When I switched my website to use HTTPS (HTTP over TLS), I followed the HTTPS everywhere suggestion by Google. Now it’s more important than ever, since the search ranking benefits sites with HTTPS enabled.
The first thing I did is getting a certificate. Let’s Encrypt provides free certificates and useful tools to issue and install them in the server. I read the Getting Started documentation and followed the appropriate instructions for my server system.
In my case, I had shell access to my server. So I visited the Certbot site and selected my web server and my operating system. The automated method is very interesting, as it installs the certificate and keeps it updated automatically. There are 2 ways to check the ownership of the site: by using your own web server, or the one that comes bundled with the tool. The latter requires to shut down your server temporarily, but it works very well, so if you can afford that downtime I recommend it.
The only missing thing to do after installing the certificate is configuring the web server and point to the certificate.
When I switched, I was using nginx in a Debian Linux server, so I opened
/etc/nginx/sites-enabled/my-site and added
listen 443 ssl;. Then I added these two lines to use the certificate:
The directory already has proper permissions, so it’s something you should not worry about.
As I mentioned before, the Certbot tool will take care of updating the certificates, that’s why (I think) the subdirectory is named
I also added a new
server entry for port 80, so I can redirect to the secure protocol (replace example.com with your domain):
return 301 https://example.com$request_uri;
Notice I’m using
https in the redirected URL. That way the HTTPS version is always used and duplicated content is avoided.
That’s it! Don’t forget to restart the webserver.