-
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathindex.html
767 lines (673 loc) · 63.4 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<script>(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement)</script>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Moving to HTTPS - migrate from HTTP to HTTPS with ease.</title>
<meta name="keywords" content="HTTPS migration, HTTP to HTTPS, moving from HTTP to HTTPS">
<meta name="description" content="Help guides on moving sites from HTTP to HTTPS">
<!-- favicon etc. generated from /images/owl.svg with realfavicongenerator.net -->
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16">
<link rel="manifest" href="/manifest.json">
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
<meta name="theme-color" content="#fef7e1">
<link href="https://fonts.googleapis.com/css?family=Bungee+Shade|Noto+Sans:400,400i,700,700i" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/7.0.0/normalize.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="/css/app.css">
</head>
<body>
<div class="container">
<nav class="nav">
<a title="Check out our blog for latest HTTPS news" href="https://blog.movingtohttps.com/" class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-rss fa-stack-1x fa-inverse"></i>
</a>
<a title="Follow us on Twitter" href="https://twitter.com/MovingtoHTTPS" class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-twitter fa-stack-1x fa-inverse"></i>
</a>
<a title="Join us on Facebook" href="https://www.facebook.com/movingtoHTTPS/" class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-facebook fa-stack-1x fa-inverse"></i>
</a>
<a title="Contribute to this guide on GitHub" href="https://github.com/MovingtoHTTPS" class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-github fa-stack-1x fa-inverse"></i>
</a>
</nav>
<header class="header">
<h1><a href="/">Moving to HTTPS Guide</a></h1>
</header>
<div class="middle">
<div class="sidebar">
<div class="ssowl block-spacing">
<img src="/images/owl.svg" alt="Owl logo" title="The SSowL">
</div>
<div class="about-site block">
<p>A community site to help site owners migrate to HTTPS with a simple tested process. Allowing you to filter the plan based on multiple platforms (<a href="/?platform=wordpress">WordPress</a>, <a href="/?platform=magento">Magento</a>, and more), hosting environments (<a href="/?hosting=cpanel">cPanel</a>, <a href="/?hosting=apache">Apache</a>, and more) along with the level of control / access you have over the site.</p>
<p>Are you migrating your site from HTTP to HTTPS? Join in with
<a rel="noopener" target="_blank" href="https://twitter.com/hashtag/movingtoHTTPS">#movingtoHTTPS</a></p>
<p>Looking to contribute? All of this content is available on <a rel="noopener" target="_blank" href="https://github.com/MovingtoHTTPS">GitHub</a>!</p>
<!-- Google Translate will show here -->
<div id="google_translate_element"></div>
</div>
<!-- Social counter -->
<div class="block">
<!-- product hunt, ref: https://www.yvoschaap.com/producthunt/button.html -->
<iframe src="https://yvoschaap.com/producthunt/counter.html#href=https%3A%2F%2Fwww.producthunt.com%2Fr%2F55d607e55028da%2F90301&layout=wide" width="100" height="22" scrolling="no" frameborder="0" allowtransparency="true"></iframe>
<!-- github, ref: https://ghbtns.com/ -->
<iframe src="https://ghbtns.com/github-btn.html?user=MovingToHTTPS&repo=movingtohttps.com&type=star&count=true" width="100" height="22" scrolling="no" frameborder="0" allowtransparency="true"></iframe>
</div>
</div>
<div id="app" class="main block">
<form id="config">
<div class="filters">
<div class="filter-block">
<label for="platform">Platform</label>
<br>
<select tabindex="1" name="platform" id="platform" v-model="platform">
<option v-for="(text, value) in options.platform" v-bind:value="value" v-text="text"></option>
</select>
</div>
<div class="filter-block">
<label for="hosting">Hosting / Web Server</label>
<br>
<select tabindex="1" name="hosting" id="hosting" v-model="hosting">
<option v-for="(text, value) in options.hosting" v-bind:value="value" v-text="text"></option>
</select>
</div>
<div class="filter-block">
<label for="control">Control</label>
<br>
<select tabindex="1" name="control" id="control" v-model="control">
<option v-for="(text, value) in options.control" v-bind:value="value" v-text="text"></option>
</select>
</div>
</div>
</form>
<hr>
<!-- Migration process -->
<main>
<!-- Short line showing selected filters -->
<p class="guide-introduction">
<small v-if="platform">
This guide is for moving {{ platformText }} sites<span v-if="hosting"> hosted with {{ hostingText }}</span> to HTTPS.
</small>
<small v-else-if="hosting">
This guide is for moving sites using {{ hostingText }} to HTTPS
</small>
<small class="print-hidden">- Use the above filters to suit your needs.</small>
</p>
<!-- if github, it's easiest to use Cloudflare -->
<p v-if="platform=='github'">For GitHub Pages with custom domains, you can now use HTTPS either via GitHub (<a rel="noopener" target="_blank" href="https://blog.github.com/2018-05-01-github-pages-custom-domains-https/">read more here</a>) or you can use Cloudflare to proxy the HTTPS. (<a rel="noopener" target="_blank" href="https://hackernoon.com/set-up-ssl-on-github-pages-with-custom-domains-for-free-a576bdf51bc">read more here</a>). Once setup follow the rest of this guide for further setup.
