Installing an SSL Certificate in 15 minutes, for free!
It is now 2017. Happy New Year! Want to spend 15 minutes making your website a bit better?
See that green lock in the top left of your browser? That’s a fancy way of showing off that my website is super secure and has a SSL certificate. The SSL certificate allows me to encrypt the data between my server and my visitors’ browsers.
Google has been favoring sites that have a SSL certificate for the past year. There was a sizable shake-up in their algorithm last November and sites with SSL installed have seemed to bounce back at much higher rates.
Since January 1st, Google Chrome is giving a warning message when visitors browse on a site that doesn’t have a SSL certificate. They’re shaming websites into transitioning to https. SSL also allows for HTTP/2, which will make your site load faster and more efficiently.
Squarespace users, this is the one time I’m slightly jealous.. just click here and follow the two click instructions to a secure site.
WordPress people.. stay with me.
Step One // Get a SSL Certificate
In the past, these certificates were anywhere from $50-200 a year. Kind of a bummer.
Last year, a company called Let’s Encrypt was formed to fix that problem. Their goal is to have the entire internet switch to https by making the service free and automatic.
So. First, check with your current web host. Hopefully they are one of the many that are already setup to add Let’s Encrypt. (List of hosts that support here.)
Log into your hosting and see if there is an option to quickly install a Let’s Encrypt SSL certificate.
If your host doesn’t play nicely, you can read the above link for manual installation.. just note that you’ll have to install every 3 months when the certificate expires.
Or I’d just buy an SSL through here or from your current host.
Step Two // Make the Switch
The fun part. Every reference to your website in your website’s code needs to say “https” instead of “http” or visitors will get a mixed content error when they visit your site. Luckily, there are plugins that can do this for you.
I’ve had good luck with this one, Better Search Replace. All you need to do is search for “http” and replace it with “https”. You can run it on all of the tables in the list and do not check replace GUIDs.
Now, you need to go into your WordPress General settings and update your URL to the https version.
Check your site, see if you’re getting the green lock. If you aren’t, using Google Chrome’s developer tools will show you where the errors are coming from. Click View > Developer Tools > Console, and then load your site again. In the past, I’ve had to reload my logo and favicon because they were loaded through my previously un-secure backend in the theme.
If you’re still having issues, try this plugin, SSL Insecure Content Fixer.
Step Three // Redirect & Tell Google
Now that your site is working at its new https address, it is time to redirect from your old http address. If you have Yoast SEO plugin, go to Tools > File Editor and then put this code in your .htaccess file.
If this is going over your head or you’re having troubles, just contact your host’s tech support and they’ll help you get this redirect in place!
After you get the redirect, it’s time to let Google know about your change.
Log into Search Console (previously Webmaster Tools) and add your new https domain. Set it as the preferred domain.
Google treats this as a site move, so read these instructions. Don’t forget to update your Google Analytics code as well.
You’re all done! Congratulations on a more secure site.