Anyone who’s running a website should/would be aware of the announcement by Google. The search giant has decided to flag the websites that are not secured – served over HTTPS. Some of you might be wondering (like I did some time back) that my website doesn’t store any private information nor has any payment functionality, then also should I move to HTTPS ? The answer is a simple Yes. Irrespective of whether you have a personal blog or a corporate website, moving to HTTPS is not just to better the rankings on search results but also to ensure that your customers are save. Ensuring that your website is HTTPS compliant, ensures that the connection between your website and the reader is encrypted and secured.
I have spent quite some time in figuring how to go about this for Socialmaharaj but everything in vain. In fact I know there’s a flaw in the way things are arranged, I even know a (possible) solution but it’s the lack of time that I’m unable to move to HTTPS. However, I finally figured out a work around while I was at work yesterday, and quickly implemented the same. So now if you see on the address bar you should see a green padlock with HTTPS 🙂 Yaay Mission Accomplished ! But getting to this stage also wasn’t an easy one, there were lot of difficulties that I faced in making the blog HTTPS compatible. Hence I thought to make a list of all the issues that I faced while moving from HTTP to HTTPS along with workarounds/solutions.
Issues while moving from HTTPS to HTTP
Below are a list of issues that one can face while moving their website from HTTP to HTTPS. I faced these issues while migrating this blog to HTTPS. Since there are chances that anyone can face these issues, I decided to pen this post along with the solutions to the issues faced while moving from HTTP to HTTPS. This post assumes that you already have a valid SSL certificate with you and the same is configured on your server. You either purchase one from various companies like Comodo or use a free one like Let’s Encrypt. Most of the hosting companies provide you with easy options to enable HTTPS on your websites. Request you to check with your hosting provider for configuring this.
HTTPS enabled but No Green Lock
One of the most common issues that you face while moving your website from HTTP to HTTPS is that the green padlock on the address bar doesn’t turn green. There are a couple of reasons for this. No prizes for guessing but the most obvious one is incorrect configuration. Some websites mention that if you get a cheap or free SSL certificate then you will not see the green padlock. However, from my experience this isn’t correct. Even the free SSL certificate from providers like Let’s Encrypt work flawlessly and show the green padlock. So why exactly you don’t see a green padlock after your move from HTTP to HTTPS ? Read on for answers.
Mixed Content is by far the most common issue that you might encounter while moving your blog from HTTP to HTTPS. The Mixed Content issue normally occurs when your website/blog is HTTPS enabled but there is content on the page that ain’t loaded over HTTPS. In simple terms, let’s say you have a page that has an image that you have used on your blog. (The image is not residing on your server) If this website isn’t HTTPS enabled, the image will be loaded over HTTP. Now since your website is served using HTTPS, there will be a Mixed Content issue. In this case, the pad lock in the URL bar won’t turn green. To identify this issue, you need to open the Developer Tools window (Ctrl+F12 on Google Chrome). Under the console tab, you should see all the resources that are served over HTTP.
Solution: The basic idea here is to ensure everything on the page is served over HTTPS. Now there are multiple ways to fix this. One of them is to manually change the images on each page/post. To make it more easy, if you are using WordPress, you can use plugins like Velvet Blues that will automatically replace all the links. But do ensure to take a data backup before using any plugins that modify the database. Further, if you have used hard-coded link anywhere, you will have to replace it too.
Error 502 Bad Gateway – CloudFront
If you are using a CDN to server your website, you might have this issue at times. Error 502 Bad Gateway is a common issue. For instance if you are using Amazon Cloudfront, you can either have S3 bucket or your own web server as origin. So the flow is like source -> Cloudfront -> Browser. For the green pad lock to appear and the entire flow to be served over HTTPS, you need to ensure that the connection between the source and cloudfront and cloudfront to browser needs to be HTTPS enabled.
Solution: For this you need to configure your source (S3 bucket / web server) to support HTTPS. Once that is done, the entire path will be HTTPS enabled and you will see the green pad lock. You will have to make changes in the Distributions -> Origin from AWS console to support HTTPS everywhere. [Also Read: How to Speed up your website]
HTTP not redirecting to HTTPS
Once you have HTTPS enabled on your website/blog, you ideally have two points of entry – HTTP and HTTPS. The user can enter from any of these points. It’s your duty to ensure you force the user to use HTTPS.
Solution: For this issue, you will have to make changes in your .htaccess file and redirect all the requests from HTTP to HTTPS version of your website. You cand find a sample here. With this, irrespective of what the user types in, he will served with the HTTPS version of your website. [Also Read: How to Protect your WordPress Blog]
SSL Certificate Expired
Another issue that you might observe while moving your blog/website from HTTP to HTTPS is that the padlock isn’t green. This red cross sign usually indicates that the SSL certificate has expired. Whenever the SSL certificate expires, the browser will show this pad lock sign indicating to the user that the website is not more secured.
Solution: If you are facing this issue, the immediate thing that you should be doing is to renew your SSL certificate. If you are using a free SSL certificate, then you need to regenerate it.
I’m no expert in website setup and stuff. But I’ve tried my best to explain the issues faced by me while moving this blog from HTTP to HTTPS. I hope this post is helpful. In case you have any issues, concerns regarding this, do mention in the comments below or tweet to me at @Atulmaharaj