{"id":52174,"date":"2017-05-08T08:12:53","date_gmt":"2017-05-08T06:12:53","guid":{"rendered":"https:\/\/www.humanlevel.com\/sin-categorizar\/todo-lo-que-necesitas-saber-para-migrar-tu-web-a-https.html"},"modified":"2017-05-08T13:32:00","modified_gmt":"2017-05-08T11:32:00","slug":"everything-you-need-to-know-to-migrate-your-website-to-https","status":"publish","type":"post","link":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https","title":{"rendered":"Everything you need to know to migrate your website to HTTPS"},"content":{"rendered":"<div id=\"toc_container\" class=\"no_bullets\"><p class=\"toc_title\">Index<\/p><ul class=\"toc_list\"><li><a href=\"#What_is_HTTPS\">What is HTTPS?<\/a><\/li><li><a href=\"#Why_should_you_use_it_on_your_website\">Why should you use it on your website?<\/a><\/li><li><a href=\"#Why_shouldn8217t_you_use_it_on_your_website\">Why shouldn&#8217;t you use it on your website?<\/a><\/li><li><a href=\"#How_does_encryption_work\">How does encryption work?<\/a><\/li><li><a href=\"#What_type_of_SSL_certificate_to_choose\">What type of SSL certificate to choose?<\/a><ul><li><a href=\"#According_to_the_number_of_domains\">According to the number of domains<\/a><\/li><li><a href=\"#Self-signed\">Self-signed<\/a><\/li><li><a href=\"#Certificates_signed_by_a_CA_according_to_validation_type\">Certificates signed by a CA, according to validation type<\/a><\/li><li><a href=\"#Other_features\">Other features<\/a><\/li><\/ul><\/li><li><a href=\"#What_should_be_taken_into_account_in_terms_of_SEO_in_order_not_to_lose_traffic_during_a_migration\">What should be taken into account in terms of SEO in order not to lose traffic during a migration?<\/a><\/li><li><a href=\"#What_should_the_system_administrator_take_into_account_in_order_not_to_lose_traffic\">What should the system administrator take into account in order not to lose traffic?<\/a><ul><li><a href=\"#Renewal\">Renewal<\/a><\/li><li><a href=\"#Installing_root_and_intermediate_certificates_on_the_server\">Installing root and intermediate certificates on the server<\/a><\/li><li><a href=\"#TLS_version\">TLS version<\/a><\/li><li><a href=\"#Redirections\">Redirections<\/a><\/li><li><a href=\"#Verification_by_means_of_an_online_tool\">Verification by means of an online tool<\/a><\/li><\/ul><\/li><li><a href=\"#Can_I_use_HTTP2_at_the_same_time_as_HTTPS\">Can I use HTTP2 at the same time as HTTPS?<\/a><\/li><li><a href=\"#Is_HTTPS_really_secure\">Is HTTPS really secure?<\/a><\/li><li><a href=\"#Additional_references\">Additional references<\/a><\/li><\/ul><\/div>\n<p>Ever since Google announced in 2014 that the use of <strong>HTTPS<\/strong> was going to <strong>to favor SEO<\/strong>. Many websites are implementing it. But, do you really know what Hypertext Transfer Protocol Secure is? Is it really secure for you and your visitors? Have you ever wondered if your website needs it? Do you know how to contract it? And, above all, do you know how to do a <strong>migration to HTTPS<\/strong> so that it affects SEO as little as possible? You will find the answers to these questions and many more if you read on.<\/p>\n<h2><span id=\"What_is_HTTPS\">What is HTTPS?<\/span><\/h2>\n<p>Imagine that <strong>five people<\/strong> are involved in the process of sending a letter: <strong>the first person<\/strong> writes the content of the letter and a series of additional data in the header that indicate things related to that content, such as the size of the letter, its date, the language, etc. We can give this person the &#8220;strange name&#8221; of <strong>HTTP sender<\/strong>.<br \/>\nHTTP sender passes the letter to the <strong>second party (SSL sender or TLS sender)<\/strong>, which encrypts the content by replacing some letters with others.<\/p>\n<p>SSL or TLS then passes the letter to the <strong>third party (TCP sender)<\/strong> who, among other things, breaks the letter into pieces and numbers them because the letter carrier does not like to carry very large letters.<\/p>\n<p>The sender TCP then gives each piece of the letter to the <strong>sender IP<\/strong>, who takes each piece and puts it in an envelope where he writes the destination address and the sender.<\/p>\n<p>Finally, the sender IP hands each envelope to the fifth and last person, which could be called <strong>Ethernet, PPP&#8230;<\/strong> who assigns each letter to the nearest mailbox for the letter carrier to take it to its destination.<\/p>\n<p>When the letter arrives at its destination, it follows the reverse process, i.e., Mr. <strong>Ethernet receiver<\/strong> picks up the letters, passes them to <strong>IP receiver<\/strong> who takes the pieces out of the envelopes and gives them to <strong>TCP receiver<\/strong> who puts them back together. Then, the <strong>receiving SSL<\/strong> decrypts the content and finally a <strong>receiving HTTP<\/strong> looks at the headers to know how it has to interpret the content.