Editor's note: This post was originally published to GoDaddy U.S. blog on 26 October 2017 and updated on 26 July 2018. It was republished to the Australia blog on 20 October 2020.
If you’re transferring any sensitive data of any kind, you should ensure you’re keeping it secure. One of the most effective ways of protecting data is to enable HTTPS — also known as SSL (secure socket layers) — to encrypt data transferring to and from your server.
This encryption is incredibly secure and makes it near impossible for hackers to intercept the transmission and access your user's personal information.
Consumers are becoming more aware of the importance of secure data transfer, and they often look for the lock that appears in their browser on HTTPS-enabled websites.
But that's not the only reason for enabling HTTPS on your website server!
In July of 2018, Google made a major shift and began adding "not secure" warnings to any HTTP website or blog URL viewed within the Chrome browser. Google had already added SSL into its search algorithm, but this new warning in Chrome was a game changer.
An SSL certificate is now needed on each and every website or blog. If your website or blog doesn't have an SSL certificate in place, now is the time to obtain an SSL certificate and enable HTTPS.
How to properly enable HTTPS on your server
-
Host with a dedicated IP address.
-
Buy an SSL certificate.
-
Request the SSL certificate.
-
Install the certificate.
-
Update your site to enable HTTPS.
Ready to dive into each step? Let’s go!
1. Host with a dedicated IP address
The first step is to ensure that you’re hosting with a dedicated IP address. Fortunately, if you’re hosting with GoDaddy — even on shared hosting — you don’t need to purchase a dedicated IP address because it comes free with your SSL certificate.
However, if you’re hosting with another provider, you must ensure that you’re using a hosting plan that gives you a dedicated IP. In many cases, this requires you upgrade to a VPS or dedicated server. Alternatively, you can transfer to GoDaddy and use any plan.
2. Buy an SSL certificate
Once you have a dedicated IP address, purchase your SSL certificate. This acts as a form of identification for your website.
The SSL certificate is simply a string of numbers and letters that you install on your server. When people visit your site through the HTTPS address, the password is checked, verifying that your website is what it says.
The certificate is used to encrypt all data that flows to and from the server where the certificate is installed. If you have to encrypt up to 100 domains, choose a SAN SSL, or for an unlimited number of subdomains opt in for a Wildcard SSL.
This SSL certificate must be purchased from a trusted retailer that is a Certificate Authority (CA).
They store a copy of the certificate password in your database, and that’s cross-referenced by incoming web traffic to ensure that your web address is connected to the correct server.
3. Request the SSL certificate
Next, you’ll need to activate your credit to redeem the certificate. To do this, log in to your GoDaddy account, and then click SSL Certificates. Next to the SSL certificate credit, you want to activate, click Set Up.
Refresh the page to see a New Certificate. If you don’t see it, wait a few minutes and try again.
Once you see a New Certificate, next to it click Manage. Depending on where you’re hosting your certificate, either choose the domain hosted in your account, if the certificate is with GoDaddy, or select Provide a CSR if it’s hosted with another company.
If you’re using a UCC Certification, enter any Subject Alternate Names that you wish to use, and then click Add.
If you have a Standard Issuance Certificate, click Request Certificate. Otherwise, click Next, and then complete the required information on the next page. This information is needed so that GoDaddy can verify that you control the common name associated with the certificate.
Once you’ve submitted this information, it takes between one and seven days to validate and verify your certificate request. During this time you might be asked for further information.
4. Install the certificate
Fortunately, this is one of the final steps — and the easiest. You should have downloaded the certificate from your provider, and now you need to install it onto your server.
If your website is hosted with GoDaddy, you can install it through your cPanel. Look for the button under SSL/TLS that allows you to Install an SSL Certificate.
Now, you only need to paste the certificate into the box, and then submit the form.
5. Configure your site to enable HTTPS
Allow the website a few moments to update, and then ensure visiting the HTTPS:// version of your website is possible. If the website loads, congratulations are in order, you've successfully installed your SSL certificate to enable HTTPS.
However, there’s one step left to ensure visitors are sent to your secure website.
You must re-direct users from HTTP to HTTPS on the relevant pages where secure information will be submitted. This also means that you’ll likely need to change the links to those pages to ensure that they are HTTPS rather than HTTP.
If you do wish to ensure that people visiting specific pages will be redirected to HTTPS rather than HTTP, it’s best to force this on the server-side. You can use the following piece of code at the top of your page. It’s in PHP, but you could also use another language:
// Require https
if ($_SERVER['HTTPS'] != "on") {
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: $url");
exit;
}
Alternatively, you can also force a redirection through your .htaccess file. The following code is an example that would redirect any user looking at their cart or the checkout page to the HTTPS version if they are not already on it:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(cart/|checkout/) https://%{HTTP_HOST}%{REQUEST_URI}
That’s all there is to it. If you have any issues with installing a certification into your GoDaddy account, then please contact the support team. They can assist you further.