-
Changing a Xara website to secure SSL (https)
I've seen a few threads asking about SSL certificates and sitemaps etc. so I thought I would compile an explanation of the best way to go through the process. Note: this advice relates to cpanel/Linux hosting which is by far the most popular hosting type available. Detail for other hosting types such as windows is not covered here.
First off, I am not recommending an SSL certificate is necessary for every site, but as the process is often free, you may wish to consider it for the re-assurance of your site visitors, particularly if you have a contact form or anywhere else a visitor can enter data. Google is very pro SSL, see the following article for more details about that;
https://searchengineland.com/effecti...-secure-291623
1. Getting an SSL certificate
So first off, you'll need an SSL certificate. Luckily, many good hosting companies are now offering free LetsEncrypt SSL certificates. If you have hosting with cpanel access, you may find a LetsEncrypt SSL certificate option under Security section, some hosts even automatically create one for you when you setup your domain with them. If your host does not offer this, consider moving! else you may be able to purchase one but don't pay more than $10 for what you should get for free.
Once you have your SSL installed, you should be able to access your site using https://www.yoursite.com - great but there is a bit more to do yet.
2. Update the sitemap
Luckily, Xara does not hard-code your website address in the HTML code it generates, so there is no need to republish your site for that purpose, but in the publish settings, it does have a field where you can enter the address of your website so that it can generate a sitemap file for you. So you will want to put the secure address in this field e.g. (https://www.yoursite.com) so that it can generate the sitemap with the https. The default sitemap file is sitemap.xml, you can check in a browser that this has been updated e.g. https://www.yoursite.com/sitemap.xml
So that should now get search engines to start to index the https version of your site, but it may take months for this to stop having traffic come to your http site address and other incoming links are unlikely to automatically update themselves to the https address.
3. Redirect non-SSL traffic
So we now need to get anyone still visiting the http site to be automatically be redirected to the https address.
If you are lucky, there may be an option in cpanel or your hosting account to have it automatically redirect your site to the https version, but for most of us, we need to add a bit of code to a special system file. Because this is a system file, you need to be careful with this as it could (temporarily) stop your whole site working if not done carefully. Seek help from someone confident in such matters if necessary.
The file is named .htaccess and may already exist in your system. If so, back it up before you start.
We need to add a few lines near the top of this file. If there is already a line stating
then don't duplicate that line, just add the other 2 lines immediately after it
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Check the site straight away to make sure it works properly. If there are any problems, restore the .htaccess file backup or delete it if you created it.
4. Other considerations
* If you use log analysis software in cpanel such as Awstats, the traffic will start to appear in the SSL version of the site stats instead of the normal version.
* If you link to any content that is on non-ssl sites, you will get a browser warning. This could just be including a single image from a non-SSL site. Of course, by default any images in Xara will be just in a subfolder so they will be fine, but if you have done any custom code that references external scripts or images, they could be a problem.
* Another thing you might want to consider while redirecting the non-SSL to SSL is to also force a www. in the url aswell. Because, by default most hosting allows https://www.yoursite.com or just https://yoursite.com, you might want to be consistent and remove the 'duplication' by also enforcing the www.
This may be able to be done via cpanel, but the usual method for this is to add a few more lines to the .htaccess file after the code we added above, again backup first!
Code:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-
Re: Changing a Xara website to secure SSL (https)
Thanks for this important info. As this question arises frequently, I'm going to stick this thread.
-
Re: Changing a Xara website to secure SSL (https)
Thanks a lot for this Sculptex :)
-
Re: Changing a Xara website to secure SSL (https)
Thanks Sculptex for you advise.
I recently Purchased a SSL certificate and my web host company edited my .htaccess file for me, the code they have used looks different to what you have shown. Would you know what the difference is please?
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
-
Re: Changing a Xara website to secure SSL (https)
I am no expert on regex, but theres many different ways of achieving the same thing.
So !=on is equivalent to off
I am pretty sure the extra (.*)$ means apply to any filename but by omitting it I guess that is the default behaviour anyway.
-
Re: Changing a Xara website to secure SSL (https)
Quote:
Originally Posted by
sculptex
I am no expert on regex, but theres many different ways of achieving the same thing.
So !=on is equivalent to off
I am pretty sure the extra (.*)$ means apply to any filename but by omitting it I guess that is the default behaviour anyway.
Thanks, I haven’t got a clue but just thought it looked odd that one said “on” and the other “off”.
-
Re: Changing a Xara website to secure SSL (https)
Thanks for this!
Successfully migrated to https.
Great that WD automatically update the robot.txt and sitemap.xml.
Don't forget to add them and the new https adress to google as new property's, with and without the WWW prefix.
Thanks again, love this software, even designed all business cards, gift certificate and office docs with it.