<\/p>\n<p>As you may have noticed, if in this description you change person for communication protocol and letter for HTML document, what you have is the operation of the HTTPS protocol. The operation of the HTTP protocol would be exactly the same but eliminating the <strong>SSL\/TLS<\/strong> protocol.<br \/>\nIn the following image I graphically illustrate the journey of this HTML document, where the sender and receiver can be, respectively, the web server and the browser or vice versa:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-26666 aligncenter\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/comunicacion-https.png\" alt=\"https communication protocol stack\" width=\"568\" height=\"482\" \/><\/p>\n<p><strong>HTTPS, achieves three improvements over HTTP<\/strong>:<\/p>\n<ul>\n<li>1\u00aa. All information travels <strong>encrypted<\/strong> between the web server and the clients.<\/li>\n<li>2\u00aa. <strong>No one can modify the information<\/strong> by intercepting it while it is being sent to its destination.<\/li>\n<li>3\u00aa. <strong>The <a title=\"Go to view domain description\" href=\"https:\/\/www.humanlevel.com\/en\/digital-marketing-dictionary\/domain\" target=\"_blank\" rel=\"noopener noreferrer\">domain<\/a> of the web is authenticated<\/strong>, that is to say, your web page will have a digital signature that will demonstrate to those who want to navigate through it that it is your domain and it really belongs to your company.<\/li>\n<\/ul>\n<p>We will go into each point further on.<\/p>\n\n<h2><span id=\"Why_should_you_use_it_on_your_website\">Why should you use it on your website?<\/span><\/h2>\n<p>Although there are users who do not pay attention to whether or not the website has HTTPS and most of those who do pay attention only know that it is useful for sending encrypted data, that is enough for <strong>building trust in your site<\/strong>which is very<strong> important in <a href=\"https:\/\/www.humanlevel.com\/en\/digital-marketing-dictionary\/e-commerce\" target=\"_blank\" rel=\"noopener noreferrer\">e-commerce<\/a><\/strong> or on any web site where the user is asked for personal data.<\/p>\n<p>On the other hand, as I discussed at the beginning, <strong>Google said<\/strong>:<\/p>\n<blockquote><p><a title=\"Go to HTTPS as a ranking signal\" href=\"https:\/\/developers.google.com\/search\/blog\/2014\/08\/https-as-ranking-signal?hl=es\" target=\"_blank\" rel=\"noopener noreferrer\">HTTPS is a factor that slightly affects positioning and is likely to increase its importance.<\/a><\/p><\/blockquote>\n\n<h2><span id=\"Why_shouldn8217t_you_use_it_on_your_website\">Why shouldn&#8217;t you use it on your website?<\/span><\/h2>\n<p>Because it <strong>negatively affects the<\/strong> page <strong>load time<\/strong> (although not too much), since it has to set the encryption method on the first connection and has to encrypt and decrypt data.<\/p>\n<p>By putting HTTPS, all the <strong>URLs of our website will change<\/strong>, which will temporarily affect the positioning, since we will have to make redirections and we will lose the &#8220;likes&#8221; in social networks. So, if we have a blog and do not collect user data, we may not be compensated for the small improvement in SEO as it may not be noticeable due to the loss of performance.<\/p>\n<h2><span id=\"How_does_encryption_work\">How does encryption work?<\/span><\/h2>\n<p>HTTPS uses two encryption algorithms, a <strong>public key<\/strong> algorithm called RSA and a <strong>private key<\/strong> algorithm (usually AES or 3DES). The first one is used to transmit in encrypted form the key of the second one which is faster to use, but as I don&#8217;t want to bore you with explanations about cryptography and discrete mathematics, if you want to go a little deeper you can read <a title=\"Go to RSA public key algorithm\" href=\"http:\/\/www.pensamientoscomputables.com\/entrada\/RSA-criptografia-algoritmo-cifrado-clave-publica.html\" target=\"_blank\" rel=\"noopener noreferrer\">this article I wrote about RSA<\/a>.