SSL Migration Checklist

Without a doubt, in 2017, a secure website outranks a non-secure one on search engine rankings.

But many SEO guys and site owners have problems with the SSL migration because they don’t know how to start a migration or they don’t know how to do it correctly. I decided to make my own checklist which proved the best results on Google.
The detailed description is written below, but you can also download a checklist instantly from here.

1. Buy the SSL certificate
I don’t recommend installing free SSL certs because there is no guarantee they will work on all browsers and if you are not satisfied with it, you won’t be able to ask for support or a refund. You can find one on your own, but I recommend buying these SSL certificates:

2. Install your certificate to the server. Instructions are written here:

You can ask your hosting company for help with checking that the SSL is installed and functioning properly using this service:

3. Set a reminder to update your SSL certificate before it expires (usually in a year).

4. Update site content to request https resources.
Different CMS systems require different updates to be provided. I’m listing instructions for the most popular below:

5. If you have any in-content internal links, update them manually or automatically, so that they provide the https request.
If your onsite links are relative like /help.html instead of, you don’t need to update to https for them.

6. Update all scripts to use appropriate relative URLs.
If you have some java, css or Ajax libraries running from pages, make sure they have a relative URL like /script.js instead of
If scripts are requested from an external resource, change links to them to https (they must support this protocol).

7. Check canonical tags. If they exist on the page, they should use https. It is usually done by your CMS like WordPress but you need to double check it.

8. If you are using AdWords or Bing ads, change all Ad links to https.

9. Update website redirects. Usually each website has some redirects for old pages which don’t exist but still have some backlinks and traffic. Some sites use a redirection module or redirects are located in the .htaccess file. Just make sure your redirects are pointing to the https version.

A redirect before installing SSL:

A redirect after installing SSL:

10. Update Google My Business, Google Plus and any other social media accounts with your new website URL.

11. Update website URL in Google analytics Administration › Property Settings › Default URL:

12. Create a new property on Google search console for the https website.

You can keep your old property, as well, to see the history for the previous time.

13. Create/generate a new XML sitemap that points to https pages

14. Submit new XML sitemap to Google search console

15. Update any rank tracking tool or SEO tool with the new website URL.

16. Make sure the robots.txt file has been updated with https URL to XML sitemap.

17. Deploy the http to https redirection code.

Each server has its own rules for the redirection. Some rules are listed below.

A code should be placed to Nginx config:

server {
listen 80;
return 301$request_uri;

A code should be placed to .htaccess file (for Apache servers):

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Check that a redirection works: just request your URL without http and it should be redirected to an https version automatically.

18. Use SSL Check to test your site for any non-secure content. If such content is found, just replace links as described in #2.

19. Use the “Fetch as Google” tool on the Google search console to speed up an indexation of the new URL.

20. Make sure all social share plugins support https version or reinstall them.

21. Monitor Google Search console for any errors.

Your site should be re-indexed in 1-3 days.

This entry was posted in Onsite SEO, SSL. Bookmark the permalink.