<br>Also if you don't use custom domains, <a rel="noopener" target="_blank" href="https://help.github.com/articles/securing-your-github-pages-site-with-https/">GitHub has a guide for this here</a>.</p>
<!-- Outline -->
<a class="toggle-section print-hidden" @click="showArea.outline = !showArea.outline">[Toggle]</a>
<h2 v-bind:class="showArea.outline ? '' : 'toggle-hidden-section print-hidden'">Outline</h2>
<ol class="process-outline" v-show="showArea.outline">
<li>
<h3><a href="#pre-move">Pre move</a></h3>
<p>Before actually moving you'll want prepare a little, this includes selecting the sort of SSL certificate you want ready in case you need to purchase it in advance.</p>
</li>
<li>
<h3><a href="#during-move">Moving day</a></h3>
<p>Time to get/buy, install and check the SSL certificate, fix mixed content issues, setup redirects and check 3rd party integrations.</p>
</li>
<li>
<h3><a href="#post-move">Post move</a></h3>
<p>Shortly after the initial move, check for new issues. Then once ready, setup the site to always use HTTPS.</p>
</li>
<li>
<h3><a href="#above-and-beyond">Going above and beyond</a></h3>
<p>For the A+ students, fixing further issues & similar security improvements.</p>
</li>
</ol>
<!-- Pre move -->
<a class="toggle-section print-hidden" @click="showArea.preMove = !showArea.preMove">[Toggle]</a>
<h2 id="pre-move" v-bind:class="showArea.preMove ? '' : 'toggle-hidden-section print-hidden'">Pre move</h2>
<ol v-show="showArea.preMove">
<li>
<h3>Select an SSL certificate</h3>
<p>There are 3 main types of certificates you can choose from for your site:</p>
<ul>
<li>Domain Validation <em>(DV)</em>
<ul>
<li>Standard SSL (Just as secure as other options).</li>
<li v-if="hosting == 'caddy'">Caddy has this built in for free with it's <a rel="noopener" target="_blank" href="https://caddyserver.com/docs/automatic-https">automatic HTTPS</a> feature!</li>
<li v-else>Free via Let's Encrypt & Cloudflare, or purchase available.</li>
<li>Normally issued in minutes.</li>
</ul>
</li>
<li>Organization Validation <em>(OV)</em>
<ul>
<li>Shows organization within certificate but largely appears the same as DV.</li>
<li>Requires purchase.</li>
<li>Can take several days to issue.</li>
</ul>
</li>
<li>Extended Validation <em>(EV)</em>
<ul>
<li>This used to show the organization in URL bar however this is <a rel="noopener" target="_blank" href="https://blog.mozilla.org/security/2019/10/15/improved-security-and-privacy-indicators-in-firefox-70/">no longer the case</a>.</li>
<li>Requires purchase, more expensive.</li>
<li>Can take up to a week to issue.</li>
</ul>
</li>
</ul>
<p v-if="hosting == 'cloudflare'">With Cloudflare, you get free DV certificates, however they do not allow use of custom certificates unless you use their Business ($200 a month) plan.</p>
<p>For most sites, DV certificates are exactly what you're looking for.</p>
<p>Another consideration is do you need this certificate for a single domain/subdomain or for multiple. There are single domain, multi domain and wildcard (all subdomains) certificates available from most SSL providers, though Let's Encrypt & Cloudflare require you setup each subdomain separately.</p>
<p>If you're just looking to secure your main domain a 1 or 2 DV certificates will work perfectly.
<br>Free DV certificates are available with <a rel="noopener" target="_blank" href="https://www.cloudflare.com/">Cloudflare</a>
<template v-if="control == 'max'">
and <a rel="noopener" target="_blank" href="https://letsencrypt.org/">Let's Encrypt</a>.</template>
<br>Many sites such as <a rel="noopener" target="_blank" href="https://www.ssls.com/">SSLs.com</a>
<template v-if="control == 'max'"> or <a rel="noopener" target="_blank" href="https://sslmate.com/">SSLmate</a></template> offer certificates.
</p>
<p>If you're interested in an OV or EV certificate, best to go ahead and purchase these in advance as they can take several days to be issued. They will also require proof of the organization's existence. But if you're selecting a DV certificate then you can wait till the moving day.</p>
<p>Once you've selected the certificate you're interested in you can move on to start migrating, but consider the following points to make sure you don't miss anything.</p>
<p v-if="hosting == 'cloudflare'">Cloudflares free certificate covers multiple subdomains but wildcard support is restricted to their Business plan. The certificates also <a rel="noopener" target="_blank" href="https://support.cloudflare.com/hc/en-us/articles/203041594-What-browsers-work-with-CloudFlare-s-SSL-certificates-">do not support</a> old browser/OS combinations such as Windows XP or OS X 10.5 or less.</p>
<p>If you use Load Balancers in front of your web servers then you'll later be installing the certificates onto these instead of the actual web servers. Some load balancers such as AWS ELB offer free SSL which could.</p>
</li>
<li v-if="hosting != 'caddy'">
<h3>Check to see if your hosting / provider already offers FREE SSL</h3>
<p>Though this is not yet the norm, as HTTPS becomes the default for a lot of sites, providers are starting to offer SSL included with hosting packages. You can check whether your hosting provider offers free SSL certificates <a rel="noopener" target="_blank" href="https://certbot.eff.org/hosting_providers">here</a>. It's worth contacting them to be sure.</p>
<p v-if="platform == 'rec'">REC offers both free and paid SSL via Let's Encrypt & Cloudflare.</p>
<p v-if="platform == 'wix'">Wix offer SSL on all sites though currently do not allow you to install custom certificates, but you can also use Cloudflare to provide this.</p>
<p v-if="platform == 'weebly'">
At the time of writing this, Weebly only support SSL on the Business+ plans and do not yet support custom SSL certificates. However you should be able to use Cloudflare to get around this for free.