<\/p>\n<p>The important thing to know is that <strong>the public key encryption, which is used to protect the information, is also used to make the digital signature<\/strong> that verifies that your domain belongs to you. If I had to make a comparison in the real world, it is as if you had signed before a notary that your domain belongs to your company and all the users of your website had been present to attest to the act. This &#8220;notary&#8221; is called <strong>Certification Authority (CA)<\/strong>, which are companies that sell SSL certificates of digital signature, necessary to have HTTPS, and they are the ones that are going to charge you the most when contracting this service with your <a title=\"Go to hosting description\" href=\"https:\/\/www.humanlevel.com\/en\/digital-marketing-dictionary\/hosting\" target=\"_blank\" rel=\"noopener noreferrer\">hosting<\/a> provider. Here it can be that the hosting provider offers you certificates of a CA with which it has agreements, or that allows you to put certificates that you have bought directly you to some other CA. In the latter case you would be skipping an intermediary, but this does not imply that, in all cases, it is cheaper for you.<\/p>\n<h2><span id=\"What_type_of_SSL_certificate_to_choose\">What type of SSL certificate to choose?<\/span><\/h2>\n<p>There are several classifications for certificates:<\/p>\n<h3><span id=\"According_to_the_number_of_domains\">According to the number of domains<\/span><\/h3>\n<ul>\n<li><strong>For a single domain<\/strong>: as only one certificate per IP is allowed, if we have another domain on the same server and we want to add HTTPS to it, we will have to buy another certificate and another IP.<\/li>\n<li><strong>Multidomain<\/strong>: with a single certificate we can have HTTPS on several websites hosted on the same server under the same IP.<\/li>\n<li><strong>Wildcard<\/strong>: these are certificates that can be used for all the subdomains of a domain. For example if we want to have https:\/\/midominio.com and https:\/\/www.midominio.com, since we intend to redirect https:\/\/midominio.com to the subdomain https:\/\/www.midominio.com, with a wildcard certificate we will only need one certificate and one IP, while with a single domain certificate we will need two of each.<\/li>\n<\/ul>\n<h3><span id=\"Self-signed\">Self-signed<\/span><\/h3>\n<ul>\n<li>A self-signed certificate is one that we <strong>sign ourselves<\/strong> ensuring that the web is ours. This type of certificates do not cost anything and are used for testing or for secure access to services that only we are going to use. Browsers display these certificates with a security alert:<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-26668\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/error-certificado.png\" alt=\"certified error\" width=\"996\" height=\"381\" srcset=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/error-certificado.png 996w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/error-certificado-720x275.png 720w, https:\/\/www.humanlevel.com\/wp-content\/uploads\/error-certificado-768x294.png 768w\" sizes=\"auto, (max-width: 996px) 100vw, 996px\" \/><\/li>\n<\/ul>\n<h3><span id=\"Certificates_signed_by_a_CA_according_to_validation_type\">Certificates signed by a CA, according to validation type<\/span><\/h3>\n<p>The type of validation refers to the amount of bureaucracy required to validate that our company really has the domain:<\/p>\n<ul>\n<li><strong>Domain validation<\/strong>: with this type of validation they do not ask you any questions, they only verify that it is a valid domain. Many certification authorities do not offer this service because it does not entail any type of security, as it passes validation easily. At the other extreme we have the relatively recent CA <a title=\"Go to Let's encrypt free certificates\" href=\"https:\/\/www.humanlevel.com\/en\/blog\/web-development\/lets-encrypt-free-ssl-certificates-for-your-web-with-https\" target=\"_blank\" rel=\"noopener noreferrer\">Let&#8217;s Encrypt<\/a> offering free certificates of this type, this is something hackers are already taking advantage of. Some browsers display these certificates with a gray padlock and others with a green padlock in the navigation bar.<\/li>\n<li><strong>Business or organizational validation<\/strong>: this type of validation is more exhaustive. You have to prove that you own a company by providing the company name, manager, confirmation that the domain belongs to you by replying to an email that is usually sent to the domain administrator and anything else that the CA asks for. Browsers display this type of certificate with a green padlock:<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-26678\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/certificado-business-validation.png\" alt=\"business validation certificate\" width=\"356\" height=\"195\" \/><\/li>\n<li><strong>Extended validation<\/strong>: in this type of validation they ask for even more information and make more exhaustive checks, such as that the physical address of the company matches the address given for the domain. It is