How to Convert HTTP to HTTPS: Step-by-Step Guide

In the digital era, securing your website is not just a best practice—it’s a necessity. Converting your website from HTTP to HTTPS ensures that data transmitted between your site and its visitors is encrypted and secure. This comprehensive guide walks you through how to convert HTTP to HTTPS, highlighting the importance, benefits, and detailed steps to achieve a secure website.

Understanding HTTP and HTTPS: The Basics of Web Security

HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are foundational protocols used for transmitting data over the internet.

What is HTTP?

• HTTP is the protocol used for transferring web pages and data from servers to browsers.
• It operates on a client-server model, where the client (browser) requests data, and the server responds.
• Data sent over HTTP is not encrypted, making it susceptible to interception and tampering.

What is HTTPS?

• HTTPS is the secure version of HTTP, incorporating SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols.
• It encrypts data transmitted between the client and server, ensuring privacy and data integrity.
• HTTPS uses port 443, while HTTP uses port 80.

Differences Between HTTP and HTTPS

Understanding the fundamental difference between HTTP and HTTPS is crucial for website security and user trust.

Why Should You Convert HTTP to HTTPS?

Converting your website from HTTP to HTTPS offers numerous benefits that enhance security, trust, and overall performance.

Key Reasons to Convert

1. Enhanced Security: Protects data transmission between the server and users.
2. Improved SEO Ranking: Search engines like Google prioritize HTTPS sites.
3. Building User Trust: Visual indicators like padlock icons reassure visitors.
4. Compliance Requirements: Meets standards like GDPR for data protection.
5. Better Performance: HTTP/2, which requires HTTPS, offers faster loading times.
6. Preventing Data Tampering: Ensures data integrity by preventing interception and modification.
7. Avoiding Browser Warnings: Modern browsers flag HTTP sites as “Not Secure.”

Benefits of HTTPS

• Data Encryption: Keeps sensitive information like passwords and credit card details secure.
• Authentication: Verifies the website’s identity, protecting against phishing attacks.
• Privacy: Ensures that third parties cannot monitor or alter the data exchanged.
• Trust and Credibility: Users are more likely to trust and engage with secure websites.

SEO Advantages

• Higher Search Rankings: Google uses HTTPS as a ranking signal, improving visibility.
• Better Click-Through Rates: Users are more likely to click on secure sites in search results.
• Indexing: Search engines prioritize indexing secure websites.

Converting to HTTPS is a strategic move that not only secures your website but also enhances its performance and credibility.

Preparing for the Conversion: Essential Steps

Before initiating the conversion from HTTP to HTTPS, it’s essential to prepare thoroughly to ensure a smooth transition.

Pre-Conversion Checklist

1. Backup Your Website: Safeguard your website by creating a complete backup.
2. Audit Your Current Site: Identify all pages, resources, and external links.
3. Update CMS and Plugins: Ensure your Content Management System (CMS) and plugins are up-to-date.
4. Obtain an SSL/TLS Certificate: Choose the right certificate based on your needs.
5. Plan for Redirection: Decide on redirect strategies to maintain SEO rankings.
6. Notify Stakeholders: Inform team members and users about the upcoming changes.
7. Check for Mixed Content: Identify and resolve any HTTP content on your website.

Importance of Preparation

• Minimizes Downtime: Proper preparation reduces the risk of website downtime.
• Maintains SEO Rankings: Ensures that search engines correctly index your secure site.
• Prevents Security Gaps: Identifies and fixes potential vulnerabilities before conversion.
• Enhances User Experience: Ensures a seamless transition for users without disruptions.

Common Preparatory Tasks

• Content Audit: Review all content to ensure compatibility with HTTPS.
• Technical Audit: Check server configurations and software compatibility.
• Stakeholder Engagement: Communicate with developers, designers, and marketing teams to coordinate efforts.

Thorough preparation sets the foundation for a successful conversion, safeguarding both your website and its users.

Choosing the Right SSL/TLS Certificate for Your Website

Selecting the appropriate SSL/TLS certificate is crucial for effective website security. There are various types of certificates tailored to different needs.

