What can go wrong when migrating a website to HTTPS?

Today Google finally came with a clear statement about HTTPS: HTTPS as a ranking signal. So what will happen in the upcoming months is that lot’s of companies are going to buy some SSL certificates and migrate their website to a new domain. Sounbds easy, but in practice this is a complicate challenge which will be different for every websites.

Never forget: there will be a temporary traffic loss from organic traffic, even when everything is properly executed. Be prepared for that, add some extra AdWords budget for example to make sure sales are not decreasing to much. The biggest risk of not doing a migration properly is traffic loss over a longer period instead of just a temporary loss.


SSL Certificate issues

  1. The SSL certificate is not suitable for your website, be aware of the difference between single domain, multi domain and wildcard certificates.
  2. Using certificates with the wrong encryption level. Be aware of the different between keysizes. Google wants to see at least 2048-bit keys. More information about the Difference Between 1024bit, 2048bit and 4096bit SSL Root Keys
  3. If HTTPS is not implemented correctly it can increase page load time, which is a bigger ranking singal compared to HTTPS. It is dependent on the hardware used, server software, caching behavior of the clients visitors use and multiple other factors.
  4. Interested in the speed issues, read https://istlsfastyet.com/

Before migrating

  1. Pick the ideal time when everyone is available, the impact of less organic traffic will result in the most minimized loss in revenue. Make sure you know during which weeks / months the revenue is at the lowest point, so you avoid big losses.
  2. The absence of a structured schedule and the people involved in the project. Don’t forget external stakeholders, like affiliate networks, e-marketing providers, SEO & PPC agencies etc.
  3. Make sure everyone is aware of their responsibilities before, during and after the migration so you can be sure every needed action has taken place at the scheduled moment.
  4. Make sure you create a baseline report of the current traffic, rankings and define a maximum loss for both so you can monitor and report on the behaviour of the website in the SERPs during and after the migration.
  5. Crawl all your URLs so you can crawl them after the migration to check if every URL is redirected to the new HTTPS version.

Technical issues

  1. Not all domains are redirected to the https version, developers forget static content domains, image servers etc.
  2. Use 301 redirects, nothing else.
  3. Templates need to be changed to, check every link for hard coded links to the http:// environment
  4. Forgetting to set up a new Webmastertools account, or accounts when using subdirectories as main URLs. Make sure you verify the new domain, add your sitemap to increase crawling efficiency.
  5. Update your robots.txt and point to the new sitemap file.
  6. Update your most important external links, start with the ones you control and send out messages to the most valuable ones. Use MajesticSEO to download all your links look to the ones with the highest TrustFlow.
  7. Combine the migration with something newsworthy so media start writing about you. This will increase the crawling of your URLs and will increase the process within Google for crawling and indexing the new URLs.
  8. Make sure your analytics software is able to track all the new URLs correctly.
  9. Are you using website optimizing software, A/B tests, make sure they work properly after the redirect.
  10. After all redirects are live, crawl all your old URLs to be 100% sure you redirected every possible URL
  11. Once everything is set, track your rankings daily for both the old and the new URLs.
  12. After 3 or 4 days, the first data will be available within Webmastertools about possible crawling problems Google is having with the new website. Be sure you check WMT every day
  13. Crawl your website with ScreamingFrog and see if all the links are pointing to HTTPS urls, so there is consistent linking within your internal link structure and no unnecessary redirects are making the Googlebot tired.

I’m not saying you shouldn’t migrate, since I think every e-commerce website should be using a safe connection to guarantee data safety for their customers. It simply isn’t something you can do in a few hours. As you can see a lot can go wrong, so don’t hurry and make sure you have a decent overview of what needs to be done and what risks you are taking. I’m sure I will be missing a lot in this quick write up, so please add suggestions in the comments 🙂

Like I received in my e-mail this morning, if you need help with migrating, I’ll be able to support you and you’ll get a 50% discount if we sign a contract within 7 days!

Update 14:32 – John Mueller @JohnMu is answering questions about HTTPS and all the implications: https://plus.google.com/+JohnMueller/posts/e8bx5tLpvtm

Please contact me if you need any help with migrating your website!


Leave a Comment.