also the most expensive type of validation, so it is usually only used by banks or major institutions. This type of validation is shown with a green padlock and the name of the validated company. In addition, if we click on the padlock we can see more information about the company:<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-26679\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/certificado-extended-validation.png\" alt=\"extended validation certificate\" width=\"362\" height=\"335\" \/><\/li>\n<\/ul>\n<h3><span id=\"Other_features\">Other features<\/span><\/h3>\n<ul>\n<li><strong>Number of bits of the RSA public key<\/strong>: the more bits, the more secure the certificate. Google recommends public key certificates of at least 2048 bits.<\/li>\n<li><strong>Type of hashing algorithm for the signature<\/strong>: an algorithm used to &#8220;hash&#8221; the signature to make it unreadable. Here it should be noted that SHA1 is deprecated as of January 1, 2017 and the browser may display a warning:<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-26681\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/certificado-cidrado-obsoleto.png\" alt=\"obsolete encrypted certificate\" width=\"472\" height=\"578\" \/><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>It is recommended that the certificate use some variant of SHA-2 such as SHA-256.<\/p>\n<ul>\n<li><strong>Type of encryption algorithm for the private key<\/strong>: it can be AES or 3DES (DES is obsolete). AES is recommended because it is faster and at least 128 bits.<\/li>\n<li><strong>Compatibility with browsers<\/strong>: this is a point that all CAs usually comply with, but it is worth mentioning that they are compatible with 99% of browsers. 100% is impossible as there may be very old browsers with which they are not.<\/li>\n<\/ul>\n<p>We can find almost any combination of these characteristics in the certificates offered by the certification authorities. For example, we can have a certificate that is multi-domain, wildcard and with extended validation, all at the same time.<\/p>\n<p>Some famous certification authorities include <strong>GeoTrust, Verisign, Thawte, Comodo, Symantec<\/strong>, etc. But there are also some resellers offering cheap certificates and the free Let&#8217;s Encrypt (their automatic certificate management software is currently not available for Windows servers). So you know, put in Google &#8220;SSL certificate&#8221; or something similar and you can start comparing certificates and prices that fit your needs and budget. The price for a domain name is usually between 40 \u20ac and 300 \u20ac per year.<\/p>\n\n<h2><span id=\"What_should_be_taken_into_account_in_terms_of_SEO_in_order_not_to_lose_traffic_during_a_migration\">What should be taken into account in terms of SEO in order not to lose traffic during a migration?<\/span><\/h2>\n<ul>\n<li><a title=\"Go to see description 301 redirection\" href=\"https:\/\/www.humanlevel.com\/en\/digital-marketing-dictionary\/301-redirection\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>301 redirectios<\/strong><\/a>: all URLs with http must be redirected to their version with https. Considering all the possibilities, for example, for the domain https:\/\/www.midominio.com all these redirections would be recommended:\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>http:\/\/www.midominio.com -&gt; https:\/\/www.dominio.com<\/li>\n<li>https:\/\/midominio.com -&gt; https:\/\/www.dominio.com (for this redirection it is necessary to have a certificate for mydomain.com, as the redirection occurs after the HTTPS is validated)<\/li>\n<li>http:\/\/midominio.com -&gt; https:\/\/www.dominio.com<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong> <a title=\"Go to canonical description\" href=\"https:\/\/www.humanlevel.com\/en\/digital-marketing-dictionary\/canonical-link-element\" target=\"_blank\" rel=\"noopener noreferrer\">Canonical<\/a> and alternate link tags<\/strong>: all rel=&#8221;canonical&#8221; and rel=&#8221;alternate&#8221; tags, for languages and alternate urls on mobile, must have https.<\/li>\n<li><strong><a title=\"Go to Sitemap description\" href=\"https:\/\/www.humanlevel.com\/en\/digital-marketing-dictionary\/sitemap\" target=\"_blank\" rel=\"noopener noreferrer\">Sitemap<\/a><\/strong>: if we have the possibility to regenerate the sitemaps we should do it.<\/li>\n<li>Set the main domain with https in <strong>Google Search Console<\/strong>.<\/li>\n<li>Check the <strong>robots.txt<\/strong> file to see if we have absolute routes or are filtering traffic by https.<\/li>\n<li><strong>Update links and paths to images<\/strong> in the code.