Quick tip: Run your website on HTTPS only

Now that search engines, like Google, penalise websites for not having a SSL or TLS certificate, how can I setup my Umbraco website to run on HTTPS?

uSkinned Member

Great question and, you're correct to point out that search engines are now penalising websites that do not have a secure badge (SSL or TLS certificate) in place. Having a SSL or TLS certificate in place is now a must if you would like to be listed in search results.

They are available to purchase from most hosting providers but there is now even a free service from Let's Encrypt that is backed up by some impressive organisations, such as Mozilla, Chrome, GitHub, and even Umbraco. You can find out more about Let's Encrypt on their website: https://letsencrypt.org/.

Let's get started

Once you have added your SSL or TLS certificate you will need to ensure that all traffic redirects from HTTP to HTTPS. To accomplish this, you will need to add a rewrite rule to your live environment's web.config file. The location of the file will be in the <system.webServer><rewrite><rules> section.

Now you should add add the following rule:

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />

You will also need to add the unique IP address assigned to your SSL or TLS certificate to your conditions group since your website will also be accessible via this IP address:

<add input="{HTTP_HOST}" pattern="YOUR IP ADDRESS" />

Your website will now be served via https://mywebsite.com instead of http://mywebsite.com.

comments powered by Disqus

Get started today

Join thousands of agencies, freelancers, enterprises & start ups worldwide who use uSkinned Site Builder for Umbraco to deliver results.

NEW Site Builder!

We have launched a brand new, game-changing product for Umbraco CMS.