HTTPS Migration Checklist

October 22, 2017 by David Ugale

If you’ve decided to migrate your website to https, you’ve probably already realized that it isn’t necessarily a straightforward process. For many, it can be a daunting task with a lot of small details that have the potential to cause problems down the road.

We’ve put together a list of steps to help you through the process, divided into pre-migration, migration, and post-migration tasks.

For the pre-migration tasks, we highly recommend that you set up a development/test version of your website where you can complete and test each item before going live with the changes. However, this will require that you install an SSL certificate for the development version. If setting up a development/test version isn’t possible, the pre-migration steps would need to be done on the live website.


  1. Make a backup copy of your existing website, including all of the files and any databases that it uses.
  2. Set up a development/test copy of your website. This can either be on the same server or on a different server.
  3. Assign a separate domain name to your development/test copy or create a new DNS A Record (example:
  4. On the development/test copy of your website:
    • Install an SSL certificate. The SSL certificate should be SHA-2. Note: to obtain a free SSL certificate, you can use Let’s Encrypt.
    • Update the web server configuration to use the new SSL version of the website.
    • If you use an .htaccess file, set up a rewrite rule that redirects all http requests to https using a 301 redirect.
    • Update all absolute URLs to use https instead of http. Alternatively, you could update all of the absolute URLs so that they are relative URLs instead.
    • Update canonical tags to use https instead of http.
    • Update the robots.txt file, if necessary
  5. Crawl the development/test copy of your website to get a current snapshot. You can use a tool like Screaming Frog SEO Spider to generate some useful reports.
    • Fix any pages that have insecure (mixed) content so that all of the images and internal URLs are served over https.
    • Fix any internal redirects (pages that redirect to another page on your website). Instead of linking to a page that redirects, try to have the link go directly to the final destination URL.
    • Re-crawl the development/test copy and fix any remaining issues.
  6. Create a sitemap file that uses the new https URLS.
  7. If you are using Google Search Console, add a new property for your https domain (example:
  8. If you are using Bing Webmaster Tools, add a new site for your https domain (example:
  9. Begin monitoring the search engine traffic for your top pages. This will help you compare how your website is performing later.
  10. Install and configure an SSL certificate on the live site.
  11. Prepare a list of any 3rd party programs that need to be updated to https (i.e. newsletters, tracking scripts, and ads).



  1. Update the live version of your website by publishing the updates that you made on the development/test copy to make it https.
  2. If you use the Apache web server and have an .htaccess file, make sure that there are no https redirect rules that will cause issues with the website. Once you update the live site, this will allow the new URLs to work.
  3. Update the .htaccess file with any additional changes that you made on the development/test copy.
  4. Verify that the live site version is working with the new https changes.
  5. Verify that the canonical tags are correct.
  6. Confirm that the http version of the pages are redirecting to the new https versions.
  7. Update the robots.txt file, if necessary.
  8. Update 3rd party programs (i.e. newsletters, tracking scripts, and ads) to https.


  1. Crawl the live version of your website to identify any insecure (mixed) content or unwanted redirects.
  2. Upload and submit the new https sitemap for both the http and https versions of your website to Google Search Console and Bing Webmaster Tools.
  3. Update any external links (i.e. social media like Facebook and Twitter) to your website so that they use the new https URLs.
  4. Update email signatures to use the new https URL.
  5. Continue to monitor search engine traffic for your top pages.
  6. Check for any errors in Google Search Console.
  7. Contact other website owners and affiliates that link to your website and notify them of your new https URL.