All for Joomla All for Webmasters
Connect with us

How to Migrate from HTTP to HTTPS a Complete Guide

Wordpress

How to Migrate from HTTP to HTTPS a Complete Guide

In 2014, Google made some very important corrections in its > href=”http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html”>ranking algorithm that it will be giving a ranking boost, maybe it’s slight, to websites that use the secure connections, from then on top blogger’s around started to convert their blog from http to https.

We use internet, for everything but we have to make sure our website is secured for all our users.

Security from these

  • Malware injections
  • Popups triggering software installs
  • Trojan horse viruses
  • etc.

So i decided to shift my website to HTTPs, there are two most important reasons why you need to do that

Why https ? 

  1. Faster Performance:  Performance benefits with HTTP/2. Every site I migrate to HTTPS all see speed improvements. Is it because they are running over HTTP/2? Yes, of course it is. Because of the better multiplexing, parallelism, HPACK compression (Huffman encoding), ALPN extension, server push, etc., it now makes up for that TLS overhead. And finally getting rid of some of the hacks like domain sharding and concatenation is a plus in my opinion.
  2. Better SEO: Google has said that there is a slight ranking factor for sites running over HTTPS. (I don’t care how much it is, anyone in SEO will take any advantage they can get. I know I do.)
  3. More Secure: The obvious, better security. Even WordPress blogs shouldn’t be passing login info in plain text. The arguments that blogs don’t need HTTPS is ridiculous. Any information no matter where it is passed should always be encrypted, whether it is credit card data, usernames, passwords, etc.
  4. Builds Trust:  By using HTTPS you can build trust with your visitors and possibly even help your conversion rates. I know I will never put any information into a site if it doesn’t have that green padlock at the top.

To discover why, let’s start with some definitions:

http (or Hyper text Transfer Protocol) a simple protocol for sending and receiving text-based messages. You can see just how integral http is to the online world by looking at the beginning of any Web address.

On the plus side, http is fast and reliable. On the minus side, it’s as secure as a diamond at a cat burglar’s convention. There are lots of ways to hack your way into data being transferred via http and while that’s not a problem for many online data transfers (e.g. watching a video, viewing a website), it is a problem if you need to protect the data that’s being sent.

https (or Hyper text Transfer Protocol Secure) the same protocol as HTTP, but the text is encrypted.  Used on sites that feature eCommerce, banking, and even just a login page, https protects data by encrypting it before sending it either way by using an SSL (Secure Sockets Layer) Certificate.

An SSL certificate contains both public and private encryption keys that are long strings of alphanumeric characters used to encrypt data in a way that’s very hard to crack thus making it ideal for protecting sensitive data.

https-site-850x476-750x420 How to Migrate from HTTP to HTTPS a Complete Guide

So let’s have a look how i migrated from http to https, a complete guide.or use GoDaddy SSL certificates on NGINX server.

Step 1. Get ready

Before buying SSL Certificate and changing your website, consider these things first

  • Make sure you move your website on an off peak time, as it will give some downtime for your blog, it’s really important not to affect your traffic.
  • Prepare where to buy and check which is the best SSL Certificate, there are 3 types Standard, UCC/SAN SSL and Wildcard SSL.

Step 2: Buy SSL certificate

There are many websites where you can buy SSL certificate for your website, the price varies from one to another. If you have bought your domains from GoDaddy, i recommend you buy from GoDaddy as its easy to maintain all your domains and certificates in one place.

Recommended Below..

  • The SSL Store™: The Definitive Source for Your SSL Certificate
  • GoDaddy  : one of the leading domain seller’s in the world.

Some of the sites where you can find good deal :

Name Rating Starting price / 1yr in USD
SSL Type Warranty Visit Provider
Network solutions 5 $49.99 OV EV DV $1000000 More
Entrust 4.5 $155 EV OV $1000000 More
Symantec 4.5 $399 EV OV $1500000 More
Digicert 4 $195 OV EV DV $1000000 More
GeoTrust 4 $149 OV EV DV $500000 More
Thawte 4 $149.99 OV EV DV $1000000 More
Rapid SSL 3.5 $49 DV $1000000 More
Comodo 3.5 $64.59 OV EV DV $1000000 More
Geocerts SSL 3.5 $99 OV EV DV $500000 More
GoDaddy 3.2 $63.10 OV EV DV $1000000 More

You can find many free SSL Certificates like Cloudflare, Let’s Encrypt ( 90 days free )

Step 3 : Generate Key and CSR for SSL certificate in NGINX Server

I am using, linode as my hosting provider, it’s the best ever hosting i have ever bought only thing is its tough for regular users as its only command line ( SSH ) interface. But i can recommend it’s the best and reasonable. I am using NGINX Server, will write-up in next article why i ditched Apache.