Types of SSL/TLS Certificates

1. Domain Validated (DV) Certificates:
   • Validation: Basic verification of domain ownership.
   • Use Case: Personal blogs, informational websites.
   • Security Level: Standard encryption.
2. Organization Validated (OV) Certificates:
   • Validation: Verify domain ownership and organizational information.
   • Use Case: Small to medium-sized businesses.
   • Security Level: Higher trust with organization details.
3. Extended Validation (EV) Certificates:
   • Validation: Comprehensive verification of domain and organization.
   • Use Case: E-commerce sites, financial institutions.
   • Security Level: Highest trust with green address bar in browsers.
4. Wildcard Certificates:
   • Validation: Secure unlimited subdomains under a single domain.
   • Use Case: Websites with multiple subdomains.
   • Security Level: Flexible for expanding sites.
5. Multi-Domain (SAN) Certificates:
   • Validation: Secure multiple domains with a single certificate.
   • Use Case: Companies managing several domains.
   • Security Level: Efficient for managing multiple sites.

Factors to Consider When Choosing a Certificate

• Website Type and Requirements: Determine the level of security needed based on website functions.
• Budget: SSL certificates vary in price; choose one that fits your budget without compromising security.
• Number of Domains/Subdomains: Select a wildcard or multi-domain certificate if you have multiple subdomains or domains.
• Validation Level: Higher validation levels (OV, EV) provide greater trust but involve more rigorous verification.

Recommended SSL/TLS Certificate Providers

• 10 Best SSL Certificate Providers

Choosing the right SSL/TLS certificate aligns with your website’s security needs and operational requirements, ensuring optimal protection and trustworthiness.

Installing the SSL/TLS Certificate on Your Web Server

Once you’ve selected the appropriate SSL/TLS certificate, the next step is to install it on your web server. The installation process varies based on your hosting environment and server type.

General Installation Steps

1. Generate a CSR (Certificate Signing Request):
   • Use your server’s control panel or software to generate a CSR.
   • Provide necessary information like domain name and organization details.
2. Submit the CSR to Your Certificate Authority (CA):
   • Follow the CA’s instructions to submit the CSR.
   • Complete any required validation steps.
3. Receive and Download the SSL Certificate:
   • Once validated, the CA will issue your SSL certificate.
   • Download the certificate files, including any intermediate certificates.
4. Install the SSL Certificate on Your Server:
   • Use your server’s control panel or terminal to upload and install the certificate.
   • Ensure that both the primary and intermediate certificates are correctly installed.
5. Configure Your Server for HTTPS:
   • Update server settings to handle HTTPS requests.
   • Enable necessary protocols and ciphers for secure connections.
6. Restart Your Web Server:
   • Apply the changes by restarting your server services.

Installation on Common Web Servers

Apache

1. Locate the Configuration File:
   • Typically found at /etc/httpd/conf/httpd.conf or /etc/apache2/sites-available/your-site.conf.
2. Update the VirtualHost Section:

   <VirtualHost *:443>
       ServerName www.yourdomain.com
       DocumentRoot /var/www/html
       
       SSLEngine on
       SSLCertificateFile /path/to/your_certificate.crt
       SSLCertificateKeyFile /path/to/your_private.key
       SSLCertificateChainFile /path/to/intermediate_certificate.crt
   </VirtualHost>
   

3. Enable SSL Module:

   sudo a2enmod ssl
   

4. Restart Apache:

   sudo systemctl restart apache2
   

Nginx

1. Locate the Server Block File:
   • Typically found at /etc/nginx/sites-available/your-site.
2. Update the Server Block:

   server {
       listen 443 ssl;
       server_name www.yourdomain.com;
   
       ssl_certificate /path/to/your_certificate.crt;
       ssl_certificate_key /path/to/your_private.key;
       ssl_trusted_certificate /path/to/intermediate_certificate.crt;
   
       root /var/www/html;
       index index.html index.htm;
   }
   

3. Test Nginx Configuration:

   sudo nginx -t
   

4. Reload Nginx:

   sudo systemctl reload nginx
   

Troubleshooting Common Installation Issues

• Certificate Mismatch: Ensure that the certificate matches the domain name.
• Incomplete Certificate Chain: Verify that intermediate certificates are correctly installed.
• Server Configuration Errors: Double-check server settings and syntax.
• Firewall Blocking Port 443: Ensure that your firewall allows HTTPS traffic on port 443.