<a rel="noopener" target="_blank" href="https://www.weebly.com/blog/ssl-certificate">Find out more here</a>
</p>
</li>
<li>
<h3>Do you have a test site?</h3>
<p>This is optional as most sites don't have access to a test site, nor will many sites actually require one anyway.</p>
<p>But if you are able to, making these changes on a test / staging version of your site first would reduce the risk that comes from editing a production site. </p>
</li>
<li>
<h3>Dedicate some time to your migration</h3>
<p>Installing a certificate can be pretty quick, though the actual full migration process can take a good chunk of time to properly complete. We'd advise starting the moving day portion of this guide when you have a few hours free. If everything goes smoothly it may take much less time, but it's worth having that spare time just in case.</p>
</li>
<li>
<h3>Make sure everyone involved in the site knows the migration is happening.</h3>
<p>For example, if your site has a separate marketing person or team, let them know what will be changing. Later on we'll be updating 3rd party links and they may need to be aware of the changes and make changes of their own.</p>
</li>
<li>
<h3>How will you track changes?</h3>
<p>In the event that the migration causes some short term disruptions in traffic and/or search rank, you'll want stats to fall back on and provide visibility of what exactly changed.</p>
<p>If you haven't already, setup <a rel="noopener" target="_blank" href="https://www.google.co.uk/analytics/">Google Analytics</a> or a similar service and let it run for at least a week to get a good idea of current traffic & behaviour.</p>
<p>It's also worth making sure you have <a rel="noopener" target="_blank" href="https://www.google.com/webmasters/">Google Search Console</a> (Webmaster tools) setup to track indexed pages and keywords used to find your site along with average position. You may also want to check out <a rel="noopener" target="_blank" href="https://www.bing.com/toolbox/webmaster">Bing's Webmaster Tools</a>.</p>
</li>
<li>
<h3>Consider making some changes pre migration</h3>
<p>Some changes such as fixing mixed content can often be done before the move.
<br>We've listed it later on as part of the migration flow, but feel free to skip ahead through the guide to ease the changes later.
<br>Other changes such as redirects & 3rd party changes must wait 'til you first have SSL installed.
</p>
</li>
<li>
<h3>Do you plan to move your entire site or just specific areas first?</h3>
<p>If you can, moving your entire site. It means more work upfront but given the SEO benefits and knowledge that your entire site is encrypted for users is worth it.</p>
<p>However, not all sites are able to do this at one, at the very least you'll need to setup HTTPS for any login forms, payment pages and any pages that require or reveal user details.</p>
<p>The rest of guide currently assumes you're moving your entire site so some parts of this you can skip or modify. E.g. you'll want to skip changing most 3rd party settings if the majority of your site is still over HTTP instead of HTTPS. You'd also want to not set up an entire site redirect, but instead redirect just the specific pages / sections over HTTPS and potentially setup redirects going the other way for pages required over HTTP fro HTTPS.</p>
</li>
<li>
<h3>Does your site have multiple variations?</h3>
<p>During the migration you'll need to be aware of all variations of your site such as multiple languages or location based changes or even AB tests in progress? During the mixed content fixing step you'll need to check all variations.</p>
</li>
<li v-if="hosting != 'cloudflare'">
<h3>Using a CDN?</h3>
<p>Check out your CDN's site to see if there's anything you need to change / be aware of during the migration process.</p>
</li>
</ol>
<!-- During move -->
<a class="toggle-section print-hidden" @click="showArea.duringMove = !showArea.duringMove">[Toggle]</a>
<h2 id="during-move" v-bind:class="showArea.duringMove ? '' : 'toggle-hidden-section print-hidden'">Moving day</h2>
<ol v-show="showArea.duringMove">
<li>
<h3>Get the certificate</h3>
<p>At this point, if you haven't previously got your SSL certificate, now is the time to do so.
<br>Already have your certificate? Skip this step and proceed to installing it.</p>
<p v-if="hosting == 'caddy'">
Caddy comes with free HTTPS via Let's Encrypt without you having to do a thing. To use you can skip ahead to step 3. But if you want to buy a certificate (e.g. an EV certificate) you certainly can use that instead.
</p>
<template v-else>
<!-- Using let's encrypt -->
<p v-if="control == 'max' && hosting != 'cloudflare'">
If you're looking to use Let's Encrypt's free certificates and you'll be installing the certificates over SSH then <a rel="noopener" target="_blank" href="https://certbot.eff.org/">Certbot</a> will walk you through this & setting up automatic renewals.
</p>
<template v-if="hosting == 'cpanel'">
<p>cPanel now offer a <a rel="noopener" target="_blank" href="https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/">plugin</a> that adds let's encrypt support.</p>
<blockquote>
SSH into the server as root, then just run this command:
<br>
<code>/scripts/install_lets_encrypt_autossl_provider</code>
<br><br>
Once installed, Let’s Encrypt will appear in WHM’s Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL) where you can enable the provider.
</blockquote>
</template>
<template v-if="hosting == 'plesk'">
<p>Plesk now offer a <a rel="noopener" target="_blank" href="https://www.plesk.com/blog/lets-encrypt-plesk/">plugin</a> that adds let's encrypt support.</p>
<blockquote>
Install the Let’s Encrypt extension via the Extension Catalog:
<br>
Next, click the installed extension, select a website, and install the certificate.
</blockquote>
<p>Once the plugin is installed, you should find
</template>
<p v-if="(hosting == 'cpanel' || hosting == 'plesk') && control == 'min'">
You may need to ask who runs your server to install the plugin if it's not already installed.
</p>
<!-- Using Cloudflare? -->
<p>
If you want to use Cloudflare's free certificates, all you need do is sign up with them and move your nameservers to them which their site will guide you through this process.
<br>Once signed up and your site is running through Cloudflare, you could opt to use the Pro plan which offers older browser support for SSL.
