How to Set Up HTTPS (SSL) on Your Website

Updated by Caleb Lenehan

Why does YouVersion require HTTPS?

In order to protect the privacy of our users, all YouVersion Partners are required to use HTTPS website URLs. For your website to support HTTPS you will need to do two things.

  1. Install an SSL certificate on your website’s server.
  2. Set up your website to redirect all http:// traffic to https://.

Most web hosts have documentation on how to do these two steps, so we recommend checking with your website administrator or your hosting provider before doing this on your own.

What is an SSL certificate?

SSL/TLS certificates are cryptographic encryption keys, consisting of a public and private pair, used for encoding and decoding data sent to a website. This protects user data from being intercepted by third parties by encrypting it from the user’s browser to your website’s server.

Data encrypted by anyone with your public key can only be decrypted with your private key (kept secret on your web server). This allows anyone to fill out a contact form on your website that only your web server can read before transmitting it to you—keeping the user’s personal information secure.

What is HTTPS?

HTTPS is the version of HTTP that uses SSL/TLS encryption. The website’s URL will start with https:// instead of http://, and most browsers will show a special “lock” icon next to the address bar.

How to get a free SSL certificate

LetsEncrypt.org was established by industry leaders to help everyone securely transmit user data. The easiest way to get a LetsEncrypt SSL certificate is to use a web host that provides LetsEncrypt as a service.

If your host does not support free or paid certificates, you can follow the LetsEncrypt guide to create and install a certificate manually. Learn more here.

Web hosts with free SSL

Find a list of web hosts that support LetsEncrypt free certificates here.

Web hosts with paid SSL

Find a list of web hosts that do not officially support free LetsEncrypt certificates, but offer paid solutions here.

Redirecting HTTP to HTTPS

Redirecting http:// connections to https:// connections, also known as forcing SSL, ensures that everyone visiting your site will have an encrypted connection—but old links will still work to access your website.

For simple website solutions, you can add the following snippet to your site’s .htaccess file. This will redirect all traffic to your website to use the HTTPS version of your URL.

Note: Update [yourdomain.com](<http://yourdomain.com>) with your organization’s domain name.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ <https://www.yourdomain.com/$1> [R,L]

For WordPress sites, check with your site administrator to add a plugin or update your .htaccess file with the proper WordPress code to force HTTPS connections.


How did we do?


Powered by HelpDocs (opens in a new tab)

Powered by HelpDocs (opens in a new tab)