How to Migrate a Site from HTTP to HTTPS

Moving a site from HTTP to HTTPS is one of the most important steps for your site's security and visitor trust. Google flags HTTP sites as "Not Secure" in Chrome, which drives visitors away. Also, HTTPS is a ranking factor on Google. See our detailed SEO guide for more information - since 2014. In this guide we'll walk you through the entire migration process step by step.

Why HTTPS matters

HTTPS (Hypertext Transfer Protocol Secure) encrypts communication between the visitor's browser and your server. Without HTTPS, all information - including passwords, credit card details, and personal data - is sent as plain text that anyone on the network can read. This is especially dangerous on public WiFi networks where an attacker can easily intercept unencrypted traffic.

In addition to security, HTTPS affects user trust. Chrome displays a padlock icon next to the URL for HTTPS sites and a "Not Secure" warning for HTTP sites. According to research, 85% of online buyers won't buy from a site without HTTPS. Even for sites that don't process sensitive data, HTTPS has become the standard users expect.

Google has used HTTPS as a ranking signal since August 2014. Sites with HTTPS have a small but measurable advantage in search results over HTTP sites. Also, many modern web technologies (HTTP/2, HTTP/3, Service Workers, Geolocation API) require HTTPS to work.

Step 1: Obtaining an SSL certificate

A digital certificate for web communication protection is the certificate that enables an HTTPS connection. There are several types of SSL certificates. The DV (Domain Validation) certificate is the simplest and fastest to get - it only confirms domain ownership and is usually issued within minutes. This is a sufficient choice for most sites.

The OV (Organization Validation) certificate additionally confirms the organization's identity and requires verification of business data. The EV (Extended Validation) certificate provides the highest level of validation and displays the organization name in the browser address bar. OV and EV certificates are recommended for e-commerce sites and financial institutions.

Let's Encrypt offers free DV SSL certificates that renew automatically. BeoHosting includes free Let's Encrypt SSL certificates on all hosting plans with automatic installation and renewal - you don't have to do anything, SSL is active as soon as the domain propagates to our server. For companies needing OV or EV certificates, we also offer commercial SSL certificates.

Step 2: Installing the SSL certificate

If you use BeoHosting, SSL is already installed and active on your domain. For other hosts, the process depends on the control panel. In cPanel, go to SSL/TLS Manager, then "Install and Manage SSL for your site". Select the domain, enter the certificate, private key, and CA bundle, then click Install.

For Let's Encrypt in cPanel, go to "Let's Encrypt SSL" or "SSL/TLS Status" and click "Issue" for your domain. The process is automatic and the certificate will be active within seconds. Be sure to issue the certificate for both www and non-www versions of your domain so both versions are covered.

After installation, test whether SSL works correctly by opening your site with the https:// prefix. You should see a padlock icon in the address bar with no warnings. If you see a warning about an insecure connection, the certificate may not be properly installed or there may be a certificate chain problem.

Step 3: Setting up redirects

After SSL installation, you must redirect all HTTP traffic to HTTPS. Without redirects, your site will be available on both http:// and https://, which creates duplicate content issues for SEO. Also, users who type your domain without the https:// prefix will still see the insecure version.

The most common way to redirect is via the .htaccess file for Apache servers. Add the following code at the top of the .htaccess file: RewriteEngine On, RewriteCond %{HTTPS} off, RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]. This will permanently (301) redirect all HTTP requests to the HTTPS version, preserving the original path and parameters.

For Nginx servers, add a server block listening on port 80 that returns a 301 redirect to the https:// version. For LiteSpeed servers (which BeoHosting uses), .htaccess rules work the same as on Apache. Be sure to use a 301 (permanent) redirect, not a 302 (temporary), so Google properly transfers SEO value to the HTTPS version.

For WordPress sites, also change the WordPress Address and Site Address in Settings > General from http:// to https://. This ensures WordPress generates all internal links with the HTTPS prefix.

Step 4: Fixing mixed content

Mixed content is the most common issue after migrating to HTTPS. It happens when an HTTPS page loads resources (images, scripts, styles) over HTTP. The browser blocks or warns about this mixed content because unencrypted resources on an encrypted page undermine HTTPS security.

To find mixed content, open your site in Chrome, press F12 for Developer Tools, and look at the Console tab. Every mixed content problem will be displayed as a warning or error with the exact URL of the problematic resource. Also, a tool like Why No Padlock (whynopadlock.com) can scan your site for mixed content issues.

For WordPress sites, the Really Simple SSL plugin automatically fixes most mixed content issues by changing HTTP links to HTTPS. For manual fixing, change all internal links from http:// to https:// in site content. Use the Search Replace DB tool or the Better Search Replace WordPress plugin for mass replacement of http://yourdomain.com with https://yourdomain.com in the database.

For external resources (images from other sites, third-party scripts), check whether they're available over HTTPS. Most modern services support HTTPS. If some external resource isn't available over HTTPS, consider hosting that resource on your own server or finding an alternative that supports HTTPS.

Step 5: Updating Google Search Console

Google Search Console treats HTTP and HTTPS versions of your site as different properties. After migrating to HTTPS, you must add a new property for https://yourdomain.com in Search Console. Don't delete the old HTTP property - keep it to track how Google transitions to the HTTPS version.

In the new HTTPS property, submit an updated sitemap.xml containing HTTPS URLs. Check that robots.txt is available on the HTTPS version and doesn't block access to important pages. Monitor the Coverage report in the following weeks to see whether Google is successfully indexing the HTTPS versions of your pages.

Also, update your site in Google Analytics (change the default URL to https://), Google Business Profile, and all other services where your site is registered. Update links on social networks and in email signatures to use the HTTPS version.

Step 6: Verification and testing

After completing all steps, thoroughly test the site. Check that all pages load the HTTPS version. Test redirects - type http://yourdomain.com, http://www.yourdomain.com, https://www.yourdomain.com and all should lead you to https://yourdomain.com (or the www version, depending on your preference).

Use the SSL Labs test (ssllabs.com/ssltest) to verify SSL certificate configuration. The goal is a grade of A or A+. This test checks SSL/TLS protocol version, encryption strength, certificate chain, and potential vulnerabilities. If you have a grade lower than A, follow the recommendations for improvement.

Check that all forms, user login, e-commerce functionality, and interactive elements work correctly over HTTPS. Test on different browsers and devices. Monitor Google Search Console in the following weeks for any errors in indexing the HTTPS version.

Conclusion

Migrating from HTTP to HTTPS is an essential step for your site's security and SEO. The process requires attention to detail, but with the right approach can be completed in a few hours. The key steps are SSL certificate installation, setting up 301 redirects, fixing mixed content, and updating Search Console. With BeoHosting, the SSL certificate is free and automatically installed, eliminating the most complex step in the process. If you need help migrating to HTTPS, our support team is at your disposal.