</p>
</template>
<template v-if="control != 'min' && hosting != 'cloudflare'">
<p>In order to purchase a certificate through any 3rd party you will need to generate a Private Key & a Certificate Signing Request (CSR) on your web server. They will only need the CSR but the private key is needed on your server.</p> <p>The site you're purchasing from should guide you through this, but just in case:</p>
<template v-if="hosting == 'cpanel'">
<p>Inside your cPanel account > Security > SSL/TLS Manager</p>
<p>First we need the Private key: Under "Private Keys (KEY)" click "Generate, view, upload, or delete your private keys" > Scroll down and under "Generate a New Key" select the domain & click Generate.
<br>This should now have generated the key, next we need the CSR.
<br>Click "Return to SSL Manager" to go back and this time under "Certificate Signing Requests (CSR)" click "Generate, view, or delete SSL certificate signing requests" > enter the details requested, Host being the domain you're generating this certificate for, Country being the 2 character code e.g. US for United States, then click Generate. This will then show you the CSR which you can copy and paste to the certificate authority you are buying the certificate from.
</p>
</template>
<template v-else-if="hosting == 'plesk'">
<p>Inside Plesk > Hosting Services > Domains > Find the domain you want to setup SSL for and click "Control Panel" > Websites & Domains > Secure Your Sites > Add SSL Certificate > Enter the details requested & click Request. The CSR should then be available in "SSL Certificates" which you can copy and paste to the certificate authority you are buying the certificate from.
</p>
</template>
<template v-else>
<p><a rel="noopener" target="_blank" href="https://www.digicert.com/csr-creation.htm">Digicert have a useful support page</a> listing multiple platforms & operating systems each linking off to how to generate your CSR.
<br>Also <a rel="noopener" target="_blank" href="https://uk.godaddy.com/help/ssl-certificates-1000006">GoDaddy have great documentation</a> on this as well.
<br>These also include generating the private key at the same time. E.g. Digicert offer a <a rel="noopener" target="_blank" href="https://www.digicert.com/easy-csr/openssl.htm">OpenSSL CSR Creation</a> which generates a command you can run via ssh which generates both the CSR and private key file.</p>
</template>
</template>
</li>
<li v-if="hosting != 'cloudflare'">
<h3>Install the certificate</h3>
<p v-if="hosting == 'caddy'">
If your installing a custom certificate to your Caddy server, all you need to do is reference the new certificate and private key file in your Caddyfile like so:
<br>
<code>tls ../cert.pem ../key.pem</code>
<br><a rel="noopener" target="_blank" href="https://caddyserver.com/docs/tls">More details here</a>.
</p>
<p v-else-if="hosting == 'cpanel'">
Inside your cPanel account > SSL/TLS Manager > "Generate, view, upload, or delete SSL certificates" > "Upload a New Certificate" > paste or upload the .crt file here & click Upload.
<br>Click Go Back > Return to SSL Manager > Setup a SSL certificate to work with your site > Select the domain & this should fetch the certificate & key for you, but if this option doesn't show or doesn't work you may need to contact your hosting provider / support. Under the certificate & key there should now be a 3rd box for Ca Bundle where you'll need to paste you bundle file. Click Install Certificate & your done.
<br>Now you just need to restart Apache for it to take effect.
</p>
<p v-else-if="hosting == 'plesk'">
Inside Plesk > Hosting Services > Domains > Find the domain you want to setup SSL for and click "Control Panel" > Websites & Domains > Secure Your Sites > Under "Certificate name" find the certificate you previously setup. Upload the Certificate / .crt file, and upload the CA certificate / bundle file, then click "Send File". Back to the Websites & Domains > Check that "Enable SSL support" is selected & then select your certificate from the menu, Click OK and you're done.
<br>Now you just need to restart Apache for it to take effect.
</p>
<p v-else-if="platform == 'rec'">
For REC, please <a rel="noopener" target="_blank" href="https://support.reallyeasycart.co.uk/support/tickets/new">contact support</a> for them to install the new certificate for you.
</p>
<template v-else>
<template v-if="control == 'max'">
<p>Using the <a rel="noopener" target="_blank" href="https://mozilla.github.io/server-side-tls/ssl-config-generator/?hsts=no">Mozilla SSL Configuration Generator</a> you can build the config needed to add to your server config files. e.g. if using Apache2 you'll need to either change your .htaccess or apache.conf file.</p>
<p>If you used <a rel="noopener" target="_blank" href="https://certbot.eff.org/">Certbot</a> or anothe ACME client and didn't chose automatic webserver configuration, change the paths in your webserver config to those printed by Certbot or your ACME client. Certbot usually stores certificates in <code>/etc/letsencrypt/live/</code>.</p>
<p>If you obtained your certificate in another way, upload it to your server. It's common to store certificates in <code>/etc/ssl/</code>. Make sure that your private key isn't accessible publicly and can't be read by other users. Then change the paths in your webserver config to point to it.</p>
<p>This tool can also add the HSTS (Strict-Transport-Security) header to the config, you could choose to add this now, but we'd advise holding onto that part for now and adding it in later which we will go over later in the guide.</p>
<p>If you use Load Balancers in front of your site's servers you will likely need to install the SSL certificate on the load balancer instead of each actual web server. </p>
</template>
<template v-else>
<p>Unless your platform allows you to install the certificate, you will need to contact them and ask to install the certificate for you onto the site's server.</p>
</template>
</template>
</li>
<li>
<h3>Check the certificate</h3>
<p>First check, before any others, load the site up in your browser (make sure to load the HTTPS version).</p>
<p v-if="hosting == 'cloudflare'">It may take a few minutes for Cloudflare to provision your certificate. You can check on this progress in the Crypto tab > SSL > under the drop down it will say "Active Certificate" once complete.</p>
<p>Any issues shown in your browser? no? brilliant!</p>
<p>However, if you do see an error message, the message may point you in the right direction, but <a rel="noopener" target="_blank" href="https://www.ssllabs.com/ssltest/">SSLLabs</a> can be used here to check and diagnose the issue.</p>
<p v-if="control == 'max'"><em>If needed, <a rel="noopener" target="_blank" href="https://maulwuff.de/research/ssl-debugging.html">this article</a> can be very useful in debugging typical SSL issues, though the post is fairly technical.</em></p>
<p>You hopefully won't see a full page error screen, though you may find you don't have a green lock / HTTPS indicator in the URL bar. Which brings us onto the next subject, fixing insecure / mixed content issues.</p>
<p if="platform == 'rec'">On REC if the site does not load over HTTPS at first, check Admin > Redirect Manager for any redirects that may have pointed away from HTTPS.</p>
</li>
<li>
<h3>Find mixed content</h3>
<p>Mixed content is when you have assets/resources on pages that try to load over HTTP instead of HTTPS. This affects images, scripts, css and more.</p>
<p>There are 2 types of mixed content, the first is active mixed content, things like javascript files that could change the content of the page if intercepted by a <a rel="noopener" target="_blank" href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">man-in-the-middle</a>. This is often blocked in browsers but can leave parts of your site broken because of this.
