How to Move From HTTP to HTTPS? How to Add SSL & Why Need It in 2025

How to Move From HTTP to HTTPS

Some have asked about how to migrate from http to https why you need it?

Well, there are a lot of SEO advantages for making such a change.

The “s” at the end of https stands for security—and that of course is indispensable on the web.

We’ll go over the specific reasons why you should migrate your site to https from http and how you can do that.

Why Make the Switch

You ought to know that Google is now pushing for https advocacy—well, so to speak.

The goal of that effort of course is to make the web a safe place for everybody.

But that is not the only reason why you should migrate your site.

Here are some of the biggest reasons:

  • The Big HTTP/2 Rollout—hosting providers today are slowly implementing HTTP/2. According to Mozilla, websites that have been optimized for HTTP/2 tend to perform 70% better compared to sites that are still on HTTP/1.1.

So, how do you take advantage of HTTP/2?

You need to be running your site on https.

  • You Get Better Referral Data

Another reason why you should switch to https is the fact that Google Analytics blocks data referral from http.

If your website or some of your posts or pages go viral, you won’t benefit from the referral data from other sites since Analytics will just ignore them.

  • It Builds Trust and Credibility

Users and site visitors tend to trust https sites.

According to one report, 77% of all site visitors will be concerned about their data (browsing history, site credentials, cookies, etc.).

In fact, almost 30% of all site visitors expect to see the green address bar that is usually associated with a secure site.

Just by being able to display the green padlock improves visitor or user trust.

How to Migrate from HTTP to HTTPS

In this section we will go over the steps to migrate your site from http to https. We’ll go over it step by step.

1. Get an SSL Certificate

The first thing that you will need to do is to obtain an SSL certificate.

What’s an SSL certificate?

It’s a set of small data files that contain keys that are specific to the details of organizations.

You also need to install it in order to activate the https protocol for your site.

It facilitates the secure connection between the server and the browsers that your site visitors use.

Some hosting companies provide a free SSL certificate of each website that you create.

Some only give one free SSL certificate per hosting account.

However, if you host multiple sites and you don’t have enough free certificates you can always purchase them from third party vendors like SSLs.com and GoGetSSL.

Three Primary Types of SSL Certificates

Domain Validation: these are certificates for single domains and it can also be used for subdomains too. This type of SSL certificate can be issued quickly, they are cheap, and they only need an email validation.

Business Validation: these certificates can only be applied to a single domain name or a subdomain. This type of SSL certificate is more secure since it requires business verification. However, it can take up to 3 days to setup.

Extended Validation: this type of SSL certification also applies to a single domain or subdomain. It also requires business verification and it gives your site that green address bar that site visitor looks for when they want a secure site.

One downside to this type of SSL certificate that you should know about is that it takes up to 7 days to get it setup.

2. Installing your SSL Certificate

The next step is to install your SSL certificate on your web server.

The way you install your SSL certificate will vary depending on which type of software you’re running.

There’s a different way to do it in Apache, NGINX, Microsoft IIS, WHM/cPanel, and others.

You should consult documentation on how to do this using the software of your choice.

There are also advanced options to make things more automated and there are options that give you more control.

3. Update All of Your Hard-Coded Links to HTTPS

Most of the time you don’t want to use hard coded links. Best practice dictates that you should use relative URLs.

However, it does happen and it will continue to happen that you have a few (and sometimes it’s more than a few) hard coded URLs on your pages.

This means that you will have to perform a full sweep of all of your web pages and posts after migrating your site to https.

However, there are tools that you can use to search your database for you.

Note that you might still miss some URLs even after doing a sweep.

You might have to perform sweeps several times even after your site is up and running again.

4. Update All Your Libraries to HTTPS

Next, you need to update your AJAX, JS, and custom libraries.

All custom scripts and third party scripts need to be updated to make sure that they point to the new https.

You will get a mixed content warning if you miss the scripts.

5. Create 301 Redirects That Point to the New HTTPS URLs

Think of 301 redirects as a safety net for your site.

If you fail to do so then you might see your SEO rankings rocket skyward.

There have been a lot of sites (way too many) that have dropped out of the SERPs overnight because the webmaster forgot to do this.

6. Update robots.txt

The next place to look into is your robots.txt.

It might still contain blocking rules as well as hard-coded links in it.

In short, it might still be (or at least some sections of the file) pointing to the old http versions of files and directories.

7. Install Your SSL Certificate on the CDN

The options to install your SSL certificate to the CDN will vary depending on your provider.

Note that a lot of providers will give you shared SSL options while others won’t.

Another option that providers will give you is custom SSL.

If you have shared SSL then you should enable it.

If you have KeyCDN then shared SSL is free.

Now, if you have free custom SSL the you should enable that as well.

Note that your custom SSL will require a separate certificate from the certificate that came with your main domain.

Sometimes you will have to purchase another certificate, which will cost you less than $15.

8. Update the Origin URL

You also need to make sure to update your origin URL.

This should be a fairly simple process since you’re just changing it from http to https.

9. Enable HTTP/2 Support

The next step is to enable HTTP/2 support on the CDN.

The process will be different depending on the type of tool that you use.

There are different tools provided by a variety of content delivery networks.

The steps will be a bit different on Akamai, on Amazon CloudFront, and also on KeyCDN.

10. Update all Hard-Coded CDN Links

Yes there are hard coded CDN links.

It will feel like you’re doing it all over again but at least you’re just doing it just this one time only.

You’re going to do the same thing you did did for your hard coded domain links.

You need to update these CDN links to the new https version.

The good news is that you can install a search and replace script, which makes the job a lot easier for you.

However, just make sure to remove or delete this script as soon as you’re done.

11. Update Everything on the SEO Side

After you’re done with all the steps mentioned above, your site should be completely running in https mode. However, don’t rush the celebrations just yet.

You still have a bit of work left on the SEO side.

The next step is to update your settings and links which means you need to do a fetch and crawl after you update your Google Search Console and also on your Sitemaps.

You should know by now that Google’s web crawlers don’t need your sitemaps to go over every nook and cranny of your website.

That means you can create one or not and it will not affect your rankings.

However, sitemaps are useful in case you need to verify if your images on your webpages are indexing.

A sitemap is also very useful for debugging any indexing issues.

You also need a new Google Search Console profile.

This is a rather simple process since all you’re doing is adding this property.

Finally you need to perform a fetch and crawl, which helps speed things up and get your newly updated site indexed again.

Note that there are cases when it took several weeks for web crawlers to go over a new https site.

12. Resubmitting a Disavow File

Since you submitted your new Google search console profile earlier then you are now required to create and then submit a new disavow file in that new profile.

If you ever needed to remove one or a few of your backinks then you have experienced submitting a disavow file.

You can download your original disavow file by logging in with your original profile for Google Search Console.

Open the Google Disavow tool and download your disavow file.

Once you have downloaded that file you can go back to your new profile.

You can then use the Google Disavow tool again and then resubmit that file under https.

And that’s it for this guide on how to migrate from http to https why you need it. If you have any questions leave a comment below.