Just wanted to leave a review of the sitewide SSL process. We had NitroSell activate it on Racks For Cars a few months ago and we are very happy with the implementation!
After giving the NitroSell team the green light, we were up and running with SSL across our site within one business day. There was nothing to do on our end initially, but a few minor things cropped up afterwards that we hadn’t taken into account beforehand.
User experience and SEO benefits
In the past, we would very occasionally get questions from users about why our checkout page was hosted on a NitroSell domain rather than our own. After the SSL switchover took effect, all of our pages appear in the browser address bar as coming from our own domain. Awesome!
For those who might not follow Google that closely, they began using SSL as a ranking signal in 2014-15, and have recently changed the Chrome browser’s address bar to explicitly state whether they consider a site “secure” or “not secure”. The message from them is clear: move to HTTPS as soon as possible.
It is not possible to remove the effects of the SSL certification from our other SEO efforts to view them alone. However, we have noticed important landing pages ranking generally higher after the implementation. Certainly there has been no ill effect.
In Google search engine result pages, our URLs now appear with https in front of them:
On our pages, users of Firefox, Safari, Edge, and Opera browsers will see the lock icon in the address bar on every page of our site. Users of the latest versions of Google Chrome (our biggest user base) see the word “Secure” next to the green lock icon, which can be clicked for expanded results:
Errors we encountered and how to fix them
When using HTTPS, you must load all resources on a page over HTTPS if you want your page to remain “secure”. Things like images or scripts you might be hotlinking to rather than hosting yourself need to be loaded from an HTTPS site. If a page is loading resources from an address that starts with http://, it will cause the entire page to not be “secure”. In Chrome, this resulted in the standard “circled i” icon appearing instead of the green lock, with expanded results explaining that the page was not secure.
Since almost every resource we load on our site was hosted by us, most pages were fine as long as the resources we had linked to were using a relative address. Resources that we were hosting and linking to that were using the legacy URL format starting with http:// instead of https:// would still load, but would cause the page to not be secure.
If you load an image but you do so using a legacy http:// absolute URL, your page will be not secure.
<img src="http://www.example.com/images/logo.jpg" />
You can fix this by either using a relative URL that starts with a slash rather than the site protocol and domain, or by using an absolute URL that starts with https to make a page secure.
<img src="/images/logo.jpg" />
<img src="https://www.example.com/images/logo.jpg" />
There is no need to comb through your entire site to find all the places you might be doing this before implementing SSL, as NitroSell automatically forwards requests from legacy http:// URLs to new https:// URLs. You can do the work afterwards and use the green lock icon as the indication that your entire page is fine as you check everything over.
There were a couple of resources being loaded by our NitroSell templates that we needed to manually change. These were all in our blog section and related to Gravatar. Simply changing any Gravatar URL we found from http to https worked to solve the problem and load the resources securely.
Great job NitroSell!
Thanks very much to @donogh and @jbw for their help implementing SSL for us. Everything went super smoothly and we feel it was money well spent. Very recommended for anyone using their NitroSell site to sell to the public.