Proper installation of the SSL/TLS certificate is essential for ensuring secure data transmission and avoiding accessibility issues for your website.

Updating Website Links and Resources to HTTPS

After installing the SSL/TLS certificate, it’s crucial to update all website links and resources from HTTP to HTTPS to avoid security warnings and mixed content issues.

Steps to Update Links

1. Update Internal Links:
   • Change all hard-coded HTTP links within your website content to HTTPS.
   • Example: Replace http://www.yourdomain.com/page with https://www.yourdomain.com/page.
2. Update Navigation Menus:
   • Ensure that all links in your navigation menus point to HTTPS URLs.
3. Update Images, Scripts, and Stylesheets:
   • Modify the sources of all images, JavaScript files, and CSS files to use HTTPS.
   • Example: Change <img src="https://www.yourdomain.com/image.jpg"> to <img src="https://www.yourdomain.com/image.jpg">.
4. Update External Resources:
   • Replace any external HTTP resources with their HTTPS counterparts if available.
   • Avoid using resources that do not support HTTPS.
5. Update Canonical URLs:
   • Ensure that canonical tags use HTTPS URLs to inform search engines of your preferred URL structure.
6. Review CMS Settings:
   • For Content Management Systems (CMS) like WordPress, update the site URL settings to HTTPS.
   • Example: In WordPress, navigate to Settings > General and update the WordPress Address (URL) and Site Address (URL) to HTTPS.
7. Use Relative URLs Where Possible:
   • Employ relative URLs for internal links to automatically use the current protocol, reducing the need for manual updates.

Addressing Mixed Content Warnings

Mixed Content occurs when HTTPS pages load both secure (HTTPS) and insecure (HTTP) resources. To resolve mixed content issues:

1. Identify Mixed Content:
   • Use browser developer tools or online scanners like Why No Padlock to find mixed content on your site.
2. Update Resource URLs:
   • Change all HTTP resource URLs to HTTPS in your website’s code.
3. Use Protocol-Relative URLs:
   • Remove the protocol (http: or https:) from URLs, allowing the browser to use the current protocol.
   • Example: Replace http://www.yourdomain.com/script.js with //www.yourdomain.com/script.js.
4. Host Resources Locally:
   • Download and serve external resources from your own server over HTTPS.

Example: Updating Links in HTML

Before HTTPS:

<a href="http://www.yourdomain.com/page">Visit Page</a>
<img src="https://www.yourdomain.com/image.jpg" alt="Image">
<script src="https://www.yourdomain.com/script.js"></script>

After HTTPS:

<a href="https://www.yourdomain.com/page">Visit Page</a>
<img src="https://www.yourdomain.com/image.jpg" alt="Image">
<script src="https://www.yourdomain.com/script.js"></script>

Benefits of Updating Links to HTTPS

• Eliminates Security Warnings: Prevents browsers from displaying “Not Secure” messages.
• Improves SEO: Search engines favor secure websites in their rankings.
• Enhances User Trust: Users are more likely to engage with secure websites.

Updating all website links to HTTPS is a critical step in ensuring a fully secure and trustworthy online presence.

Setting Up 301 Redirects from HTTP to HTTPS

To maintain SEO value and ensure users are automatically directed to your secure site, setting up 301 redirects from HTTP to HTTPS is essential.

What is a 301 Redirect?

• 301 Redirect: A permanent redirect from one URL to another.
• Purpose: Informs search engines and browsers that the page has moved permanently to a new location.
• SEO Benefit: Preserves page rankings and link equity during the transition.

How to Implement 301 Redirects

Apache Web Server

1. Edit the .htaccess File:
   • Located in the root directory of your website.
2. Add the Following Redirect Code:

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   

3. Save and Upload the .htaccess File.
4. Restart Apache:

   sudo systemctl restart apache2
   

Nginx Web Server

1. Edit the Server Block Configuration:
   • Typically found at /etc/nginx/sites-available/your-site.
2. Add a Server Block for HTTP to HTTPS Redirect:

   server {
       listen 80;
       server_name yourdomain.com www.yourdomain.com;
       return 301 https://$host$request_uri;
   }
   

3. Save and Close the Configuration File.
4. Test Nginx Configuration:

   sudo nginx -t
   

5. Reload Nginx:

   sudo systemctl reload nginx
   

IIS (Internet Information Services)

1. Open IIS Manager.
2. Select Your Website.
3. Install URL Rewrite Module if not already installed.
4. Add a New Rule:
   • Go to URL Rewrite.
   • Click Add Rule(s) and select Blank Rule.
5. Configure the Rule:
   • Name: Redirect to HTTPS.
   • Match URL: * (all URLs).
   • Conditions: Add a condition where {HTTPS} is off.
   • Action: Redirect to https://{HTTP_HOST}/{R:0} with a 301 (Permanent) status code.
6. Apply the Rule and Restart IIS.