<br>The other type is passive mixed content, such as images, which are less dangerous, but still an issue and though not blocked in the browser, having these will replace your green HTTPS & lock symbol with a grey version indicating it's over HTTPS but has issues.</p>
<p>There are a few ways to find mixed content on your site, the simplest is to load up pages and use your browser's developer tools to see warnings. But doing this over an entire site would likely be either very slow or impossible.</p>
<p>Instead, the main ways sites are normally checked are through:</p>
<ol>
<li>
Using a tool to externally crawl over your site at once.
<br>
These crawling tools work with any site as they are run externally. Here are some examples:
<ul>
<li><a rel="noopener" target="_blank" href="https://httpschecker.net/guides/https-checker">HTTPS Checker</a> is a desktop app (available on Windows, Mac OS X & Ubuntu Linux) to crawl a site for mixed content and related issues.</li>
<li v-if="control != 'min'"><a rel="noopener" target="_blank" href="https://github.com/bramus/mixed-content-scan">Mixed Content Scan</a> by Bramus is a command line php script that will crawl a given site for mixed content issues.</li>
<li><a rel="noopener" target="_blank" href="https://www.jitbit.com/sslcheck/">SSL Check</a> by JitBit offers a quick online tool to find mixed content <em>- though is limited to 200 crawled URLs</em>.</li>
</ul>
</li>
<li v-if="hosting == 'cloudflare'">
Automatic replacing content live as it's sent from Cloudflare to users browsers with "Automatic HTTPS Rewrites" - This is an experimental new feature inside Cloudflare that replaces links to HTTP resources with HTTPS where possible, though you may still have content that loads over HTTP is a HTTPS version isn't available, but this can certainly ease the pain.
<ul>
<li><a rel="noopener" target="_blank" href="https://blog.cloudflare.com/fixing-the-mixed-content-problem-with-automatic-https-rewrites/">Read more here</a></li>
</ul>
</li>
<li v-if="platform == 'wordpress'">
There are some WordPress plugins dedicated to HTTPS migration help, these will also assist in the following steps so worth checking them out before continuing.
<br>
For WordPress sites, these are usually our recommended way to go, but could be combined with the tools above to be extra safe.
<ul>
<li><a rel="noopener" target="_blank" href="https://wordpress.org/plugins/really-simple-ssl/">Really Simple SSL</a></li>
<li><a rel="noopener" target="_blank" href="https://wordpress.org/plugins/ssl-insecure-content-fixer/">SSL Insecure Content Fixer</a></li>
</ul>
</li>
<li>
CSP (Content Security Policy) reporting, which is a way to tell browsers to send issue reports back to you as users navigate through your site.
<br>
<template v-if="control == 'min'">
Though setting this up usually requires access to the code or to install plugins to your platform so we'll skip this.
</template>
<template v-else>
It's usually a regarded as the more complete option as it catches any ajax issues that crawling may not find, though it requires you first have users visiting pages with mixed content on to report them. It also only works if you have access to modify the HTTP response headers of your site, plugins can often accomplish this though.
<br>
CSP violations can be sent back to a central server for you to monitor them and receive alerts, here's a few examples:
<ul>
<li>
<a rel="noopener" target="_blank" href="https://httpschecker.net/guides/https-reporter">HTTPS Reporter</a>
- Hosted CSP endpoints specifically for handling mixed content. They provide you with a prebuilt CSP header designed just to catch mixed content issues ready to set up on your site. Great graphs of reports over time & more.
</li>
<li>
<a rel="noopener" target="_blank" href="https://report-uri.io/">Report URI</a>
- Also offers hosted CSP collection + a good selection of tools to build more complex CSP headers.
</li>
<li>
<a rel="noopener" target="_blank" href="https://github.com/c0nrad/caspr">Caspr the friendly CSP Report Aggregator</a> - <em>Though no longer under active development</em>, this is an open source CSP service you can run on Heroku.
</li>
<li v-if="control == 'max'">
Or you could <a rel="noopener" target="_blank" href="https://mathiasbynens.be/notes/csp-reports">build a script yourself</a> to collect your CSP reports.
