If you’re transferring any sensitive data of any kind, you should ensure you’re keeping it secure. One of the most effective ways of protecting data is to enable HTTPS — also known as SSL (secure socket layers) — to encrypt data transferring to and from your server. Learn more by checking out our Help Center's guide on What is an SSL certificate.
Go from idea to online in minutes with GoDaddy Airo™
Get started now.
This encryption is incredibly secure and makes it near impossible for hackers to intercept the transmission and access your user's personal information.
Consumers are becoming more aware of the importance of secure data transfer, and they often look for the lock that appears in their browser on HTTPS-enabled websites.
But that's not the only reason for enabling HTTPS on your website server!
In July of 2018, Google made a major shift and began adding "not secure" warnings to any HTTP website or blog URL viewed within the Chrome browser. Google had already added SSL into its search algorithm, but this new warning in Chrome is a game changer.
An SSL certificate is now needed on each and every website or blog, especially if you are collecting any sensitive data on a contact form. If your website or blog doesn't have an SSL certificate in place, now is the time to obtain an SSL certificate and enable HTTPS.
How to properly enable HTTPS on your server
- Buy an SSL certificate.
- Request the SSL certificate.
- Install the certificate.
- Update your site to enable HTTPS.
Ready to dive into each step? Let’s go!
1. Buy an SSL certificate
Purchase your SSL certificate. This acts as a form of identification for your website.
The certificate is used to encrypt all data that flows to and from the server where the certificate is installed.
This SSL certificate must be purchased from a trusted retailer that is a Certificate Authority (CA).
They store a copy of the certificate password in your database, and that’s cross-referenced by incoming web traffic to ensure that your web address is connected to the correct server.
2. Request the SSL certificate
Next, you’ll need to activate your credit to redeem the certificate. To do this, log in to your GoDaddy account, and then click SSL Certificates. Next to the SSL certificate, you want to activate, click Set Up.
Once you see a New Certificate, next to it click Manage. Depending on where you’re hosting your certificate, either choose the domain hosted in your account, if the certificate is with GoDaddy, or select Provide a CSR if it’s hosted with another company. Remember to keep the private key, as you are going to have to install it to your server as well.
If you’re using a UCC certificate, enter any Subject Alternate Names that you wish to use, and then click Add.
If you have a Standard Issuance Certificate, click Request Certificate. Otherwise, click Next, and then complete the required information on the next page. This information is needed so that GoDaddy can verify that you control the common name associated with the certificate.
Once you’ve submitted this information, the SSL verification usually takes 15 minutes, but it might take between one and seven days depending on the case. During this time you might be asked for further information.
3. Install the certificate
Fortunately, this is one of the final steps. You should have downloaded the certificate from your provider, and now you need to install it onto your server.
If your website is hosted with GoDaddy, you can install it through your cPanel. Look for the button under SSL/TLS that allows you to Install an SSL Certificate.
Now, you only need to paste the certificate into the box, and then submit the form
4. Configure your site to enable HTTPS
Allow the website a few moments to update, and then ensure visiting the HTTPS:// version of your website is possible. If the website loads, congratulations are in order, you've successfully installed your SSL certificate to enable HTTPS.
However, there’s one step left to ensure visitors are sent to your secure website.
You must re-direct users from HTTP to HTTPS on the relevant pages where secure information will be submitted. This also means that you’ll likely need to change the links to those pages to ensure that they are HTTPS rather than HTTP.
If you do wish to ensure that people visiting specific pages will be redirected to HTTPS rather than HTTP, it’s best to force this on the server-side. You can use the following piece of code at the top of your page. It’s in PHP, but you could also use another language:
// Require https if ($_SERVER['HTTPS'] != "on") { $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; header("Location: $url"); exit; }
Alternatively, you can also force a redirection through your .htaccess file. The following code is an example that would redirect any user looking at their cart or the checkout page to the HTTPS version if they are not already on it:
RewriteEngine On RewriteCond % off RewriteRule ^(cart/|checkout/) https://%%
If you’d like to know more about SSL, setting it up and installing it, have a look at this SSL guide.
If you would rather us handle the installation and maintenance on your SSL, check out our Managed SSL option.
Start taking back your day.
We built The Hub by GoDaddy Pro to save you time. Lots of time. Our members report saving an average three hours each month for every client website they maintain. Are you ready to take back that kind of time?
*AI-assisted full website including all of the premium features like online store, appointment scheduling, and marketplace selling to name a few, requires paid subscription.
Social media marketing calendar available with GoDaddy Airo, some features will require paid subscription.
Professional Email through Microsoft Office 365 30-day free trial with an option to renew into a paid subscription beyond the promotional period.
While the LLC starter plan is free, there are likely some state and/or local filing fees associated with your filing which will be determined during the filing process.
This article was updated in October 2024, the original content was published in 2021.