Lock your doggy doors, Google prefers SSL sites
Google has made a big announcement recently that will soon affect everyone's SEO strategy. There are, however, some things to keep in mind:
- At the moment, this affects very few queries. In fact, this it is currently fewer than 1%
- This is not considered a very strong signal for SEO. Good content is still, by far, King
Let's take this time, however, and get your site ready for the future!
SSL Certificates and you
SSL certificates come in all shapes and sizes. Don't, however, be tricked in over paying! At Chillidog Hosting we offer two options for a very good reason. These are the only two you could possibly need! In general, here is what you should look for when purchasing a certificate:
- 256bit encryption. This is the modern standard for new certificates.
- If it protects www. and non-www. versions of your site. For instance,
http://chillidogsoftware.comvs.http://www.chillidogsoftware.com
Keep in mind, basic certificates only protect a single domain. For instance, if you wanted to protect a blog URL such as blog.chillidogsoftware.com and www.chillidogsoftware.com, then you may need two certificates!
Do I need a Wildcard certificate?
Probably not. You only need a Wildcard certificate if you need to protect your domain and all sub-domains. Wildcard certificates are considerably more expensive than basic or standard SSL certificates. The only feature they have over basic certificates is that they can protect your site and all sub-domains. There is no additional security benefit from a Wildcard SSL certificate.
Getting RapidWeaver ready for SSL
To get RapidWeaver ready for SSL, all you need to do is add https:// to your Web Address in your Site Setup. After Republishing All Files in RapidWeaver, your URLs and resources will be referenced via HTTPS.
Hosting requirements
Your hosting company must allow you to supply and install your own SSL certificate. Some companies may require that you purchase a dedicated IP which may have additional fees. Please contact your hosting company about this. Chillidog Hosting does not charge any additional fees to install and use SSL.
A note about SNI
I wouldn't be doing my job if I didn't mention SNI. SNI simply allows you to use SSL on a shared IPv4 address. This is great for users because it avoids having to obtain a dedicated IP and saves you money! Be aware, however, that not all browsers and operating systems support SNI! SNI is not supported in:
- Windows XP
- Mac OS versions less than 10.5.7
- Internet Explorer version 7 or less
- Safari v3 or less
As you can see, the list of browsers and operating system is pretty old! Thankfully, the usage of these browsers are declining pretty rapidly.
Hosting setup
Let's walk you through how to set up SSL. These screenshots are specific to Chillidog Hosting, however, others may find their host to be similar. Please contact your hosting company if you have any questions. Let's start in the control panel SSL/TLS manager.
The SSL process will have us "walk" down this list of items. We will start at the top by generating the Public/Private keys and work our way down to the installation of our shiny new SSL certificate!
Generate Keys
We are going to start by generating the public and private keys. Simply enter a meaningful description and hit 'Generate'.
Generate Certificate Signing Request (CSR)
Next, we are going to generate a Certificate Signing Request. There are additional details required for the signing request including, name, city, country, and email. Required fields will be marked accordingly. Please note, do not include http:// in the domain's URL.
Once you generate the CSR, simply copy the entire request. For now, should save this in a text editor such as TextWrangler or BBEdit. The CSR will be used to configure the certificate.
Purchasing a certificate
Now we're ready to go purchase a SSL certificate for our site. SSL Certificate prices vary. Currently, SSL Certificates at Chillidog Hosting start at $14.95/yr.
Viewing certificate details
After completing checkout, the certificate will appear within your 'Services' menu. From the Services page, we will 'View Details' on the certificate.
Configuring a certificate
Since our certificate hasn't been configured, let's do this now.
In order to configure the certificate, we need to provide the CSR and server type. Chillidog uses WHM/cPanel as shown but please contact your hosting company for the proper settings here!
Choosing an approval email
This brings us to a very important portion of the configuration process. The SSL certificate must be approved by the domain owner. The emails generated here consist of typical system admin and domain admin email addresses. The admin email is taken from the domain's WHOIS record. If you have privacy protection enabled, this email address may not forward properly! You must make sure that one email addresses are valid. An easy way to test if these addresses work is to send yourself a test message and see if it bounces!
There are two options at Chillidog Hosting:
- You can create a mailbox at your email provider. For instance, Chillidog Hosting users can create an email account within their control panel for
admin@example.comfor this process. Once this process is complete, the email may be deleted or - You can utilize a 'Catch All' mailbox. Mailboxes which don't exist, can be delivered or forwarded to a default account. Please see the 'Default address' section within the control panel
Please remember, once you hit continue, you can not change the approval email address. Please be sure to test and verify that the email address you selected works!
Installing a certificate
Once your certificate is approved, it will be emailed to you as a zip file. Inside the zip file, you'll find a yourdomain_com.crt. This is your certificate! Let's jump back to SSL/TLS Manager in the control panel and install it.
In the Certificates (CRT) section, we'll simply upload (or paste) in our .crt file and hit 'Save'.
Activating your certficate
The final step to getting your certificate set up is to activate it. Under the 'Install and Manage SSL for your site (HTTPS)' simply choose your domain from the drop down list and select 'Autofill by Domain' and 'Install' at the bottom of the page.
That's it. Please keep in mind that it may take about 10 minutes for Apache to restart and the SSL version of your site to begin working. This may seem long and tedius, but, with this guide, it's just a few simple hoops to jump through and you'll be on your way.
Republish all files
Now is a great time to 'Republish all files' in RapidWeaver with the aforementioned HTTPS URL scheme.
.htaccess changes (optional)
If you'd like to force all traffic on your site to use HTTPS instead of HTTP, please add the following code to your .htaccess file. Please note that you must change yourdomain.com to your actual domain name.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]
Help! My site doesn't show a 'lock icon!
A page is not considered secure unless all resources on the page are served over a secure connection. That's means that any Javascript or CSS file included on your page may break SSL on your site. To make matters worse, these files can come from a Stack or even the RapidWeaver theme itself! An easy way to identify what is being referenced via HTTP is to use a Web Inspector and search your page for http://. Here is an example of the using the Chrome Web Inspector to search Chillidog Software:
In summary, there is no need to panic. This currently is not impacting very many sites or users. In the future, Google may decide to rank sites higher that use SSL. Setting up SSL on your site now means that you're ahead of the game. I do admit, however, it isn't currently the easiest process but it is fairly streamlined. If there are additional questions, just let me know!
Your top dog, Greg