How to Add a Free SSL Certificate to Your Website to Get More Traffic — SEO Tips

Today I will talk about an obvious topic: Going all HTTPS.

Mike CK
Mike CK
Jul 30, 2017 · 7 min read
Encryption=Enhance privacy

I’m calling this an obvious topic since majority of web pages are now being served via HTTPS.

As of January this year (2017), it was estimated that more than 50% of the pages served across the web were secure (i.e using HTTPS, example: https://www.medium.com).

What does this number mean?

Having more than 50 percent websites using HTTPS implies that your own website is now begging to use it more than ever.

Don’t be on the losing side

Many people surfing the web are used to the green HTTPS-in-use indications. Below is a good example:

Medium’s website is clearly shown as a trusted site.

When visitors to your site don’t see the above in the address bar, or worse, when they see the red warning below, you worry them beyond your imagination.

An unsecure website due to mixing of secure and unsecure scripts, even with https enabled.

So what is this HTTPS?

The S in HTTPS stands for secure.

A HTTPS connection is secure because all the data you share via it is encrypted.

This means a hacker who intercepts the encrypted information has no use for it.

Therefore, all the emails, passwords, and credit card information of your users is safe when you employ HTTPS.

You might be wondering why you’d need HTTPS if you are just writing and sharing content and never asking for credit card information.

Well, at one point in time, you may, and you will, ask users for emails, phone numbers, ask them to sign up for a webinar or even sign up for an online course you are offering.

Whichever it is, for them to sign up and sign in, they will of course use certain credentials.

If your website is using the unencrypted HTTP while your users share this information with you (that is, if your website address is something like http://www.example.com), anyone who intercepts your users’ information gets it in plain text.

It will then be upon the hacker to decide what to do with those intercepted credentials.

A fact: most people use a single password to sign up for many online platforms/services e.g signing up on a blog using the same email address and password they use on PayPal.

As a free advice, do not use a password you use to sign into your financial applications to sign up for other services such as social networks.

It’s therefore the your responsibility, as the site owner, to exercise due diligence and help protect your users.

Care for your users, and they will never have to leave. Photo by Ray Hennessy on Unsplash

When you take action to protect your users, be sure to let them know. It is a proof to them that they can trust you. So when you add https to your website in the coming days, send them an email. They will know you care.

As for web developers who use external scripts and fonts on a website, they should do it in a proper way to give peace of mind to the user by not mixing secure and unsecure scripts. This is explained further below.

Remember, Google Chrome and any other major web browser will warn a user if you are serving mixed content.

Here is an example:

What happens when you serve http in addition to https scripts.

Such warnings to users will hurt your traffic severely.

For example, Chrome, as you can see above tells a user your web page is attempting to load scripts from unauthenticated sources whenever it detects you are serving mixed content.

Most users who understand the message doesn’t mean much won’t care and will simply ignore the warning and keep browsing your website.

Some savvy users might even go ahead to find a way to disable Chrome’s unauthenticated-content warnings.

But what of the many website visitors who don’t know what’s going on? The paranoid users ignorant of what is going on will run away from you!

And they might never come back!

I am not saying this to scare anyone. Far from it. Because even some of my clients don’t have https configured for their websites, yet.

However, I made sure to educate them concerning the risks they are taking and I also made sure they were using hosting plans that support adding SSL Certificates because they will purchase a certificate in future.


The rule: either use https or don’t. Don’t mix secure and unsecure content.

Adding SSL Certificate to Your Website

Now that we understand the need for https, and you are well convinced of the need to do so, let’s see how you can configure your website to use HTTPS free of charge.

What you will need:

  1. A hosting plan that allows you to add your own SSL Certificate.
  2. Go to Let’s Encrypt and obtain your free SSL Certificate

Ensure all the included CSS and JS files linked anywhere within your website pages are using

https://example.com/JavaScriptfile.js or https://example.com/stylesheet.css

NOT

http://example.com/JavaScriptfile.js or

http://example.com/stylesheet.css.

Explanation of the above steps:

  1. Some web hosting companies do not allow addition of an SSL Certificate. They will require you upgrade in order to add the certificate. Additionally, some require you to purchase their own certificates and don’t allow you to add a certificate obtained from a third party.
  2. Let’s Encrypt is on a mission to secure our online communications for free. Therefore, they give you a free SSL Certificate. You can donate to help them continue providing these free certificates.
  3. If you fail this step, users will get this bad warning:
Not so good a warning!

Now that you have the certificate, go ahead and upload it to your host.

As an additional step, after you have confirmed that https://yourwebsite.com is working ok. Go ahead and force all connections to https. No one will ever be able to connect to your website using http anymore. They will all be redirected to use https instead.

What to do if your web host does not support adding SSL Certificates

If your web host does not support adding SSL Certificate, one of the options is to upgrade your plan or change your host.

But, you can use Cloudflare as a partial solution.

Go to Cloudflare, create an account and add your website.

How does Cloudflare work?

Cloudflare is a content delivery network (CDN).

A CDN improves how fast your users receive the first byte of data when they request a given page of your website. The CDN makes this happen by letting users load your website from the closest server of the CDN.

For example, if your web host is in San Francisco USA, and your readers are in France, Cloudflare will serve the visitors in Europe using a copy on a server within Europe.

Cloudflare also encrypts the connection between your users it’s CDN.

The connection between your web server and Cloudflare, however, is still unsecure.

Let me explain:

Your content still lives in your web host’s server. What Cloudflare does is to get this content and deliver it to the user. They cache a copy, yes, but they always get the fresh content from your website.

So, as Cloudflare obtains content from your host’s server, and since you don’t yet use HTTPS, the content will be sent from your server to Cloudflare unencrypted.

However, the connection between Cloudflare and your user is secure/encrypted. So, their browsers will not fire up the warnings you saw above.

In summary, Cloudflare is a partial security solution.

Cloudflare lets you take advantage of the power of a CDN thus boosting the performance of your website. In fact, this reduces the load on server resources because the content is not served directly from your own server. This helps a lot during high traffic.

Cloudflare also claims there’s never a downtime for your website when you use their CDN. This is true since as explained above, Cloudflare has a cached copy of your website. When your server is down for, say 10 minutes, your users will still browse your pages with no problem.

Now you know how to get your website to use HTTPS absolutely free of charge.

This article got longer than I expected, even though it is not exhaustive. :-)

Leave a comment, question or suggestions below.

Thanks you for reading this far. Hit the ❤ button below if this was helpful and follow me for more exciting topics on how to ensure the success of your online business.


@Elevatika has a personality. She is listening, determined and delivers results.
We create modern, beautiful and fast-loading websites, design attractive and inspiring brands, and we manage social media accounts for forward thinking individuals and businesses.

Mail Mike at ck@elevatika.com.

Elevatika

We create excellent brands and help the existing ones behold new horizons. Let us elevate your business.

Mike CK

Written by

Mike CK

Designing beautiful brands and making amazing websites at elevatika.

Elevatika

Elevatika

We create excellent brands and help the existing ones behold new horizons. Let us elevate your business.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade