What is HTTPS and SSL? Do I need it? How do I get it?
Since folks like Google now prioritize HTTPS sites (hello SEO boost!) or serve warning messages to visitors on unsecure sites, folks have been paying a lot more attention to secure HTTPS encryption these days. Everyone wants a green padlock. :) And with good reason! Who doesn't want to give their potential clients and customers (hi, eCommerce) all the peace of mind in the world?!
That said, HTTPS isn't automatic. It is a few extra steps that really depend on the hosting company you use, so we don't walk through it in our lessons. You need to get a SSL certificate applied to your site to get the goods.
Many hosting companies have taken notice, and a number have partnered with Let's Encrypt to offer free SSL certificates. While these simple SSL certificates may not work for all types of websites, they'll likely work just fine for projects like we build here. (And third-party "bring your own" SSL certificates are available from other providers for more complex cases.)
You'll have to research your own hosting solution's documentation to see if they provide free SSL certificates and, if so, how to apply them.
Some things to note:
- Simple SSL only covers one domain at a time
- Both the www and non-www version of the domain need to be pointing to your host
- Validation of your certificate may take up to 48 hours, though it is often much faster
- Once the certificate is installed and activated, you’ll likely have the option to "Force HTTPS" site-wide (this redirects all HTTP traffic to HTTPS automatically)
If you aren't seeing the green padlock after forcing HTTP, however, there are likely HTTP links coded into the site’s content or files that you will need to update (for instance, by making links relative). You can identify trouble spots loading insecurely by checking out whynopadlock.com. And you can contact your hosting company's customer service!