Configuring HTTPS and SSL certificates (my roadmap)
Senior SEO-specialist
HTTPS has been the standard for years – and for good reason. It provides an encrypted connection between browser and server, which is essential for security as well as SEO. Yet I still see sites without SSL or with wrong settings. In this article: my practical roadmap to implement HTTPS correctly.
1. Choose the right SSL certificate
Not every certificate is the same. You have a choice of:
Types of certificates:
- DV (Domain Validated) – sufficient for 99% of websites
- OV (Organization Validated) – more trust, especially with business portals
- EV (Extended Validation) – green lock + company name in address bar (increasingly irrelevant)
Do you use WordPress or a simple site? Then a free Let’s Encrypt certificate is usually sufficient.
2. Install the certificate on the server
Installation varies by hosting party. In many cases it is a matter of one click through the hosting panel.
Examples:
- Cloudways / Kinsta / SiteGround → integrated Let’s Encrypt installation
- Plesk / DirectAdmin / cPanel → upload .crt and .key files manually or via Let’s Encrypt addon
Are you using a VPS? Then you install the certificate through the terminal, often with Certbot:
bash
sudo certbot --apache
or
bash
sudo certbot –nginx
Getting started with SEO? Feel free to get in touch.
3. Force HTTPS in your configuration
After installation, make sure all traffic is redirected to the HTTPS variant.
Options:
- .htaccess (Apache):
apacheconf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
- nginx.conf:
nginx
RewriteEngine On
server {
listen 80;
server_name jouwsite.nl;
server_name jouwsite.nl;
return 301 https://jouwsite.nl$request_uri;
}
- WordPress: change the Site URL as well as WordPress URL in the settings.
4. Check for mixed content
A common problem is mixed content: the HTML loads over HTTPS, but images or scripts load over HTTP. This causes security warnings.
Resolve:
- Search the database for http://jouwdomein.nl and replace it with https://….
- Use a plugin such as Better Search Replace or Really Simple SSL
- Check the site via DevTools (Console tab → alerts)
5. Update your sitemap and robots.txt
Make sure all references to HTTP are replaced with HTTPS.
- Sitemap.xml → all URLs must point to HTTPS
- Robots.txt → modify the Sitemap:-line
- 301 redirects → check that old HTTP links are properly redirected
Resubmit your sitemap to Google Search Console (under ‘Sitemaps’)
6. Test if everything is set correctly
Use a tool to check your HTTPS setup:
- SSL Labs Test
- Why No Padlock
- Redirect Checker
Notice:
- Certificate valid?
- No mixed content?
- 301 redirects correct?
In conclusion
HTTPS is no longer an “extra,” it is a basic requirement. Not only for SEO and user confidence, but also for compatibility with modern browsers and tools. With this roadmap, you’ll have a secure, properly set up HTTPS site – with no detours or loose ends.