Verifying 301 Redirects

• Use Online Tools: Tools like Redirect Checker can verify if redirects are correctly set up.
• Browser Testing: Manually enter an HTTP URL and ensure it redirects to HTTPS.
• Monitor Server Logs: Check access logs to confirm that redirects are occurring as intended.

Importance of 301 Redirects

• SEO Preservation: Maintains search engine rankings by transferring SEO value from HTTP to HTTPS URLs.
• User Experience: Ensures that users automatically reach the secure version without manual intervention.
• Avoiding Duplicate Content: Prevents search engines from indexing both HTTP and HTTPS versions of your site, which can lead to duplicate content issues.

Implementing 301 redirects is a critical step in seamlessly transitioning to HTTPS while preserving your website’s SEO performance and user experience.

Updating Your Website’s Configuration and Settings

After setting up redirects and updating links, it’s essential to update your website’s configuration and settings to fully adopt HTTPS.

Steps to Update Configuration

1. Update CMS Settings:
   • For platforms like WordPress, update the site URL in Settings > General to use HTTPS.
2. Update Hard-Coded Links:
   • Ensure all internal hard-coded links in the website’s code use HTTPS.
3. Update API Endpoints:
   • Change any API endpoints from HTTP to HTTPS in your website’s backend services.
4. Update CDN Settings:
   • If using a Content Delivery Network (CDN), configure it to serve content over HTTPS.
5. Update External Services:
   • Inform third-party services and integrations (e.g., payment gateways, analytics) to use HTTPS URLs.
6. Update Sitemap and Robots.txt:
   • Ensure that your sitemap lists HTTPS URLs.
   • Update the robots.txt file if it contains any absolute URLs.
7. Update Social Media Links:
   • Change any links to your site on social media profiles to HTTPS.
8. Update Google Search Console and Analytics:
   • Add the HTTPS version of your site to Google Search Console.
   • Update the site URL in Google Analytics settings.

Configuration for Common CMS Platforms

WordPress

1. Update Site URL:
   • Navigate to Settings > General.
   • Change WordPress Address (URL) and Site Address (URL) to https://www.yourdomain.com.
2. Use Plugins for HTTPS Migration:
   • Install plugins like Really Simple SSL to automate HTTPS configuration.
3. Search and Replace HTTP Links:
   • Use plugins like Better Search Replace to update all instances of HTTP to HTTPS in the database.

Joomla

1. Update Configuration File:
   • Open configuration.php.
   • Set $live_site = 'https://www.yourdomain.com';.
2. Enable HTTPS in Global Configuration:
   • Navigate to System > Global Configuration > Server.
   • Set Force SSL to Entire Site.
3. Update Menu Links:
   • Ensure all menu item URLs use HTTPS where necessary.

Drupal

1. Update Site URL:
   • In the administrative interface, go to Configuration > System > Site information.
   • Change Default front page and other URLs to HTTPS.
2. Use Modules for HTTPS Configuration:
   • Install modules like Secure Login to enforce HTTPS on login pages.
3. Update .htaccess File:
   • Add rewrite rules to redirect HTTP to HTTPS if needed.

Benefits of Updating Configuration and Settings

• Consistent Security: Ensures all parts of your website operate securely over HTTPS.
• Improved SEO: Maintains and boosts your search engine rankings by fully adopting HTTPS.
• Enhanced User Trust: Provides a seamless and secure browsing experience, increasing user confidence.

Updating your website’s configuration ensures that every aspect of your site leverages the security benefits of HTTPS, providing a robust and trustworthy online presence.

Testing Your HTTPS Implementation for Security and Functionality

After completing the conversion, it’s imperative to test your HTTPS implementation to ensure that everything functions correctly and securely.