</li>
</ul>
</template>
</li>
</ol>
<p>Once you've got a good way to identify any mixed content issues on your site you can start fixing any found.</p>
</li>
<li>
<h3>Fix mixed content</h3>
<p v-if="platform == 'wordpress'">
The above WordPress plugins can help fix issues, the following will help with areas you need to manually change though.
</p>
<p v-if="platform == 'rec'">
To fix any issues found in Blog post older reference blocks run: Admin > Blog Settings > "Fix Mixed Content Reference Blocks".
</p>
<p>The essence of fixing mixed content issues is to replace links to HTTP resources with HTTPS.</p>
<p>E.g. <code><img src="http://site.com/image.png"></code>
<br>Would need replacing with <code><img src="https://site.com/image.png"></code> to load over HTTPS instead.
</p>
<p>Sometimes a HTTPS version of something may not yet be available, in this case you could download the resource and host it yourself on your newly HTTPS site.</p>
<p v-if="control == 'max'">
Another option to help the migration process is to use the CSP header of "upgrade-insecure-requests" <a rel="noopener" target="_blank" href="https://caniuse.com/#feat=upgradeinsecurerequests">(Browser support is fairly good and improving)</a>. You can <a rel="noopener" target="_blank" href="https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content#upgrading_insecure_requests">read more about this here</a>.
This is probably the nicest way to do it, but requires the resource actually have a HTTPS version available, so worth checking or reporting these issues too.
</p>
<p v-if="control == 'max'">
You could also use CSP set to block all non HTTPS requests, though this will result in broken images, style & scripts that, so using this with the reporting services above would be wanted.
</p>
<p>To test, recheck your site with the tools used in the previous step.</p>
</li>
<li>
<h3>Check all forms & redirects are over HTTPS</h3>
<p>Usually grouped in with mixed content, forms that have insecure / HTTP actions set. This is because even if you redirect your whole site, the form data would still first be sent over HTTP to hit the redirect and then go over HTTPS, exposing the data in that in-between HTTP step.</p>
<p>The same is true for redirects such as redirects to URLs logged in areas of a site.</p>
<p>The above mixed content checking tools can help you track these down too.</p>
</li>
<li v-if="platform != 'rec'">
<h3>Setup HTTP to HTTPS redirect</h3>
<p>In order to make sure users reach the HTTPS version of your site you can use a 301 redirect and send all requests to the HTTPS version.</p>
<p v-if="hosting == 'caddy'">Luckily Caddy takes care of this for you, just test it works and move along.</p>
<template v-else>
<p v-if="platform == 'wordpress'">The Really Simple SSL WordPress plugin mentioned above handles this redirect for you.</p>
<p v-if="hosting == 'cloudflare'">For Cloudflare you can setup a page rule to redirect all traffic to HTTPS: Page Rules > Create Page Rule > Enter your site like so: http://*movingtohttps.com/* then "+ Add a Setting" and select "Always Use HTTPS".</p>
<p v-else-if="hosting == 'nginx'">
Setup your nginx conf file with the following redirect to HTTPS:
<code>
server {
listen 80;
server_name site.com www.site.com;
return 301 https://site.com$request_uri;
}</code>
</p>
<p v-else>
Setup your .htaccess file with the following redirect to HTTPS:
<code>
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://site.com/$1 [R=301,L]</code>
</p>
<p>After setting this redirect up it's important to test it doesn't just send users to the homepage, but rather it redirect any request path to the same path but over HTTPS. E.g. http://site.com/info/contact.html redirects to https://site.com/info/contact.html.</p>
<p>If you're site redirects non-www traffic to the www version, or vise versa, make sure to update these redirects too so you don't end up with double or more redirect steps.</p>
</template>
<p v-if="platform == 'php'">In PHP you could do this like so:
<code>
if ($_SERVER['HTTPS'] != 'on') {
header('Location:' . 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
exit;
}
</code>
</p>
<p v-if="platform == '.net'">In ASP.NET you could do this in your web.config file like so:
<code>
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
</code>
<em>Ref: https://www.hanselman.com/blog/HowToEnableHTTPStrictTransportSecurityHSTSInIIS7.aspx</em>
</p>
<p v-if="platform == 'node-express'">In Node.js using express.js you could setup middleware to detect if the request is secure and if not then redirect to the HTTPS version. Or you could use pre-built package such as `express-http-to-https` like so:
<code>
npm install --save express-http-to-https
</code>
and then to use it like so:
<code>
app.use(redirectToHTTPS());
</code>
</p>
<p v-if="platform == 'python-flask'">In Python Flask you could do this like so:
<code>
@app.before_request
def before_request():
if request.url.startswith('http://'):
url = request.url.replace('http://', 'https://', 1)
code = 301
return redirect(url, code=code)
</code>
<em>Ref: https://stackoverflow.com/questions/32237379/python-flask-redirect-to-https-from-http#answer-32238093</em>
</p>
<p v-if="platform == 'ruby-on-rails'">In Ruby on Rails you could do this like so:
