. google will re-crawl your site (wile still having all your http links). All your traffic delivered by search engines to old http will be redirected from http to https, like every request. If you use Google's webmasters and analytics you should add new property to your site. For eachhttp://yoursite.com submited, add a propertyhttps://yoursite.com . That applies to subdirectories as well.
Again… I recomend you use certbot. It makes it very easy. Long go the days you would have to generate certificates and keys and edit all other confs, ports, etc… You don't even have to edit your server conf files. Here's certbot documentation:
Have fun!
my suggestion is to use either the dehydrated scriptacme shell script
they are both highly optimized, use the absolute minimum memory and they are very portable.
@IfThenElse:
certbot is rather bloated and a horrible memory eater, which causes all sorts of problems on servers with limited memory.
my suggestion is to use either the
or the dehydrated script. acme shell scriptthey are both highly optimized, use the absolute minimum memory and they are very portable.
I haven't set certbot cron's. And haven't seen any consumption changes on my server, but farewell. Don't know any of those but they should be good alternatives to LivelyOde.
@IfThenElse:
The whole point of HTTPS is to protect login sections among other things, basically everything. So why would you want to keep those unencrypted? that just doesn't make any sense.
BTW I wanted that login section to work on HTTPS but not on HTTP, I meant that I somehow want to disable all HTTP on the login section.
@virneto:
@LivelyOde:I want to move over to https / ssl from http. Before I do that I wanted to know what are the things I need to take care of.
…
Certbot is your way to go! Unless you require certificates from other specific entity, in which case you should follow this entity's instructions.
@LivelyOde:1. Is it as simple as a find / replace all links in my webpages to https instead of http?
I would suggest you use certboot and then look into your logs. You will have a warning for each request made in an https page that loads none https resources. Note that if you use relative paths you don't have this problem. i.e. If you're loading all your css and .js locally with relative paths, you won't see any warnings regarding non https resource loaded.
@LivelyOde:2. After I move over to https will http still function. Is it a good idea to block http, I mean show some like "This Webpage does not exist". I don't like the idea of http ressources to https because that mean 2 requests would be sent to the server. Is there an elegant way to handle this?
…
After you move to https, httpt requests will be redirected. Certboot will handle that. I dont recomend blocking http requests. Its not 2 requests. Its a redirect. Nothing is handled for http requests. Your server will handle https for every http requests. Certbot also handles temporarily redirection from http to https. This also makes you transition to https seamlessly for your users.
@LivelyOde:3. After I move to https, would all the existing google search results for my website break. I mean how do people handle that?
…
After you move to https you should generate and submit new sitemaps to search engines. google will re-crawl your site (wile still having all your http links). All your traffic delivered by search engines to old http will be redirected from http to https, like every request. If you use Google's webmasters and analytics you should add new property to your site. For eachhttp://yoursite.com submited, add a propertyhttps://yoursite.com . That applies to subdirectories as well.Again… I recomend you use certbot. It makes it very easy. Long go the days you would have to generate certificates and keys and edit all other confs, ports, etc… You don't even have to edit your server conf files. Here's certbot documentation:
https://certbot.eff.org/ Have fun!
@IfThenElse:
certbot is rather bloated and a horrible memory eater, which causes all sorts of problems on servers with limited memory.
my suggestion is to use either the
or the dehydrated script. acme shell scriptthey are both highly optimized, use the absolute minimum memory and they are very portable.
Many thanks!!