Welcome to TalkGraphics.com
Page 1 of 3 123 LastLast
Results 1 to 10 of 23
  1. #1

    Info Changing a Xara website to secure SSL (https)

    I've seen a few threads asking about SSL certificates and sitemaps etc. so I thought I would compile an explanation of the best way to go through the process. Note: this advice relates to cpanel/Linux hosting which is by far the most popular hosting type available. Detail for other hosting types such as windows is not covered here.

    First off, I am not recommending an SSL certificate is necessary for every site, but as the process is often free, you may wish to consider it for the re-assurance of your site visitors, particularly if you have a contact form or anywhere else a visitor can enter data. Google is very pro SSL, see the following article for more details about that;
    https://searchengineland.com/effecti...-secure-291623

    1. Getting an SSL certificate
    So first off, you'll need an SSL certificate. Luckily, many good hosting companies are now offering free LetsEncrypt SSL certificates. If you have hosting with cpanel access, you may find a LetsEncrypt SSL certificate option under Security section, some hosts even automatically create one for you when you setup your domain with them. If your host does not offer this, consider moving! else you may be able to purchase one but don't pay more than $10 for what you should get for free.

    Once you have your SSL installed, you should be able to access your site using https://www.yoursite.com - great but there is a bit more to do yet.

    2. Update the sitemap
    Luckily, Xara does not hard-code your website address in the HTML code it generates, so there is no need to republish your site for that purpose, but in the publish settings, it does have a field where you can enter the address of your website so that it can generate a sitemap file for you. So you will want to put the secure address in this field e.g. (https://www.yoursite.com) so that it can generate the sitemap with the https. The default sitemap file is sitemap.xml, you can check in a browser that this has been updated e.g. https://www.yoursite.com/sitemap.xml

    So that should now get search engines to start to index the https version of your site, but it may take months for this to stop having traffic come to your http site address and other incoming links are unlikely to automatically update themselves to the https address.

    3. Redirect non-SSL traffic
    So we now need to get anyone still visiting the http site to be automatically be redirected to the https address.

    If you are lucky, there may be an option in cpanel or your hosting account to have it automatically redirect your site to the https version, but for most of us, we need to add a bit of code to a special system file. Because this is a system file, you need to be careful with this as it could (temporarily) stop your whole site working if not done carefully. Seek help from someone confident in such matters if necessary.

    The file is named .htaccess and may already exist in your system. If so, back it up before you start.

    We need to add a few lines near the top of this file. If there is already a line stating
    Code:
    RewriteEngine On
    then don't duplicate that line, just add the other 2 lines immediately after it

    Code:
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    Check the site straight away to make sure it works properly. If there are any problems, restore the .htaccess file backup or delete it if you created it.

    4. Other considerations
    * If you use log analysis software in cpanel such as Awstats, the traffic will start to appear in the SSL version of the site stats instead of the normal version.
    * If you link to any content that is on non-ssl sites, you will get a browser warning. This could just be including a single image from a non-SSL site. Of course, by default any images in Xara will be just in a subfolder so they will be fine, but if you have done any custom code that references external scripts or images, they could be a problem.
    * Another thing you might want to consider while redirecting the non-SSL to SSL is to also force a www. in the url aswell. Because, by default most hosting allows https://www.yoursite.com or just https://yoursite.com, you might want to be consistent and remove the 'duplication' by also enforcing the www.
    This may be able to be done via cpanel, but the usual method for this is to add a few more lines to the .htaccess file after the code we added above, again backup first!
    Code:
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTPS}s ^on(s)|
    RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    Last edited by sculptex; 24 April 2018 at 03:03 PM. Reason: Added info icon
    IP

  2. #2
    Join Date
    Aug 2000
    Location
    Placitas, New Mexico, USA
    Posts
    41,476

    Default Re: Changing a Xara website to secure SSL (https)

    Thanks for this important info. As this question arises frequently, I'm going to stick this thread.
    IP

  3. #3
    Join Date
    Aug 2000
    Location
    Harwich, Essex, England
    Posts
    21,886

    Default Re: Changing a Xara website to secure SSL (https)

    Thanks a lot for this Sculptex
    Egg

    Intel i7 - 4790K Quad Core + 16 GB Ram + NVIDIA Geforce GTX 1660 Graphics Card + MSI Optix Mag321 Curv monitor
    + Samsung 970 EVO Plus 500GB SSD + 232 GB SSD + 250 GB SSD portable drive + ISP = BT + Web Hosting = TSO Host
    IP

  4. #4
    Join Date
    Oct 2016
    Location
    Rochford
    Posts
    124

    Default Re: Changing a Xara website to secure SSL (https)

    Thanks Sculptex for you advise.

    I recently Purchased a SSL certificate and my web host company edited my .htaccess file for me, the code they have used looks different to what you have shown. Would you know what the difference is please?

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    IP

  5. #5

    Default Re: Changing a Xara website to secure SSL (https)

    I am no expert on regex, but theres many different ways of achieving the same thing.

    So !=on is equivalent to off

    I am pretty sure the extra (.*)$ means apply to any filename but by omitting it I guess that is the default behaviour anyway.
    IP

  6. #6
    Join Date
    Oct 2016
    Location
    Rochford
    Posts
    124

    Default Re: Changing a Xara website to secure SSL (https)

    Quote Originally Posted by sculptex View Post
    I am no expert on regex, but theres many different ways of achieving the same thing.

    So !=on is equivalent to off

    I am pretty sure the extra (.*)$ means apply to any filename but by omitting it I guess that is the default behaviour anyway.
    Thanks, I haven’t got a clue but just thought it looked odd that one said “on” and the other “off”.
    IP

  7. #7
    Join Date
    May 2016
    Location
    EU
    Posts
    56

    Default Re: Changing a Xara website to secure SSL (https)

    Thanks for this!
    Successfully migrated to https.
    Great that WD automatically update the robot.txt and sitemap.xml.
    Don't forget to add them and the new https adress to google as new property's, with and without the WWW prefix.
    Thanks again, love this software, even designed all business cards, gift certificate and office docs with it.
    IP

  8. #8

    Default Re: Changing a Xara website to secure SSL (https)

    Great information as I've been looking for a way to do this. Thanks for outline, Sculptex.
    IP

  9. #9
    Join Date
    May 2002
    Location
    Canada
    Posts
    3,338

    Default Re: Changing a Xara website to secure SSL (https)

    Godaddy will not offer me LetsEncrypt SSL certificate , they want me to pay for SSL.
    IP

  10. #10
    Join Date
    Feb 2017
    Posts
    22

    Default Re: Changing a Xara website to secure SSL (https)

    My hosting company this week directed me to www.whynopadlock.com to help me check and get code for helping me make my sites SSL secure. I thought is was very helpful. After entering my domain, it even provided the code that I needed to put in my .htaccess file. Plus it is free.
    IP

 

 

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •