Lewati ke konten
Kembali ke Blog
Security SEO

Cara Setup HTTPS untuk Website: Panduan SSL Certificate

Hendra Wijaya
· · 4 menit baca

HTTPS adalah ranking factor Google dan essential untuk keamanan website. Semua website harus menggunakan HTTPS untuk melindungi data pengguna dan meningkatkan trust.

Kenapa HTTPS Penting?

Benefits:
✓ Google ranking factor
✓ User trust (padlock icon)
✓ Data encryption
✓ Required for some features
✓ Browser warnings without it
✓ E-commerce requirement

Jenis SSL Certificate

Domain Validated (DV)

Level: Basic
Validates: Domain ownership only
Best for: Blogs, personal sites
Cost: Free - $100/year
Issuance: Minutes

Organization Validated (OV)

Level: Medium
Validates: Organization + domain
Best for: Business websites
Cost: $50-200/year
Issuance: 1-3 days

Extended Validation (EV)

Level: High
Validates: Full organization verification
Best for: E-commerce, banks
Cost: $100-500/year
Issuance: 1-2 weeks

SSL Certificate Gratis

Let’s Encrypt

Most popular free option:
- Free forever
- Auto-renewal
- Widely supported
- DV certificates

Supported by:
- Most hosting providers
- Cloudflare
- cPanel
- Plesk

Cloudflare Free SSL

Benefits:
- Free SSL included
- No installation needed
- CDN included
- Easy setup

Setup HTTPS Step-by-Step

Option 1: cPanel (Shared Hosting)

1. Login to cPanel
2. Find "SSL/TLS" or "Let's Encrypt"
3. Click "Generate Certificate"
4. Select domain
5. Install certificate
6. Enable force HTTPS

Option 2: Cloudflare

1. Sign up at Cloudflare
2. Add your website
3. Change nameservers
4. Enable "Always Use HTTPS"
5. Set SSL mode to "Full (strict)"

Option 3: Manual (VPS)

# Ubuntu/Debian with Certbot
sudo apt update
sudo apt install certbot

# For Nginx
sudo apt install python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com

# For Apache
sudo apt install python3-certbot-apache
sudo certbot --apache -d yourdomain.com

# Auto-renewal test
sudo certbot renew --dry-run

Option 4: WordPress Plugin

Plugins:
- Really Simple SSL (easiest)
- WP Force SSL
- SSL Insecure Content Fixer

Process:
1. Install SSL certificate first
2. Install plugin
3. Activate and configure
4. Test site

Redirect HTTP ke HTTPS

.htaccess (Apache)

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

nginx

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$server_name$request_uri;
}

WordPress wp-config.php

define('FORCE_SSL_ADMIN', true);

// If behind reverse proxy
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
    $_SERVER['HTTPS']='on';

Post-Migration Checklist

After enabling HTTPS:
☐ Update site URL in CMS settings
☐ Update internal links (or use relative)
☐ Fix mixed content warnings
☐ Update canonical tags
☐ Update XML sitemap
☐ Update robots.txt
☐ Update CDN settings
☐ Update Google Search Console
☐ Update Google Analytics
☐ Update third-party integrations

Mixed Content Issues

What is Mixed Content?

Definition:
HTTPS page loading HTTP resources

Types:
- Mixed active (scripts, stylesheets)
- Mixed passive (images, video)

Browser behavior:
- May block resources
- Security warning
- Broken functionality

Finding Mixed Content

Methods:
1. Browser DevTools Console
2. WhyNoPadlock.com
3. SSL Check tools
4. Manual code review

Common culprits:
- Hardcoded HTTP URLs
- External scripts
- Images from HTTP sources
- Embedded content

Fixing Mixed Content

Solutions:
1. Update to HTTPS URLs
2. Use protocol-relative URLs (//example.com)
3. Use relative URLs (/path/to/file)
4. Fix in database (WordPress)

WordPress database fix:
Search: http://yourdomain.com
Replace: https://yourdomain.com

SSL Testing Tools

Test your SSL:
1. SSL Labs (ssllabs.com/ssltest)
   - Comprehensive test
   - Grade A-F rating
   - Security recommendations

2. Why No Padlock
   - Find mixed content
   - Quick check

3. Browser DevTools
   - Console for errors
   - Security tab

Common Errors

Certificate Errors

ERR_CERT_DATE_INVALID
→ Certificate expired, renew it

ERR_CERT_AUTHORITY_INVALID
→ Not trusted CA, use proper certificate

ERR_CERT_COMMON_NAME_INVALID
→ Domain mismatch, get correct certificate

Redirect Errors

Too many redirects:
→ Check for redirect loops
→ Verify server config
→ Check CMS settings

Mixed redirect types:
→ Use 301 only
→ Consistent www/non-www

SSL Checklist

Before migration:
☐ Backup website
☐ Obtain SSL certificate
☐ Test in staging if possible

During migration:
☐ Install certificate
☐ Configure redirects
☐ Test site functionality
☐ Check for mixed content

After migration:
☐ Update all settings
☐ Submit to GSC
☐ Monitor for issues
☐ Test SSL grade

Kesimpulan

HTTPS bukan optional lagi – ini adalah requirement untuk SEO dan user trust. Dengan Let’s Encrypt dan Cloudflare, setup SSL sekarang gratis dan mudah. Pastikan semua website Anda menggunakan HTTPS.

Ditulis oleh

Hendra Wijaya
Artikel Sebelumnya Cara Setup Hreflang untuk Website Multilingual Artikel Selanjutnya Cara Setup Hugo Static Site Generator

Artikel Terkait

Site Migration SEO 2026: Panduan Lengkap

Februari 5, 2026

Technical SEO Checklist: Panduan Lengkap Optimasi Teknis

Februari 5, 2026

Apa Itu Page Authority? Cara Meningkatkan PA untuk SEO

Februari 4, 2026

Tinggalkan Komentar

Email tidak akan ditampilkan.