To make sure that the transition to https goes smoothly some rules need to be followed and thus we made a small checklist and documented how we transitioned form http to https
What is site security?
In one sentence: Encrypt all internet traffic between the user and the authorized owner of the website. This is enforced when using a HTTPS (Hypertext Transport Protocol Secure) certificate. Your website URL starts with an https:// instead of http://. If a user fills out a form on your website, the data will be sent encrypted (today 2014 usually with 2048 bit encryption) to the webserver.
What can go wrong?
We wanted to change from http to https for a long time but never made the switch because it requires quite some effort. But at one point you need to draw a line and make it happen, because in the future https is the better choice for your website. We were also concerned that the switch would negatively affect our search engine ranking and that we might lose most of our backlinks.
We also debate if we should move from a www domain to a non-www domain. So this would mean we would change from http://www.cloudtec.ch to https://cloudtec.ch. Changing not only the domain name but also adding https would put a lot of stress on our website ranking. This was our assumption and therefore we decided to only change to https and keep the www in front of the domain name.
To make sure that the transition to https goes smoothly some rules need to be followed and thus we made this small checklist:
How to migrate to HTTPS
- Generate a CSR, a Certificate Singing Request, on your webserver (your hosting provider can help you with that)
- Purchase an SSL Certificate...
- Screen your website code for absolute URLs. Your links should all use relative paths.
Like <a href="/web/blog/abc.html">A relative Link</a> and not <a href="http://www.cloudtec.ch/web/blog/abc.html">An absolute Link</a>
- Make sure to use protocol relative URLs for all other domains / scripts / images / css files that you include in your website. For example <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> has no http:// in the beginning. If you have mixed URLs some browsers will notify you with annoying messages that the website is insecure and this confuses the user. So you want to make sure you use protocol relative URLs in your entire website.
- Follow this guideline to make the transition happen with google and google webmaster tools.
- Don't forget to update google analytics URL
- If you have an absolute path to your sitemap in the robots.txt file don't forget to update this path!
- Update your Facebook apps and google plus accounts to the new URL. Update the google plus and Facebook button URLs. But be aware that your like counter only counts for a certain fixed URL. If you change the URL you also lose all the likes belonging to that URL.
- Update your main backlinks to https:// technically 301 redirects should pass "link-juice" to your new website, but if you can update some backlinks you should consider doing it.
- Redirect all traffic from http to https with a 301 redirect rule. If your website runs on Apache you can use the following rule in your HTACCESS file
- Install the SSL Certificate on your webserver (sometimes a reboot is necessary which causes a short down time)
- In a best case scenario you have a list of your URLs before the migration in order to check them afterwards if the URL is redirected to the new HTTPS version.
- Test your SSL certificate: https://www.ssllabs.com/ssltest/analyze.html
How did we do?
Update: The short answer: We did not suffer a drop in traffic. It actually improved by 7%, measured over one month the increased traffic could be also mean some seasonal increase.
We measure our google keyword ranking on a weekly basis to verify our SEO activities and to make sure we do not drop in the ranking. This gives us an opportunity to document the transition from http to https and to have a direct comparison to see how our ranking is affected.
The domain rank remained the same. We lost some of our URL rank but I am sure that we will regain it. We did monitor a change in the social shares count. Somehow now we have more google plus likes, but fewer Facebook likes. The declining Facebook likes were expected because http and https is not the same URL.
We measure our google ranking for business relevant keywords on a weekly basis. We did not measure an increase in traffic but an increase in rankings. I would assume that better rankings would lead to more traffic but currently this is not the case. Still I am thrilled to see our rankings go up.
The transition to https, went well. We did not encounter any bigger problems. Our page traffic remained on the same level and our google search ranking position for certain keywords improved. Overall we are happy to now deliver our content in https and make a strong statement towards secure internet communication.