Terms like HTTPS, SSL and Let’s Encrypt have long been on everybody’s lips when talking about modern websites. But what do they mean and why is this such an important topic?
You are probably asking yourself – with good reason – what all the hype surrounding these terms has to do with you and your website and why you should have to deal with it at all. This article aims to provide an answer to this question and an overview of the topic.
However, before we address why SSL could be important for your website, we would like to clarify the basics (experts may ➔ skip this section):
What does HTTPS mean
and what is an SSL certificate?
The abbreviations “HTTP” and “HTTPS” should look some kind of familiar to you as you may have seen them in your browser’s address bar. “HTTP” stands for ➔ “Hypertext Transfer Protocol” and is used to transfer data on the World Wide Web. If the data is encrypted during transfer, an “S” is simply added to the abbreviation “HTTP”. The S stands for ➔ “Secure”.
“SSL” is the corresponding encryption protocol and stands for “Secure Sockets Layer”. Having reached the technobabble stage already, we should add for the sake of completeness that the technology in use today is in fact called “TLS” (➔ “Transport Layer Security”). However, the term SSL is more common.
In order for your website to be available e.g. at https://www.yourwebsitename.com, you also need to have an “SSL certificate“. This digital certificate is only valid for a set period of time. It has to be stored on the web server and tells the web browser that it is connecting to the right server and that the connection is valid and secure. Until recently, certificates like this were relatively expensive to acquire. Fortunately, there is now an alternative that is completely free of charge: ➔ Let’s Encrypt certificates
Why SSL is important for your site
But why is SSL not only relevant, but actually very important for your website? Given that the effort involved in switching to SSL can vary depending on the website from just a few clicks to a significant outlay, there are good reasons for asking this question. The answer lies in its many beneficial aspects:
1. SSL is a ranking factor
Google’s position on SSL is clear: operators of spam sites, according to Google, rarely make the effort to encrypt the data that is transferred by their websites. In contrast, if a website has clearly had time and money invested in it, Google sees it as more trustworthy. For this reason, Google’s recommendation for some time now has been that website operators switch to HTTPS. SSL-encrypted websites also support HTTP/2, which increases speed. This is one reason that SSL is a positive ranking factor for Google (although there are presumably many other reasons that have not been published).
Though there may be fluctuations in your website’s search engine rankings during the switch, using SSL should result in it appearing higher up in the search results.
2. The GDPR makes data protection mandatory
If you ask your website users for personal data, we strongly recommend switching to SSL straight away, if you have not already done so! A number of data protection authorities in Europe already have the authority to take appropriate measures and impose penalties. The the GDPR (➔ General Data Protection Regulation) tightens the rules significantly!
3. Google Chrome shows a “not secure” warning
Google recently announced that ➔ the latest version of the Chrome browser will be released in July. When users visit a website that does not have SSL encryption, Chrome will warn them of this by showing the warning “Not secure” regardless of whether or not users are asked to enter data on the website. The current version of Chrome already shows an exclamation mark next to the URL for these websites.
As has already been mentioned, it is clear that Google has good reasons for doing this. Unfortunately, it is equally clear why this might not exactly inspire the trust of your website’s users.
4. Positive public image
Using an SSL certificate therefore generally sends a positive message to your website’s visitors! It shows them that you care about the security of their data and creates trust when they are asked to fill in forms or place orders.
Secure websites tend to be accessed more frequently and have lower bounce rates, which also has a positive effect on their ranking.
5. Referrers are not lost
If somebody follows a link from an encrypted page to an unencrypted page, the referrer is lost. This means that you will not be able to find out which page (whether external or internal) the user came from. If a website can be accessed via HTTPS throughout, referrers are also passed on.
How to switch your website to HTTPS
Even if you already want to switch your website over to HTTPS, there is still the question of how to do it. The following steps should at least provide a clear answer:
1. Set up a certificate
The most important part, of course, is to set up the certificate itself – you will need an SSL certificate for each domain that you operate.
You first need to decide whether you want to use a paid or a free certificate: if you want to use e.g. SSL encryption that verifies the person or company or a single certificate for your whole company, you will need to buy a certificate.
For most other purposes, though, a free Let’s Encrypt certificate will do the job. Unfortunately, Let’s Encrypt certificates are mot offered by all web hosting providers, and some of those who do charge a small setup fee. Others allow you to set one up for yourself on the backend. With easyname, it is particularly easy to activate a certificate, and it works like charm, with a simple click!
2. Link to HTTPS
Should you have used “hard coded” links anywhere on your website (links consisting of a full URL starting with “http://”), you need to change them to start with “https://”. You may also need to update your XML sitemap and any URLs in your internal databases and config-files.
3. Redirect all HTTP calls to HTTPS
You should now redirect all HTTP calls to HTTPS using what is called a “301 redirect”. How to set this up depends on your hosting provider. With easyname, you can activate this with a simple click right where you activated SSL.
4. Switch over search engines and other external tools
So by now, your website has been fully switched over. However, you should also remember to change any other URLs that link to your website: for example, it is recommended that you set up a new property in the ➔ Google Search Console. If you use ➔ Google AdWords, ➔ Bing Ads or any web statistics tools (such as ➔ Google Analytics), you should also switch those over now.
Sooner rather than later
Even if it is not absolutely necessary for you to switch to SSL yet, there are many reasons why it is a good idea. Even just because of all the advantages and the relative lack of disadvantages, it is best to take this step sooner rather than later!
We are also convinced of the importance and the need for secure connections, and we are not doing things by halves, which is why easyname is not only providing free Let’s Encrypt SSL certificates to all users, but is also ➔ sponsoring the Let’s Encrypt project!
As this article has shown, it is probably not as complex as you think – and if you have any specific questions, the easyname support team is happy to provide advice and assistance!