Why Change your Website to HTTPS?
Implementing HTTPS improves the security of your website and helps keep communication to and from the website secure.
Websites with HTTPS may rank higher in search engines.
HTTPS enabled websites show a padlock to website visitors so they are more likely to trust the website (especially if it is an e-commerce website) or a website that stores personal client data.
1. Enabling HTTPS
With the introduction of free SSL certificates (e.g. from Let's Encrypt), you may find that HTTPS is already enabled for your domain or it can be enabled in a few clicks in the control panel. Browsing to the https version of your website will tell you immediately if https is enabled or not.
SiteGround
- Login to cPanel and click on "Let's Encrypt"
- Check that the SSL certificate is already installed for the relevant domain
- Let's Encrypt certificates are automatically renewed
VentraIP Legacy Economy and Business cPanel Accounts
- Log in to https://vip.ventraip.com.au and go to Shared Hosting -> Manage -> [Domain Name] -> Let's Encrypt SSL
- Click on "Install" to install the Let's Encrypt certificate for your domain, if it's not already installed
- Let's Encrypt certificates are automatically renewed
VentraIP Newer cPanel Accounts
- Log in to https://vip.ventraip.com.au and go to Shared Hosting -> Manage -> [Domain Name] -> AutoSSL
- Click on "Start AutoSSL Check" to initiate the installation of the AutoSSL certificate for your domain and follow the prompts to complete the installation, if it's not already installed
- AutoSSL certificates are automatically renewed
Zuver
- Log in to https://my.zuver.net.au and go to Hosting Services -> Manage -> [Domain Name] -> Let's Encrypt
- Click on "Install" to install the Let's Encrypt certificate for your domain, if it's not already installed
- Let's Encrypt certificates are automatically renewed
Check that https is enabled by browsing to the https version of your website. You should see a green padlock or similar near the url in your web browser.
2. Joomla
Log in to the back-end of the Joomla website and set System -> Global Configuration -> Server -> Force HTTPS to "Entire Site".
3. htaccess
Redirect the HTTP version of the website to HTTPS by adding the following at the end of the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
4. Fix Mixed Content
Update any remaining http links to https links so website visitors don't see mixed content warnings in their browsers. The following and similar tools can help identify remaining http links:
- HTTPS Checker is a desktop application for Windows, Mac or Linux and the free version allows you to crawl up to 500 pages
- SSL Error Checker is an online tool which checks a single URL
- WhyNoPadlock is an online tool which checks a single URL
4.1 Akeeba Admin Tools
If the http links can't easily be changed to https (or there are too many to easily change manually), the links can be converted automatically to https using an option in the free or the paid version of Akeeba Admin Tools. This option can be found at Components -> Admin Tools -> SEO and Link Tools -> Convert all links to HTTPS when site is accessed over SSL.
4.2 Regular Labs ReReplacer
The free or paid version of Regular Labs ReReplacer can be used to change all https:// references in the source code to https:// although this is a fairly heavy handed approach and you'd need to check your website is still working as expected after implementing this change.
If using ReReplacer, you could use a link checker such as one of the following to check for broken links:
- https://extensions.joomla.org/extension/link-checker (free Joomla extension)
- https://validator.w3.org/checklink (free online tool)
5. robots.txt
Update http:// references in your robots.txt file to https:// where appropriate.
6. Google Search Console (aka Webmaster Tools)
Add the https version of the website to Search Console and submit the https:// version of the sitemap. Remember to resubmit your site map for the https version of the website.
7. Google Analytics
Change the Property setting of the website from http:// to https://
8. Social Networks
Social Networks usually treat the https version of the website as a separate website so you may have to start from zero again with your "share" and "like" counts. This can sometimes be worked around by choosing an option in your social network extension (e.g. Fast Social Share) to continue to display the share and like counts from the http version of the website until you have collected sufficient shares and likes on the https version of the website.
9. Automatic SSL Certificate Renewal
Let's Encrypt SSL certificates seem to be valid for 90 days and should auto renew 30 days before expiry (at least this is the case on SiteGround). Unfortunately the renewal process sometimes fails. Let's Encrypt certificates are issued for the domain and also any subdomains associated with the main domain e.g. mail.domain-name.com at the time the certificate is created. If the subdomains change in any way during the life of the certificate, the original certificate must be manually cancelled in favour of a new certificate. Assuming your subdomains don't change, then the next renewal should go through as expected.
March 2018 Update:
SiteGround now offer free "wildcard" Let's Encrypt SSL certificates which probably fixes the automatic renewal failure problem.