Key Testing Areas

1. SSL Configuration:
   • Verify that the SSL certificate is correctly installed and not expired.
   • Ensure that the certificate matches your domain name.
2. Mixed Content:
   • Check for any remaining HTTP resources that can cause mixed content warnings.
   • Use tools like Why No Padlock to identify mixed content issues.
3. Redirects:
   • Confirm that all HTTP pages correctly redirect to their HTTPS counterparts.
   • Ensure there are no redirect loops or broken links.
4. Functionality Testing:
   • Navigate through various pages to ensure all features work as intended.
   • Test forms, login processes, and other interactive elements.
5. Browser Compatibility:
   • Test your website on different browsers (Chrome, Firefox, Safari, Edge) to ensure consistent behavior.
   • Verify that the padlock icon appears correctly in the address bar.
6. Performance Testing:
   • Assess website loading times before and after conversion.
   • Use tools like GTmetrix or Google PageSpeed Insights to evaluate performance.
7. Security Testing:
   • Use online tools like SSL Labs to perform a comprehensive security assessment of your SSL configuration.
   • Check for vulnerabilities and ensure that best practices are followed.

Tools for Testing HTTPS Implementation

Common Issues and Solutions

• Expired SSL Certificate:
  • Solution: Renew the certificate through your CA before expiration.
• Mismatched Certificate:
  • Solution: Ensure that the certificate is issued for the correct domain name.
• Mixed Content Warnings:
  • Solution: Update all HTTP resources to HTTPS or remove them if unnecessary.
• Redirect Loops:
  • Solution: Review and correct redirect rules in your server configuration.

Example: Using SSL Labs

1. Visit SSL Labs SSL Test: Go to SSL Labs.
2. Enter Your Domain: Input your website’s domain name.
3. Start the Test: Click Submit to begin the analysis.
4. Review the Results: Examine the grades, highlighted issues, and recommended fixes.

Importance of Thorough Testing

• Ensures Security: Validates that all data transmissions are secure.
• Maintains Functionality: Confirms that all website features operate seamlessly post-conversion.
• Enhances User Experience: Prevents disruptions and security warnings that can deter users.

Comprehensive testing guarantees that your transition to HTTPS is successful, secure, and user-friendly.

Monitoring and Maintaining Your HTTPS Site

Converting to HTTPS is not a one-time task. Continuous monitoring and maintenance are essential to ensure ongoing security and performance.

Ongoing Maintenance Tasks

1. Regular SSL/TLS Certificate Renewals:
   • Keep track of certificate expiration dates.
   • Renew certificates promptly to avoid lapses in security.
2. Monitor Server Security:
   • Keep server software and applications updated.
   • Apply security patches as they become available.
3. Monitor SSL Configuration:
   • Regularly review your SSL settings to comply with current best practices.
   • Disable outdated protocols and ciphers to enhance security.
4. Use Security Headers:
   • Implement headers like HSTS (HTTP Strict Transport Security) to enforce HTTPS.
   • Add Content Security Policy (CSP) to prevent cross-site scripting attacks.
5. Regular Security Audits:
   • Perform periodic security assessments using tools like SSL Labs and vulnerability scanners.
   • Address any identified vulnerabilities promptly.
6. Monitor Website Performance:
   • Continuously monitor loading times and performance metrics.
   • Optimize resources to maintain fast and efficient website performance.
7. Backup Your Website Regularly:
   • Schedule regular backups to safeguard against data loss.
   • Store backups securely and verify their integrity periodically.
8. Monitor Traffic and Security Logs:
   • Analyze server logs for unusual activity or potential security threats.
   • Use monitoring tools to alert you to suspicious behavior.

Implementing Security Headers

• HSTS (HTTP Strict Transport Security):
  • Enforces secure connections by telling browsers to automatically use HTTPS.
  • Example header:

    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    

• Content Security Policy (CSP):
  • Prevents cross-site scripting and other code injection attacks.
  • Example header:

    Content-Security-Policy: default-src 'self'; img-src 'self' https://trusted.com;
    

Automating Maintenance Processes

• Automated Certificate Renewal:
  • Use services like Let’s Encrypt that offer automated SSL certificate renewals.
• Security Plugins and Tools:
  • Install plugins for CMS platforms that monitor and enforce security standards.
• Continuous Monitoring Services:
  • Utilize third-party monitoring services to keep an eye on your website’s security and performance.