<code>
# config/environments/production.rb
Rails.application.configure do
# [..]
# Force all access to the app over SSL, use Strict-Transport-Security,
# and use secure cookies.
config.force_ssl = true
end
</code>
<em>Ref: https://stackoverflow.com/questions/1662262/rails-redirect-with-https#answer-26382183</em>
</p>
</li>
<li>
<h3>Change platform settings</h3>
<p v-if="platform == 'wordpress'">In WordPress > Settings > General > Update the "WordPress Address (URL)" and "Site Address (URL)" to be https:// instead of http://</p>
<p v-if="platform == 'joomla'">In Joomla > System > Global Configuration > Server > Force SSL > Select Entire Site</p>
<p v-if="platform == 'wix'">In Wix > Manage Site > Click Manage next to SSL Certificate > Turn on SSL</p>
<p v-if="platform == 'weebly'">In your Weebly settings there should be an SSL option which you can switch to "Entire Site".</p>
<p v-if="platform == 'drupal'">To set an entire Drupal site to HTTPS no config changes are needed, but to support partial site HTTPS Drupal may require a config change or installation of the <a rel="noopener" target="_blank" href="https://www.drupal.org/project/securelogin">Secure Login</a> module. There's more details on this <a rel="noopener" target="_blank" href="https://www.drupal.org/https-information">here</a>.</p>
<p v-if="platform == 'magento'">In Magento > Admin > System > Configuration > General > Web > Secure > Select Yes for "Use Secure URLs in Frontend" & "Use Secure URLs in Admin"</p>
<p v-if="platform == 'shopify'">In Shopfiy > Admin > Online Store > Domains > SSL certificates > click "Activate SSL certificates"</p>
<p v-if="platform == 'rec'">In REC > Admin > Site Settings > Security > click to "Use SSL" and for entire site HTTPS also tick "Use SSL Everywhere", we'll come back to the 3rd setting later on.</p>
<p v-if="platform == 'github'">In Github > Find your repository page > Settings > Find the "GitHub Pages" section & select "Enforce HTTPS".</p>
<p v-if="platform == '' || platform == 'php' || platform == '.net' || platform == 'node-express' || platform == 'python-flask' || platform == 'ruby-on-rails'">Check if your platform/site has a settings area for the default URL or a switch for using SSL.</p>
</li>
<li>
<h3>Check common files use HTTPS</h3>
<p>Most sites have a couple common files such as robots.txt & sitemap.xml.</p>
<p>Check to make sure these redirect to HTTPS versions and references to URLs inside the files all also use HTTPS.</p>
</li>
<li>
<h3>Update any canonical & og:url references</h3>
<p>Often sites use canonical links in the <code><head></code> of pages to point to the correct URL for a page, e.g. if multiple URL's reach the same page in your site these are important. It's worth checking if your site uses these that it points to the HTTPS version.</p>
<p>At the same time you should check the <code><meta></code> of your site.</p>
<p>Most times site that use these are using a platform that auto generates them, so if you check just a couple pages you should be safe that this will be ok on all pages.</p>
</li>
<li>
<h3>Update 3rd party scripts, analytics & other links</h3>
<p>Some 3rd party tracking sites require you either update the tracked origin URL or set up a new account for monitoring.</p>
<p>Here's a few examples, but worth doing a quick audit of any 3rd party tools you use:</p>
<ul>
<li>Google Search Console (Webmaster Tools) - Requires you setup a new account, this allows you to monitor traffic still in Google's index hitting the HTTP version first vs the HTTPS version of your site. This means any settings including Sitemaps & Disavow files will need to be uploaded to the new account. While in here, it's worth running the Crawl > Fetch as Google command in here to test Google can reach the site without any issues.</li>
<li>Google Analytics - Requires a URL change in a couple areas:
<ul>
<li>Admin > View Settings > Website's URL</li>
<li>Admin > Property Settings > Default URL</li>
<li>Admin > Property Settings > Search Console > Adjust Search Console > Link to the new Search Console account</li>
</ul>
</li>
<li>Google Merchant Center (Shopping) - Requires claiming the new URL in Business information > Website > Claim your website. You may also want to update your feed URL if you use this method to regularly import your products. This is done in Products > Feeds > Select feed > Schedule > Edit Schedule > Update the File URL</li>
<li>Google Adwords - Update any Ad URLs to use HTTPS</li>
<li>Bing Webmaster Tools - Like with Google, you'll need to create a new account for the HTTPs version of your site</li>
</ul>
<p>It's worth reviewing your site for more of these as some you might not expect need updating such as: <a rel="noopener" target="_blank" href="https://woorkup.com/migrate-disqus-comments-https/">Disqus comments</a> which uses the current url as the page the comments are tied to. As well as 3rd party Ads on sites like Twitter & Facebook.</p>
</li>
<li>
<h3>Last step, purge caches</h3>
<p>Purge any caches, you may have had to do this earlier on to test content, but it's worth emptying / purging any internal to the platform caches and any CDN cache etc. to make sure all content is up to date with your changes.</p>
</li>
</ol>
<!-- Post Move -->
<a class="toggle-section print-hidden" @click="showArea.postMove = !showArea.postMove">[Toggle]</a>
<h2 id="post-move" v-bind:class="showArea.postMove ? '' : 'toggle-hidden-section print-hidden'">Post move</h2>
<ol v-show="showArea.postMove">
<li>
<h3>Wait a day or maybe a week...</h3>
<p v-if="control == 'max'">If you're using CSP this is a great point to check reports and fix any issues, this can be an ongoing process.</p>
<p>Fix the issues found, such as any SSL issues reported, redirect issues or mixed content warnings and then proceed to following steps. </p>
<p>Check your monitoring in Analytics, Webmaster tools etc. Here you may notice things like people still hitting the old HTTP pages if your redirect isn't setup correctly. </p>
</li>
<li>
<h3>Implement HSTS (HTTP Strict-Transport-Security)</h3>
<p>One of the main reasons to wait a day or so is to make sure you don't need to back out of this.
