Subscribe to our newsletter

Get the State of Digital Newsletter
Join an elite group of marketers receiving the best content in their mailbox
Help us understand what topics we should be writing about!
We would like to help you get the best content for your role
* = required field
I want the...

What alerts do you want to receive?

What topics do you most like to read about?

Eliminate the SEO risks when moving to SSL / HTTPs

In August last year Google came with a clear statement about HTTPS as a ranking signal. Ever since, I haven’t seen clear evidence about positive impact on overall ranking performance for websites that have changed protocol to using a secured encrypted connection. In most cases I saw, the opposite happened: websites lost their rankings since the transition was not done right or the risks involved were not clear and covered. Below a few tips & tricks to avoid common mistakes will be listed to take care of when adopting TLS (Transport Layer Security).

Migrating for the sake of having a HTTPS connection is still not an action I would do. But once you really need to make the switch, for example when the website is exchanging personal details like in a webshop, make sure you do it correctly.

Certificate related mistakes


  1. Make sure you use the correct and most suitable certificate for your website(s). Be aware of the difference applications for single domain, multi domain and wildcard certificates. A few websites ruined their rankings since certificates were not working for the non-www subdomain.
  2. Choose the correct encryption level: have a look at the different keysizes. Google tells to use at least 2048-bits keys to be at the right encryption level. More information about the reasons of needing a specific encryption level can be found at The Difference Between 1024bit, 2048bit and 4096bit SSL Root Keys
  3. Make sure to optimize the server for using HTTPS. If not implemented correctly, it can increase pagespeed. Pagespeed is, in my experience, a more influencial raninfluential compared to using HTTPS. If not confident how to configure the server, ask your hosting provider to be sure since this is their task in the case you are not hosting your own server. A few guides for people that use their own hosting, VPS servers for example:
    – NGINX: configuring HTTPS servers– Microsoft: How to Set Up an HTTPS Service in ISS

Tricks to use before migrating

  1. Pick the right period to make the transition. Make sure all involved parties are available so fixes can be done immediately after detection of any errors. This sounds like kicking an open door, but not reaching your server admin after you have switched, can be causing a lot of unwanted damage. Since there can be a temporary loss because Google has to reindex all your URLs, account for a temporary loss of traffic. If you have clear seasonal or weekly traffic spikes, plan accodingly. Make sure to schedule the migration in the least impactful period.
  2. Include external stakeholders in your schedule. Make sure affiliate networks, e-mail campaigns, SEO & PPC agencies and link & company partners all are aware and available during the migration to switch to the correct links as fast as possible. The more fresh links Google will discover on the web, the faster it will crawl and index the new URLs.
  3. Create a shared schedule so everyone is aware of each others responsibilities and work within one central time frame. The person responsible for putting live the redirects shouldn’t put the redirect matrix live before the certificates are actually uploaded.
  4. Update and check website templates. Make sure all internal links will be converted directly to the correct HTTPs version so you don’t waste Googlebot’s costly time on having to crawl across multiple redirects.
  5. Setup Webmaster Tools accounts for the HTTPS version of the domains with Google, Bing and if applicable, the other search engines too. Once the migration happened, you can start tracking the progress of indexation. Make sure you upload the new sitemaps, which result in a clear overview of the number of pages indexed for the new domain.
  6. Check if the current analytics software can handle the new URLs. Google Analytics will just pick up the new URLs.
  7. If you are using A/B testing software, check for compatibility with the new URLs.
  8. If a CDN is used, check if they support using SSL certificates too. All connections within a HTTPS connection, should be via HTTPS. That means that static files and iframes need to go via a HTTPS connection too.
  9. Crawl your site to make sure you have all the URLs mapped. Download the top pages overview within Google Webmaster Tools to be sure you have all ranking URLs stored. Download the most linked to pages from a tool like Majestic so these can be checked against redirects after migration.
  10. Make a copy of the current rankings in Webmaster Tools. To be sure, check rankings for your most important keywords with a tool like SEORankmonitor before migration so you are able to monitor the effects.

Tips for the HTTP to HTTPS migration

  1. To be safe, use temporary (302) redirects first to test if all the certificates are working correctly on all domains.
  2. Final redirects should always be 301 redirects. Nothing else.
  3. Make sure you redirect all (sub)domains. I still find subdomains on websites that have just migrated partially and are leaving valuable link value behind on the old HTTP conencted subdomains.
  4. Update robots.txt and point to the new sitemap URL.
  5. Update your most valuable external links. Start with the ones you control, like your social media accounts for example.
  6. Combine the migration with creating a newsworthy campaign to share. This will generate links on media outlets which will trigger Google to have an extra look at your website. This can speed up the crawling and indexation process.
  7. After the redirects have been put live, crawl all old URLs to check if all redirects are working correctly.
  8. Check Webmaster tools accounts daily, to see if Google is having trouble with crawling the new URLs. Possible crawling errors will be reported on a daily basis. Both check the HTTP and HTTPS accounts within WMT.
  9. Crawl your site again, to see if all internal links are pointing to the correct HTTPS URLs to minimize crawl budget.

As you can read, a lot can go wrong so make sure to schedule and execute everything step by step to avoid mistakes. Also check Google’s guide on this topic: Secure your site with HTTPS

Migrating is not something you can just do in a few hours, always consult a SEO consultant to minimize the risks: migrations can be done without any negative impact if done right!



Jan-Willem Bobbink got addicted with online marketing in 2004, since he build his first international webshop when he was 16. He is currently working as Freelance SEO for global clients and is ambassador for Majestic. His blog can be found at Notprovided.eu. and he shares his cycling adventures at CATW!