-
Re: Changing a Xara website to secure SSL (https)
Great information as I've been looking for a way to do this. Thanks for outline, Sculptex.
-
Re: Changing a Xara website to secure SSL (https)
Godaddy will not offer me LetsEncrypt SSL certificate , they want me to pay for SSL.
-
Re: Changing a Xara website to secure SSL (https)
My hosting company this week directed me to www.whynopadlock.com to help me check and get code for helping me make my sites SSL secure. I thought is was very helpful. After entering my domain, it even provided the code that I needed to put in my .htaccess file. Plus it is free.
-
Re: Changing a Xara website to secure SSL (https)
Quote:
Godaddy will not offer me LetsEncrypt SSL certificate , they want me to pay for SSL.
Get yourself a cloudflare account, you'll get a CDN and a free SSL, you just change the nameservers over to cloudflare (5 minute job)
Edit - just seen the date for this, but it still applies, the account with cloudflare is free, comes with the SSL certificate and should speed up your website loading speed for people not based near the servers.
-
Re: Changing a Xara website to secure SSL (https)
Thank you for the advice.
-
Re: Changing a Xara website to secure SSL (https)
Quote:
Originally Posted by
behzad
Godaddy will not offer me LetsEncrypt SSL certificate , they want me to pay for SSL.
I found that out recently as well for one of my other clients that are using GoDaddy. We use Blue Host and have been successfully adding the FREE .htaccess to our clients but was not able to for GoDaddy. Most are offering the free but GoDaddy & I believe Network Solutions are not.
-
Re: Changing a Xara website to secure SSL (https)
I use LCN (lcn.com) and then will let you use LE.
Alan
-
Re: Changing a Xara website to secure SSL (https)
Thanks for the solution!!
-
Re: Changing a Xara website to secure SSL (https)
Where do I paste the code?
Is it an option in Xara? I can't find any htaccess file in my file manager.
-
Re: Changing a Xara website to secure SSL (https)
I figured it out and got it to work.
Good post scupltex. :salute:
-
Re: Changing a Xara website to secure SSL (https)
Cloudflare is great!! But if you use it be aware of this issue in this thread that I had with it... https://www.talkgraphics.com/showthr...loudflareShort story - use the Developer Mode when you update your website to clean your cache file so your website displays correctly.
-
Re: Changing a Xara website to secure SSL (https)
For those of you on GoDaddy that aren't tech savvy, I just followed this guys video, and it worked.
https://www.youtube.com/watch?v=GPcznB74GPs
Since it's free, it needs to be done every 90 days, but after you do it once, it's not really that bad.
Also worked with my subdomain site.
-
Re: Changing a Xara website to secure SSL (https)
This is invaluable, thank you.
I followed all of your steps and it appears to work. However, I am now experiencing problems with the display of my website in http vs https. It is created in Xara DP (I have the latest version) and hosted by one.com. It has over 500 pages and a lot of content. In https, while the images are presented correctly, the fonts and font sizes are not and some text is invisible until highlighted. The same problem manifests in multiple browsers. The only way around it was to install a temporary .htaccess file that redirects everything back to http, which is far from ideal. All I can think is that something in the SSL is interfering with the linkages in the styles or fonts somehow. I am hoping that someone will be prepared to jump in with a suggestion for a fix. Thanks in advance.
-
Re: Changing a Xara website to secure SSL (https)
Welcome to TalkGraphics blueknight
This is a pretty old thread. I suggest you start a new thread with this question in the Xara Web Design Chat forum.
-
Re: Changing a Xara website to secure SSL (https)
Quote:
Originally Posted by
blueknight
This is invaluable, thank you.
I followed all of your steps and it appears to work. However, I am now experiencing problems with the display of my website in http vs https. It is created in Xara DP (I have the latest version) and hosted by one.com. It has over 500 pages and a lot of content. In https, while the images are presented correctly, the fonts and font sizes are not and some text is invisible until highlighted. The same problem manifests in multiple browsers. The only way around it was to install a temporary .htaccess file that redirects everything back to http, which is far from ideal. All I can think is that something in the SSL is interfering with the linkages in the styles or fonts somehow. I am hoping that someone will be prepared to jump in with a suggestion for a fix. Thanks in advance.
No need to reply, I found the fix. The problem was that I had constructed the website from two different Xara website documents with two sets of content folders. This created a referencing issue in https that was never a problem in http. I got around the problem by moving the limited contents of one of my Xara website documents across into the other (now working from a single document). I will retain this post here in case someone else is adventurous enough to be constructing a single website from multiple Xara documents and trying to navigate SSL/https.
-
Re: Changing a Xara website to secure SSL (https)
Thread Closed. Please create a new Thread if you have additional information to include.
Acorn