<br \/>\nIf we have some image in the code that loads by http the browser will show us a warning sign above the padlock.<br \/>\nIf we have frames (iframes) by http inside a web that works by https, it is probable that the security policy by default of the browser prevents that it is shown.<\/li>\n<li><strong>Crawl the<\/strong> website with a crawler to see that all links are working properly.<\/li>\n<\/ul>\n<h2><span id=\"What_should_the_system_administrator_take_into_account_in_order_not_to_lose_traffic\">What should the system administrator take into account in order not to lose traffic?<\/span><\/h2>\n<p>The process of installing a certificate can be complex, especially if you do not have a panel that automates the process and, in addition, depends on the web server. But here I am not going to describe what it consists of, nor how it is done, but to specify the configuration aspects that must be taken into account so that the web does not stop being accessible and that we can check to see if the administrator who has installed the certificate has done his job well:<\/p>\n<h3><span id=\"Renewal\">Renewal<\/span><\/h3>\n<p>It is very important that the system administrator remembers to <strong>renew the certificate every year<\/strong> or on the corresponding date. It is not uncommon to find customers with their website blocked by a security warning, for a whole day or more, because the administrator did not renew his certificate. The renewal process can take time and must be done in advance of the expiration date. The certification companies will not charge you those extra days for renewing early, on the contrary, many offer discounts.<\/p>\n<p>We can see the expiration date of a certificate by viewing its properties in the advanced settings of the browser.<\/p>\n<p>If we use Let&#8217;s Encrypt, the renewal is done automatically by a program.<\/p>\n\n<h3><span id=\"Installing_root_and_intermediate_certificates_on_the_server\">Installing root and intermediate certificates on the server<\/span><\/h3>\n<p><strong>Certification authorities also have their digital signature that they use to sign your certificate<\/strong>. These CA certificates are called root certificates. Their public key is pre-installed in all browsers to verify the signature of the certificates of the websites that use them.<\/p>\n<p>There is also another type of certificate called intermediate, which is used for security, to keep the root certificate with the private key offline, since if it becomes public all CA certificates would no longer be valid. When the intermediate certificate exists, the root signs it and this in turn, the certificate of our web page.<\/p>\n<p>This intermediate certificate must exist on the server, because if the browser does not have it, the server transmits it along with the web certificate. It may happen that the administrator forgets to <strong>install the intermediate certificate<\/strong> on the server and therefore HTTPS does not work in all browsers. So it is always advisable to <strong>test the website on all major<\/strong> desktop and mobile <strong>browsers<\/strong>. If it does not work on one of them, the administrator forgot to install the intermediate certificate on the server.<\/p>\n<p>In the advanced configuration of our browser, we can see the certificates that we have installed:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-26689\" src=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/certificados-navegador.png\" alt=\"certificates installed in browser\" width=\"519\" height=\"478\" \/><\/p>\n<h3><span id=\"TLS_version\">TLS version<\/span><\/h3>\n<p>It is also recommended to use the <strong>latest version of TLS<\/strong> (currently 1.2). SSL is an older version of TLS.<\/p>\n<h3><span id=\"Redirections\">Redirections<\/span><\/h3>\n<p>Finally, when the administrator activates HTTPS on our website, it <strong>should work over both HTTP and HTTPS<\/strong> and it is <strong>up to the developer to add the redirects<\/strong>.<\/p>\n<h3><span id=\"Verification_by_means_of_an_online_tool\">Verification by means of an online tool<\/span><\/h3>\n<p>These are the most common failures, but you can <a title=\"Go to check your certificate installation\" href=\"https:\/\/www.ssllabs.com\/ssltest\/\" target=\"_blank\" rel=\"noopener noreferrer\">check the installation of your certificate in this link<\/a>.<\/p>\n<h2><span id=\"Can_I_use_HTTP2_at_the_same_time_as_HTTPS\">Can I use HTTP2 at the same time as HTTPS?