Sunday, December 24, 2017

Enable HTTPS in Custom Domain Blogger Blog [Officially]
Blogger Now Officially Supports HTTPS For Custom Domains!
That's true, and I'm really excited to inform you that you can enable SSL in your blogger blog that has a custom domain set. :)
From the past few days, people were finding ways to get HTTPS on their blogs with a custom domain, and today I got the news that the feature is live on the beta version of blogger.com, that is, draft.blogger.com.

So without wasting any time, let's start.

This is in beta for now. So...

There are redirection issues for now.

Non-www to www redirection is not working for now.

Other redirections are working.

For example, http://www.example.com to https://www.example.com is working.
But https://example.com to https://www.example.com is not working.
And http://example.com to https://www.example.com is not working.

You know more about your blog than me. So if you think you're good to go without these redirections, proceed and if not, please wait.

Thanks to John Ralf for mentioning this. :)

How to enable the feature?

By default, it's not available in Blogger's dashboard. You'll have to enable it from draft.blogger.com. For that, follow these simple steps.
  • Open draft.blogger.com
  • Go to Settings > Basic Settings
  • You'll find this:
  • It'll be turned off, or "NO" by default, so turn it ON.
It's not necessary, but now you can come back to blogger.com (default version of Blogger), and you'll now find this option there too.

Now the next step is to wait for 10-20 minutes until HTTPS is processed for your blog. For those 10-20 minutes, the redirection option would be like this:

Simply, not available.

But after 20 minutes or maybe 30, this option will become available and once it becomes, turn it ON, or to "Yes."

You're now good to go!

What are the problems that I'm going to face now?

The most significant problem will be Mixed content.
mixed content
Image credits: SSLtobuy.com
Which is, when you have SSL certificate in your host for your blog/website, or in other words, you have HTTPS in your blog, you can link to or load files from a non-SSL certified host.

For example, if I have HTTPS on my blog, then I can't load files from URLs like "http://bla.com" because they are not secured and so, will make my blog unsafe too.

That's what mixed content is, and you'll have to remove all such external files to be able to see a green lock at the left side of the address bar of any browser (if there is any unsafe content, then there will be a yellow lock at the left side of the address bar of any browser).

I already have HTTPS on my blog, because I'd used your guide earlier

If you don't already know, I had found a way to get HTTPS in any blogger blog, using CloudFlare.

Well, I'd say, if you use CloudFlare just for HTTPS, then remove CloudFlare.

For doing that, just change your nameservers to the default ones.

And undo the steps mentioned in this guide.

Because there's nothing better than official SSL. Cloudflare's free SSL has some restrictions too, so it's better to not use it when there's a better option available and that also for free.

By the way: If you need any help in removing Cloudflare, don't hesitate to contact me (contact@shivanshverma.com), I'd help for free, won't ask you a dollar for this.

And to get the default nameservers just go to YouTube and search for how to change nameservers of <your domain provider> and just see what they were before the YouTubers changed the nameservers.

Questions You've In Your Mind:

#1 | What about Google Search Console? What property should I add and what property should I remove?

Answer: You need to remove http://www.blogurl.com and add https://www.blogurl.com. And then, submit sitemap from the new property. 
How to delete a property? Just click on the "Manage Property" button that's present on the homepage of GSC and click "Delete Property."

You can Google if you want to know basic stuff about GSC, like how to add a new property or how to submit a sitemap.

#2 | In the previous method, in which we had to do stuff using Cloudflare, you'd told to not use sitemap or submit it. Why not?

That's because, as it's now officially supported by Blogger, they've changed URLs in the sitemap to https://www.blogurl.com from http://www.blogurl.com. Earlier, we could not, because we could not edit sitemap's content or change the way the URLs are present there.

#3 | Is it safe?

Just don't forget to turn ON "HTTPS Redirect" and fix the "Mixed Content" issue. Everything will be safe then.

#4 | I want to change all my URLs in my menus of my blog's pages from HTTP to https. What should I do to fastly change them?

Don't use JavaScript by the way. Just copy all your template's code to notepad and replace every occurrence of http://www.blogurl.com to https://www.blogurl.com. It'll be done in seconds.
And for the URLs in widgets, try doing it manually. It'll just take 10 minutes maximum.

#5 | "HTTPS being processed" is appearing for more than a day now. What to do?

Turn OFF "HTTPS availability" and turn it back ON and then see if the issue resolves.

More questions? Add them in the comments. I'll try my best to answer them. :)

From the editor

That was a big relief - for sure for bloggers. Thank you, Blogger team for https for all of the blogger blogs for free. Now guys, just secure your blog and pass the mixed content barrier and you're good to go and achieve the benefits of SSL on your blog! Thanks!