<br>With HSTS you can tell browsers when users visit your site to only request from the HTTPS version of the site, no interactions over HTTP.</p>
<p>All that's needed for this is to add the "Strict-Transport-Security" to your site with a max age set to 6 months in seconds (15768000)</p>
<p v-if="platform == 'wordpress'">The Really Simple SSL WordPress plugin mentioned above handles setting this up for you.</p>
<p v-if="platform == 'drupal'">Drupal can offer this via the <aa rel="noopener" target="_blank" href="https://www.drupal.org/project/seckit">Security Kit</a> module.</p>
<p v-if="platform == 'rec'">You can enable this in REC by ticking the "Use Strict Security" in Site Settings.</p>
<p v-else-if="hosting == 'nginx'">
Inside your nginx conf file, add the following inside the server block:<code>
add_header Strict-Transport-Security "max-age=15768000;";</code>
</p>
<p v-else>
Inside your .htaccess file, add:<code>
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=15768000;"
</IfModule></code>
</p>
</li>
<li>
<h3>Plan for when the certificate expires</h3>
<p>You should make a note of when your certificate expires on a calendar to be safe. </p>
<p>Even if you've setup automatic renewal of the certificate, you still need to be sure that it works. Better to test yourself than have a customer call up and point it out to you.</p>
<p>With other SSL providers, they normally email you before renewal but it's still best to be safe and keep track of this date yourself.</p>
<p>Consider also making notes on how you installed the certificate previously for your future self to reference.</p>
</li>
</ol>
<!-- Above and beyond -->
<a class="toggle-section print-hidden" @click="showArea.aboveAndBeyond = !showArea.aboveAndBeyond">[Toggle]</a>
<h2 id="above-and-beyond" v-bind:class="showArea.aboveAndBeyond ? '' : 'toggle-hidden-section print-hidden'">Going above and beyond</h2>
<ol v-show="showArea.aboveAndBeyond">
<li>
<h3>Update internal links in pages, emails etc.</h3>
<p>Even with a redirect from HTTP to HTTPS setup, it's best to minimize temp HTTP redirects as these can still lead to exposing what the user was doing.</p>
<p v-if="control == 'max'">To ease the pain of this, if you have access to the code and/or the database you could run a find and replace over all content for <code>href="http://yoursite.com</code> with <code>href="https://yoursite.com</code></p>
</li>
<li>
<h3>Update links on social media etc.</h3>
<p>Though you've set up all your redirects, it's still best to try to send users direct to the HTTPS version without need to go through these redirects.</p>
</li>
<li>
<h3>Aim for A+ on SSLLabs</h3>
<p><a rel="noopener" target="_blank" href="https://www.ssllabs.com/ssltest/">SSLLabs</a> will give you useful information on your SSL/TLS implementation and any issues found. It'll also give you recommendations to improve it if any are noticed.</p>
<p>This is within reach especially if you've setup your HSTS header in the post-move stage.</p>
</li>
<li>
<h3>Consider preloading your HSTS</h3>
<p>If you've previously set up your HSTS header, you could now opt to preload this into browsers before users even get to your site.</p>
<p>To do this, visit the <a rel="noopener" target="_blank" href="https://hstspreload.org/">HSTS preload list</a> site to submit your site.</p>
</li>
<li>
<h3>Iron out other similar security actions</h3>
<p>Similar to SSL test earlier, this report will show some other recommendations such as use of secure cookies: <a rel="noopener" target="_blank" href="https://httpsecurityreport.com/">Security Report.</a></p>
</li>
<li>
<h3>Enable HTTP/2 support</h3>
<p>Now that you're on HTTPS, you can benefit from the speed improvements that come from HTTP/2 on your server and/or CDN. </p>
</li>
<li v-if="control == 'max'">
<h3>Consider Brotli compression</h3>
<p>Now you're on HTTPS you could consider Google's new Brotli compession. They have seen <a href="https://students.googleblog.com/2017/02/intern-impact-brotli-compression-for.html?m=1">considerable savings on the play store</a> from implementing it.</p>
<p v-if="hosting == 'nginx'">There's an <a rel="noopener" target="_blank" href="https://github.com/google/ngx_brotli">nginx module</a> that you can compile to add brotli support.</p>
<p v-else>To install on Apache2, you can <a rel="noopener" target="_blank" href="https://ayesh.me/apache-brotli">follow this guide</a>.</p>
</li>
</ol>
<p><small>Disclaimer: This site is provided under the <a rel="noopener" target="_blank" href="https://mit-license.org/">MIT licence</a> and available on <a rel="noopener" target="_blank" href="https://github.com/MovingtoHTTPS">GitHub</a>. All content is provided as a resource to aid migration only. Following it in no way leaves the project or it's authors liable.</small></p>
<p><small>Found an issue or want to contribute changes? <a rel="noopener" target="_blank" href="https://github.com/MovingToHTTPS/movingtohttps.com">Fork us on GitHub</a> or <a rel="noopener" target="_blank" href="https://github.com/MovingToHTTPS/movingtohttps.com/issues">open an issue</a>.</small></p>
</main>
</div>
</div>
<footer class="footer">
<p>
<i class="fa fa-print"></i>
<small>Looking for a printed or PDF version of this page? This page is print friendly and you can normally print to PDF :)</small>
<i class="fa fa-file-pdf-o"></i>
</p>
</footer>
</div>
<!-- js imports -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.4.2/vue.min.js"></script>
<script src="/js/app.js?v=2"></script>
<script>
if ('serviceWorker' in navigator) {
window.addEventListener('load', function() {
navigator.serviceWorker.register('/sw.js').then(function(registration) {
console.log('ServiceWorker registration successful with scope: ', registration.scope);
}).catch(function(err) {
console.log('ServiceWorker registration failed: ', err);
});
});
}
</script>
<!-- Google Translate -->
<script>
function googleTranslateElementInit() {
new google.translate.TranslateElement({
pageLanguage: 'en'
}, 'google_translate_element');
}
</script>
<script src="https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
</body>
</html>