<\/span><\/h2>\n<p><a title=\"Go to HTTP2 description\" href=\"https:\/\/www.humanlevel.com\/en\/blog\/web-development\/http-2-protocol-standard-approved\" target=\"_blank\" rel=\"noopener noreferrer\">HTTP2<\/a> is a new version of HTTP 1.1. Since <strong>HTTPS is actually two protocols (HTTP and SSL\/TLS)<\/strong> and security is provided by SSL\/TLS, <strong>changing the version of HTTP does not affect what the next protocol does<\/strong>, just as changing IPv4 to IPv6 does not affect the other protocols. This is why layered communication protocols were designed and why all combinations are possible, HTTP2 with HTTPS, HTTP2 without HTTPS, HTTP 1.1 with HTTPS and HTTP 1.1 without HTTPS. However, browsers do not support the combination of HTTP2 without HTTPS.<\/p>\n<h2><span id=\"Is_HTTPS_really_secure\">Is HTTPS really secure?<\/span><\/h2>\n<p>Yes, it is. The only weak point is the attacks of the <strong>MitM<\/strong> (Man in the Middle) type. If we connect to the Internet through an open WiFi connection that a hacker has placed there, the hacker could intercept the communication so that when typing in our browser http:\/\/www.facebook.com, the hacker prevents us from being redirected to https:\/\/www.facebook.com, capturing all our data (if we do not notice that there is no lock in the URL). To try to avoid this, at least in most cases, the following <strong>HSTS header<\/strong> of the HTTP protocol is used:<\/p>\n<pre><code>\r\nStrict-Transport-Security: max-age=31536000;\r\n<\/code><\/pre>\n<p>This header tells the browser that no HTTP requests can be made to the site within one year. The only problem is that we take away the possibility of retracting and returning to have HTTP on our website.<\/p>\n<h2><span id=\"Additional_references\">Additional references<\/span><\/h2>\n<ul>\n<li><a title=\"HTTPS secure protocol definition in the World 3 Consortium\" href=\"https:\/\/www.w3.org\/2001\/tag\/doc\/web-https\" target=\"_blank\" rel=\"noopener noreferrer\">HTTPS protocol definition at W3C<\/a><\/li>\n<li><a title=\"Frequently asked questions about https\" href=\"https:\/\/https.cio.gov\/faq\/\" target=\"_blank\" rel=\"noopener noreferrer\">Frequently asked questions about the HTTPS secure protocol<\/a><\/li>\n<li><a title=\"Original HTTP protocol definition\" href=\"https:\/\/www.w3.org\/Protocols\/HTTP\/HTTP2.html\" target=\"_blank\" rel=\"noopener noreferrer\">Original HTTP protocol definition<\/a><\/li>\n<li><a title=\"Definition of http2 in github\" href=\"https:\/\/http2.github.io\" target=\"_blank\" rel=\"noopener noreferrer\">HTTP2 definition on GitHub<\/a><\/li>\n<li><a title=\"Frequently asked questions about HTTP2\" href=\"https:\/\/http2.github.io\/faq\/\" target=\"_blank\" rel=\"noopener noreferrer\">Frequently asked questions about HTTP2<\/a><\/li>\n<li><a href=\"https:\/\/www.humanlevel.com\/en\/blog\/web-development\/lets-encrypt-free-ssl-certificates-for-your-web-with-https\" target=\"_blank\" rel=\"noopener noreferrer\">Post on how to use Let&#8217;s Encrypt to implement a free SSL certificate on your website<\/a><\/li>\n<\/ul>\n<p>I hope it has been helpful and if you have any questions, do not hesitate to ask in the comments. I will try to resolve it as soon as possible.<\/p>\n\n","protected":false},"excerpt":{"rendered":"<p>What is HTTPS, is it secure, does your website need it, what should you do to contract it, and above all, do you know how to migrate to HTTPS so that it does not affect SEO? We answer these questions and many more.<\/p>\n","protected":false},"author":14,"featured_media":47338,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[349],"tags":[366,359],"class_list":["post-52174","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seo","tag-technical-seo","tag-web-migration","entry"],"yoast_head":"\n<title>Everything you need to know to migrate your website to HTTPS<\/title>\n<meta name=\"description\" content=\"What is HTTPS, is it secure, does your website need it, what should you do to contract it, and above all, do you know how to migrate to HTTPS so that it does not affect SEO? We answer these questions and many more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Everything you need to know to migrate your website to HTTPS\" \/>\n<meta property=\"og:description\" content=\"What is HTTPS, is it secure, does your website need it, what should you do to contract it, and above all, do you know how to migrate to HTTPS so that it does not affect SEO? We answer these questions and many more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https\" \/>\n<meta property=\"og:site_name\" content=\"Human Level\" \/>\n<meta property=\"article:published_time\" content=\"2017-05-08T06:12:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-05-08T11:32:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ram\u00f3n Saquete\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Daiatron\" \/>\n<meta name=\"twitter:site\" content=\"@humanlevel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ram\u00f3n