Placing SSL certificate without switching to HTTPS

Started by outsourcefirm, Jul 25, 2022, 10:31 AM

Previous topic - Next topic

outsourcefirmTopic starter

Our intention is to install an SSL certificate on our website without making the switch from HTTP to HTTPS at this time.

We have a few questions regarding the installation process. First, will a duplicate of the HTTPS site be visible in search engines after the SSL certificate is installed? Second, will there be any issues with traffic or the issuance of the certificate? Finally, if the HTTPS site is only available through direct access, will our links, robots, sitemap, and Google Webmaster data remain the same?


If your website is hosted on a server, it should be accessible through HTTPS immediately. But if you are self-hosting your site, you can simply exclude the HTTPS section in nginx or apache.

What issues might arise from installing an SSL certificate only when it becomes necessary?


It is possible to host two different websites on the same domain over HTTP and HTTPS protocols. However, the Same Origin Policy considers different protocols as different enough to prohibit resource access without explicit permission. If the websites are completely different, it can confuse and make it difficult to use features like "raising" links to HTTPS (such as HSTS).

HTTP and HTTPS protocols use different ports by default, 80 and 443 respectively. DNS features require that the same machine serves both protocols, but within the machine, ports 80 and 443 can listen to two different processes configured differently. Although this is just a theory, I have not come across such a situation in practice.

In practice, you can create a configuration file in nginx with one block specifying "listen 80" and serving HTTP, and another block for "listen 443 ssl" and specifying settings for HTTPS.