HTTPS adalah ranking factor Google dan essential untuk keamanan website. Semua website harus menggunakan HTTPS untuk melindungi data pengguna dan meningkatkan trust.

Kenapa HTTPS Penting?

Benefits:
✓ Google ranking factor
✓ User trust (padlock icon)
✓ Data encryption
✓ Required for some features
✓ Browser warnings without it
✓ E-commerce requirement

Jenis SSL Certificate

Domain Validated (DV)

Level: Basic
Validates: Domain ownership only
Best for: Blogs, personal sites
Cost: Free - $100/year
Issuance: Minutes

Organization Validated (OV)

Level: Medium
Validates: Organization + domain
Best for: Business websites
Cost: $50-200/year
Issuance: 1-3 days

Extended Validation (EV)

Level: High
Validates: Full organization verification
Best for: E-commerce, banks
Cost: $100-500/year
Issuance: 1-2 weeks

SSL Certificate Gratis

Let’s Encrypt

Most popular free option:
- Free forever
- Auto-renewal
- Widely supported
- DV certificates
Supported by:

Most hosting providers
Cloudflare
cPanel
Plesk

Cloudflare Free SSL

Benefits:
- Free SSL included
- No installation needed
- CDN included
- Easy setup

Setup HTTPS Step-by-Step

Option 1: cPanel (Shared Hosting)

1. Login to cPanel
2. Find "SSL/TLS" or "Let's Encrypt"
3. Click "Generate Certificate"
4. Select domain
5. Install certificate
6. Enable force HTTPS

Option 2: Cloudflare

1. Sign up at Cloudflare
2. Add your website
3. Change nameservers
4. Enable "Always Use HTTPS"
5. Set SSL mode to "Full (strict)"

Option 3: Manual (VPS)

# Ubuntu/Debian with Certbot
sudo apt update
sudo apt install certbot
sudo apt install python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com
For Apache
sudo apt install python3-certbot-apache
sudo certbot --apache -d yourdomain.com
Auto-renewal test
sudo certbot renew --dry-run

Option 4: WordPress Plugin

Plugins:
- Really Simple SSL (easiest)
- WP Force SSL
- SSL Insecure Content Fixer
Process:

Install SSL certificate first
Install plugin
Activate and configure
Test site

Redirect HTTP ke HTTPS

.htaccess (Apache)

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

nginx

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$server_name$request_uri;
}

WordPress wp-config.php

define('FORCE_SSL_ADMIN', true);
// If behind reverse proxy
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';

Post-Migration Checklist

After enabling HTTPS:
☐ Update site URL in CMS settings
☐ Update internal links (or use relative)
☐ Fix mixed content warnings
☐ Update canonical tags
☐ Update XML sitemap
☐ Update robots.txt
☐ Update CDN settings
☐ Update Google Search Console
☐ Update Google Analytics
☐ Update third-party integrations

Mixed Content Issues

What is Mixed Content?

Definition:
HTTPS page loading HTTP resources
Types:

Mixed active (scripts, stylesheets)
Mixed passive (images, video)

Browser behavior:

May block resources
Security warning
Broken functionality

Finding Mixed Content

Methods:
1. Browser DevTools Console
2. WhyNoPadlock.com
3. SSL Check tools
4. Manual code review
Common culprits:

Hardcoded HTTP URLs
External scripts
Images from HTTP sources
Embedded content

Fixing Mixed Content

Solutions:
1. Update to HTTPS URLs
2. Use protocol-relative URLs (//example.com)
3. Use relative URLs (/path/to/file)
4. Fix in database (WordPress)
WordPress database fix:
Search: 
http://yourdomain.com
Replace: 
https://yourdomain.com

SSL Testing Tools

Test your SSL:
1. SSL Labs (ssllabs.com/ssltest)
   - Comprehensive test
   - Grade A-F rating
   - Security recommendations

Why No Padlock

Find mixed content
Quick check




Browser DevTools

Console for errors
Security tab

Common Errors

Certificate Errors

ERR_CERT_DATE_INVALID
→ Certificate expired, renew it
ERR_CERT_AUTHORITY_INVALID
→ Not trusted CA, use proper certificate
ERR_CERT_COMMON_NAME_INVALID
→ Domain mismatch, get correct certificate

Redirect Errors

Too many redirects:
→ Check for redirect loops
→ Verify server config
→ Check CMS settings
Mixed redirect types:
→ Use 301 only
→ Consistent www/non-www

SSL Checklist

Before migration:
☐ Backup website
☐ Obtain SSL certificate
☐ Test in staging if possible
During migration:
☐ Install certificate
☐ Configure redirects
☐ Test site functionality
☐ Check for mixed content
After migration:
☐ Update all settings
☐ Submit to GSC
☐ Monitor for issues
☐ Test SSL grade

Kesimpulan

HTTPS bukan optional lagi – ini adalah requirement untuk SEO dan user trust. Dengan Let’s Encrypt dan Cloudflare, setup SSL sekarang gratis dan mudah. Pastikan semua website Anda menggunakan HTTPS.