Saquete\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https\"},\"author\":{\"name\":\"Ram\u00f3n Saquete\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/person\/11ad888926867985985a0210476bae94\"},\"headline\":\"Everything you need to know to migrate your website to HTTPS\",\"datePublished\":\"2017-05-08T06:12:53+00:00\",\"dateModified\":\"2017-05-08T11:32:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https\"},\"wordCount\":2940,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#organization\"},\"image\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png\",\"keywords\":[\"Technical SEO\",\"Web migration\"],\"articleSection\":[\"SEO\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https\",\"url\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https\",\"name\":\"Everything you need to know to migrate your website to HTTPS\",\"isPartOf\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png\",\"datePublished\":\"2017-05-08T06:12:53+00:00\",\"dateModified\":\"2017-05-08T11:32:00+00:00\",\"description\":\"What is HTTPS, is it secure, does your website need it, what should you do to contract it, and above all, do you know how to migrate to HTTPS so that it does not affect SEO? We answer these questions and many more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage\",\"url\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png\",\"contentUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png\",\"width\":400,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/www.humanlevel.com\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Everything you need to know to migrate your website to HTTPS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.humanlevel.com\/en#website\",\"url\":\"https:\/\/www.humanlevel.com\/en\",\"name\":\"Human Level\",\"description\":\"Web positioning and online marketing consultant Human Level\",\"publisher\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.humanlevel.com\/en?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.humanlevel.com\/en#organization\",\"name\":\"Human Level\",\"url\":\"https:\/\/www.humanlevel.com\/en\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg\",\"contentUrl\":\"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg\",\"width\":268,\"height\":51,\"caption\":\"Human Level\"},\"image\":{\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/humanlevel\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/person\/11ad888926867985985a0210476bae94\",\"name\":\"Ram\u00f3n Saquete\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.humanlevel.com\/en#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7a50f1a1974393853ee4f2423c9009f813cb107d3e7e20cf17cf8e86d407132e?s=96&d=simple_local_avatar&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7a50f1a1974393853ee4f2423c9009f813cb107d3e7e20cf17cf8e86d407132e?s=96&d=simple_local_avatar&r=g\",\"caption\":\"Ram\u00f3n Saquete\"},\"description\":\"Desarrollador web y consultor SEO t\u00e9cnico en Human Level. Graduado en Ingenier\u00eda Inform\u00e1tica e Ingenier\u00eda T\u00e9cnica en Inform\u00e1tica de Sistemas. Tambi\u00e9n es T\u00e9cnico Superior en Desarrollo de Aplicaciones Inform\u00e1ticas y posteriormente obtuvo la Certificaci\u00f3n de Aptitud Pedag\u00f3gica. Experto en WPO e indexabilidad.\",\"sameAs\":[\"https:\/\/x.com\/Daiatron\"],\"url\":\"https:\/\/www.humanlevel.com\/en\/author\/ramon\"}]}<\/script>\n","yoast_head_json":{"title":"Everything you need to know to migrate your website to HTTPS","description":"What is HTTPS, is it secure, does your website need it, what should you do to contract it, and above all, do you know how to migrate to HTTPS so that it does not affect SEO? We answer these questions and many more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https","og_locale":"en_US","og_type":"article","og_title":"Everything you need to know to migrate your website to HTTPS","og_description":"What is HTTPS, is it secure, does your website need it, what should you do to contract it, and above all, do you know how to migrate to HTTPS so that it does not affect SEO? We answer these questions and many more.","og_url":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https","og_site_name":"Human Level","article_published_time":"2017-05-08T06:12:53+00:00","article_modified_time":"2017-05-08T11:32:00+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png","type":"image\/png"}],"author":"Ram\u00f3n Saquete","twitter_card":"summary_large_image","twitter_creator":"@Daiatron","twitter_site":"@humanlevel","twitter_misc":{"Written by":"Ram\u00f3n