Importance of Ongoing Monitoring and Maintenance

• Sustained Security: Protects against emerging threats and vulnerabilities.
• Consistent Performance: Ensures that your website remains fast and responsive.
• User Trust: Maintains the trust and confidence of your website visitors.
• Compliance: Helps in adhering to evolving data protection and security regulations.

Maintaining your HTTPS site through regular monitoring and updates is vital for ensuring long-term security, performance, and trustworthiness.

Frequently Asked Questions (FAQ)

Is it free to convert my website from HTTP to HTTPS?

Yes and No. Obtaining an SSL certificate from authorities like Let’s Encrypt is free, but some certificates from premium providers may incur costs. Additionally, implementation might require technical resources.

Can converting to HTTPS negatively impact my website’s SEO?

No. When done correctly with proper redirects, converting to HTTPS can enhance your SEO since HTTPS is a ranking factor for search engines.

Will my website load slower after switching to HTTPS?

No. Modern server optimizations and protocols like HTTP/2 can actually improve loading times. Any minor delays are typically negligible.

Do I need to buy an SSL certificate to use HTTPS?

No. Free SSL certificates are available from providers like Let’s Encrypt. However, paid certificates offer additional features and validation levels.

Can I convert my website to HTTPS without any downtime?

Yes. By carefully following the conversion steps and planning, you can convert to HTTPS with minimal or no downtime.

Does HTTPS protect against all types of cyberattacks?

No. While HTTPS secures data transmission, other security measures are necessary to protect against various cyber threats like malware, phishing, and server vulnerabilities.

Is HTTPS required for all websites?

No, but it is highly recommended for any site that handles sensitive data, user information, or aims to build trust with its audience.

Can I switch back to HTTP after converting to HTTPS?

Yes, but it is discouraged due to security risks and potential loss of SEO benefits. Reverting may also confuse users and search engines.

Does HTTPS ensure that my website is fully secure?

No. HTTPS secures data transmission, but comprehensive website security involves additional measures like regular updates, strong passwords, and secure server configurations.

Will my old HTTP URLs disappear from search engines after converting to HTTPS?

Yes. With proper 301 redirects, search engines will gradually replace HTTP URLs with HTTPS, preserving SEO rankings and traffic.

Conclusion

Converting your website from HTTP to HTTPS is a vital step in securing your online presence, enhancing user trust, and improving your website’s performance and SEO rankings. By following this step-by-step guide to convert HTTP to HTTPS, you ensure that your website not only meets modern security standards but also provides a safe and reliable experience for your visitors.

Key Takeaways

• Understand the Difference: Grasp the fundamental distinctions between HTTP and HTTPS and their implications for security.
• Choose the Right SSL/TLS Certificate: Select a certificate that aligns with your website’s needs and security requirements.
• Thorough Preparation: Audit and prepare your website to facilitate a smooth transition to HTTPS.
• Implement Correctly: Follow detailed installation and configuration steps to avoid common pitfalls.
• Ensure Comprehensive Updates: Update all links, resources, and settings to fully adopt HTTPS.
• Test Rigorously: Conduct extensive testing to validate the security and functionality of your HTTPS implementation.
• Maintain Diligently: Engage in ongoing monitoring and maintenance to uphold your website’s security and performance.

By prioritizing these steps, you can successfully convert your website to HTTPS, safeguarding your data, boosting your SEO, and fostering a trustworthy environment for your users.

Useful Resources

• Let’s Encrypt – Free SSL/TLS certificates provider.
• SSL Labs by Qualys – Comprehensive SSL testing tool.
• Why No Padlock – Tool to identify mixed content issues.
• Google PageSpeed Insights – Performance analysis tool.
• Mozilla Developer Network – SSL – In-depth SSL documentation.
• SSL Checker – Verify SSL certificate installation.
• Content Security Policy (CSP) Guide – Implementing CSP for enhanced security.
• HSTS Preload List Submission – Submit your site for HSTS preloading.
• ACME Protocol Specification – Protocol used by Let’s Encrypt for automated certificate issuance.
• Better Search Replace Plugin for WordPress – Update URLs in WordPress database.