To Generate NGINX CSRs

  1. Connect to your server via SSH (more info).
  2. Run the following command:
    openssl req -new -newkey rsa:2048 -nodes -keyout your www.technohacker.key -out www.technohacker.csr

    Replace your domain name with the www.technohacker.com you’re securing. For example, if your domain name is www.coolwebsite.com, you would type www.coolwebsite.com.key and www.coolwebsite.com.csr.

  3. Open the CSR in a text editor and copy all of the text. ( Copy the full code )
  4. Paste the full CSR into the SSL request area in your account.

If you are finding trouble for Generating key and CSR above : Check Godaddy help ( Here )

Step 4 : Download Certificate 

Once your domain is verified by GoDaddy, and for further they may ask you your business details and domain authorization letter with name and duly signed on it. Submit the required documents in the portal and wait for 72 hours for verification. Once your account it verified

you have successfully got SSL certificates for your domain. Before downloading you need to check your server to which you are configuring, for me it’s NGINX so i selected Others from the list. and downloaded my certificates to my computer.

Step 5 : Install SSL on Nginx

The zip file contains 2 files: www.mysite.com.crt and gd_bundle.crt. You need to combine both files into one file, with your domain ssl file on top. so unzip the zip file and combine them.

cat www.mysite.com.crt gd_bundle.crt > mysite_combined.crt

If you don’t combine them, browser will not be able to verify certificate authority (CA), and pop-up dialog or warning messages, which will certainly scare your site visitors away.

Now copy both combined crt and www.mysite.com.key files to your ssl folder on the server, and edit your nginx.conf

 server { 
listen 443; server_name www.mysite.com; ssl on; 
ssl_certificate /your/ssl/folder/mysite_combined.crt; 
ssl_certificate_key /your/ssl/folder/www.mysite.com.key; ... } 

then reload the processes to make the change take effect.

/etc/init.d/nginx reload

That’s it.

Step 6 : Change all website links to HTTPS

Start changing your links from http to https,there are many plugins to do that, it’s a piece of cake for WordPress users. Download these plugins and replace your old url

Old URL : https://www.technohacker.com    to New URL : https://www.technohacker.com

Things to do : 

  • Convert all image links to new url
  • convert all your database links
  • change your domain url in Settings > General 

WordPress plugins that will help you out :

The app was not found in the store. 🙁 #wpappbox

Links: → Visit Store → Search Google

or

The app was not found in the store. 🙁 #wpappbox

Links: → Visit Store → Search Google

and you can also use this standalone wonderful script to change website links from interconnectit.com check here – [ url ]

you can also use this WordPress plugin if you are finding difficult in using the search and replace plugins, In one click it will make your website https. You will be able to solve many errors after installing this plugin.

The app was not found in the store. 🙁 #wpappbox

Links: → Visit Store → Search Google

Step 7 : Tweaking your nginx.conf file

Finally, let’s create the actual https server (for this, I edited the default domain server. I’m only showing the top of the definition — only the bits that I altered:

server {
  listen 443 ssl;
  listen [::]:443 ipv6only=on;

  ssl_certificate ssl/www.mydomain.com.crt;
  ssl_certificate_key ssl/www.mydomain.com.key;

  root /path/to/the/root/of/your/site;
  index index.html index.htm;

  # Make site accessible from http://localhost/
  server_name mydomain.com  www.mydomain.com;

  location / {
  # More lines…

Perfect forward secrecy and HSTS

To get an A+ on SSLLabs (because you know you want to), you need to add perfect forward secrecy and HTTP Strict Transport Security (HSTS). The former is based on the cipher suites used and the latter simply requires one line of configuration code:

server {
  # …

  # Perfect forward secrecy
  ssl_prefer_server_ciphers on;
  ssl_dhparam /etc/nginx/ssl/dhparams.pem;
  ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 
  EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

  # HSTS
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

  # …
}

You can check your SSL configuration in SSLLabs, If you find difficulty in installing SSL Certificates on your domain and go some error’s and having trouble in getting A+ comment us, i will be able to help you out to get minimum A .

Happy with the article, Please share and comment !

Continue Reading
You may also like...

Hey Guys i am from Koppal, Karnataka. I love to blog things relating to tech specially Apple and Google. A Gadget Lover and Owns a Tech Store "digital point"

Comments

Facebook

Recent Posts

How-To’s

To Top