Saquete","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#article","isPartOf":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https"},"author":{"name":"Ram\u00f3n Saquete","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/person\/11ad888926867985985a0210476bae94"},"headline":"Everything you need to know to migrate your website to HTTPS","datePublished":"2017-05-08T06:12:53+00:00","dateModified":"2017-05-08T11:32:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https"},"wordCount":2940,"commentCount":0,"publisher":{"@id":"https:\/\/www.humanlevel.com\/en#organization"},"image":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage"},"thumbnailUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png","keywords":["Technical SEO","Web migration"],"articleSection":["SEO"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https","url":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https","name":"Everything you need to know to migrate your website to HTTPS","isPartOf":{"@id":"https:\/\/www.humanlevel.com\/en#website"},"primaryImageOfPage":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage"},"image":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage"},"thumbnailUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png","datePublished":"2017-05-08T06:12:53+00:00","dateModified":"2017-05-08T11:32:00+00:00","description":"What is HTTPS, is it secure, does your website need it, what should you do to contract it, and above all, do you know how to migrate to HTTPS so that it does not affect SEO? We answer these questions and many more.","breadcrumb":{"@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#primaryimage","url":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png","contentUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/migrar-a-https.png","width":400,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.humanlevel.com\/en\/blog\/seo\/everything-you-need-to-know-to-migrate-your-website-to-https#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/www.humanlevel.com\/en"},{"@type":"ListItem","position":2,"name":"Everything you need to know to migrate your website to HTTPS"}]},{"@type":"WebSite","@id":"https:\/\/www.humanlevel.com\/en#website","url":"https:\/\/www.humanlevel.com\/en","name":"Human Level","description":"Web positioning and online marketing consultant Human Level","publisher":{"@id":"https:\/\/www.humanlevel.com\/en#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.humanlevel.com\/en?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.humanlevel.com\/en#organization","name":"Human Level","url":"https:\/\/www.humanlevel.com\/en","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/","url":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg","contentUrl":"https:\/\/www.humanlevel.com\/wp-content\/uploads\/logo-human-negro-1.jpg","width":268,"height":51,"caption":"Human Level"},"image":{"@id":"https:\/\/www.humanlevel.com\/en#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/humanlevel"]},{"@type":"Person","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/person\/11ad888926867985985a0210476bae94","name":"Ram\u00f3n Saquete","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.humanlevel.com\/en#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7a50f1a1974393853ee4f2423c9009f813cb107d3e7e20cf17cf8e86d407132e?s=96&d=simple_local_avatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7a50f1a1974393853ee4f2423c9009f813cb107d3e7e20cf17cf8e86d407132e?s=96&d=simple_local_avatar&r=g","caption":"Ram\u00f3n Saquete"},"description":"Desarrollador web y consultor SEO t\u00e9cnico en Human Level. Graduado en Ingenier\u00eda Inform\u00e1tica e Ingenier\u00eda T\u00e9cnica en Inform\u00e1tica de Sistemas. Tambi\u00e9n es T\u00e9cnico Superior en Desarrollo de Aplicaciones Inform\u00e1ticas y posteriormente obtuvo la Certificaci\u00f3n de Aptitud Pedag\u00f3gica. Experto en WPO e indexabilidad.","sameAs":["https:\/\/x.com\/Daiatron"],"url":"https:\/\/www.humanlevel.com\/en\/author\/ramon"}]}},"_links":{"self":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts\/52174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/comments?post=52174"}],"version-history":[{"count":4,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts\/52174\/revisions"}],"predecessor-version":[{"id":54872,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/posts\/52174\/revisions\/54872"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/media\/47338"}],"wp:attachment":[{"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/media?parent=52174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/categories?post=52174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.humanlevel.com\/en\/wp-json\/wp\/v2\/tags?post=52174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}