How to Set Up HTTPS (SSL) on Your Website
Why does YouVersion require HTTPS?
In order to protect the privacy of our Community, all YouVersion Partners are required to use HTTPS website URLs. For your website to support HTTPS, you'll need to do two things:
- Install an SSL certificate on your website’s server.
- Set up your website to redirect all
http://
traffic tohttps://
.
Most web hosts have documentation on how to do these two steps. We recommend checking with your website administrator or your hosting provider before doing this on your own.
What is an SSL certificate?
SSL/TLS certificates are cryptographic encryption keys, consisting of a public and private pair, used for encoding and decoding data sent to a website. This protects user data from being intercepted by third parties by encrypting it from the user’s browser to your website’s server.
Data encrypted by anyone with your public key can only be decrypted with your private key (kept secret on your web server). This allows anyone to fill out a contact form on your website that only your web server can read before transmitting it to you—keeping the user’s personal information secure.
What is HTTPS?
HTTPS is the version of HTTP that uses SSL/TLS encryption. The website’s URL will start with https://
instead of http://
, and most browsers will show a special “lock” icon next to the address bar.
How to get a free SSL certificate
LetsEncrypt.org was established by industry leaders to help everyone securely transmit user data. The easiest way to get a LetsEncrypt SSL certificate is to use a web host that provides LetsEncrypt as a service.
If your host doesn't support free or paid certificates, you can follow the LetsEncrypt guide to create and install a certificate manually. Learn more here.
Web hosts with free SSL
Find a list of web hosts that support LetsEncrypt's free certificates here.
Web hosts with paid SSL
Find a list of web hosts that do not officially support free LetsEncrypt's certificates, but offer paid solutions here.
Redirecting HTTP to HTTPS
Redirecting http://
connections to https://
connections, also known as forcing SSL, ensures that everyone visiting your site will have an encrypted connection—but old links will still work to access your website.
For simple website solutions, you can add the following snippet to your site’s .htaccess
file. This will redirect all traffic to your website to use the HTTPS version of your URL.
Note: Update [yourdomain.com](<http://yourdomain.com>)
with your organization’s domain name.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ <https://www.yourdomain.com/$1> [R,L]
For WordPress sites, check with your site administrator to add a plugin or update your .htaccess
file with the proper WordPress code to force HTTPS connections.